./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec1_product12.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec1_product12.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 2f43e7267ed715243a41104ad5703ed473575064952f167333067630dfd5e9da --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:55:12,669 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:55:12,670 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:55:12,695 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:55:12,696 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:55:12,697 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:55:12,699 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:55:12,702 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:55:12,716 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:55:12,717 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:55:12,717 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:55:12,718 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:55:12,718 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:55:12,727 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:55:12,729 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:55:12,730 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:55:12,731 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:55:12,731 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:55:12,735 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:55:12,739 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:55:12,741 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:55:12,742 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:55:12,743 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:55:12,744 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:55:12,751 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:55:12,752 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:55:12,752 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:55:12,753 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:55:12,754 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:55:12,754 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:55:12,755 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:55:12,755 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:55:12,757 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:55:12,757 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:55:12,758 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:55:12,758 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:55:12,759 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:55:12,759 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:55:12,759 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:55:12,760 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:55:12,760 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:55:12,761 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:55:12,782 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:55:12,783 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:55:12,783 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:55:12,783 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:55:12,784 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:55:12,784 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:55:12,785 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:55:12,785 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:55:12,785 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:55:12,785 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:55:12,786 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:55:12,786 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:55:12,787 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:55:12,787 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:55:12,787 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:55:12,787 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:55:12,787 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:55:12,787 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:55:12,787 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:55:12,787 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:55:12,788 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:55:12,788 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:55:12,788 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:55:12,788 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:55:12,788 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:12,788 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:55:12,788 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:55:12,790 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:55:12,790 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:55:12,790 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:55:12,790 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:55:12,791 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:55:12,791 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:55:12,791 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 2f43e7267ed715243a41104ad5703ed473575064952f167333067630dfd5e9da [2022-02-20 17:55:12,980 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:55:12,999 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:55:13,001 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:55:13,001 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:55:13,015 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:55:13,016 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec1_product12.cil.c [2022-02-20 17:55:13,069 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/74817d817/3ec9180167f94773a9cdbfe52690d150/FLAGc5720c1cb [2022-02-20 17:55:13,520 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:55:13,521 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product12.cil.c [2022-02-20 17:55:13,544 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/74817d817/3ec9180167f94773a9cdbfe52690d150/FLAGc5720c1cb [2022-02-20 17:55:13,810 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/74817d817/3ec9180167f94773a9cdbfe52690d150 [2022-02-20 17:55:13,814 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:55:13,816 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:55:13,818 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:13,818 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:55:13,820 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:55:13,821 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:13" (1/1) ... [2022-02-20 17:55:13,823 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4fa2941b and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:13, skipping insertion in model container [2022-02-20 17:55:13,823 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:13" (1/1) ... [2022-02-20 17:55:13,828 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:55:13,878 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:55:14,223 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product12.cil.c[58861,58874] [2022-02-20 17:55:14,232 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:14,247 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:55:14,345 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product12.cil.c[58861,58874] [2022-02-20 17:55:14,354 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:14,377 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:55:14,378 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14 WrapperNode [2022-02-20 17:55:14,378 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:14,379 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:14,379 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:55:14,379 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:55:14,383 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,417 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,462 INFO L137 Inliner]: procedures = 122, calls = 186, calls flagged for inlining = 50, calls inlined = 40, statements flattened = 820 [2022-02-20 17:55:14,463 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:14,463 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:55:14,463 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:55:14,463 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:55:14,469 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,470 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,473 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,476 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,486 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,503 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,506 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,510 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:55:14,511 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:55:14,511 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:55:14,511 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:55:14,524 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (1/1) ... [2022-02-20 17:55:14,529 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:14,535 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:14,544 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:55:14,546 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:55:14,573 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:55:14,574 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:55:14,574 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:55:14,574 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:55:14,574 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:55:14,574 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:55:14,574 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:55:14,574 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:55:14,574 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:55:14,575 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:55:14,575 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:55:14,575 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:55:14,575 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:55:14,575 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:55:14,575 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:55:14,575 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:55:14,575 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:55:14,576 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:55:14,576 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:55:14,576 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:55:14,576 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:55:14,576 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:55:14,576 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:55:14,576 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:55:14,576 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:55:14,576 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:55:14,577 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:55:14,577 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:55:14,577 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:55:14,577 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:55:14,577 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:55:14,577 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:55:14,577 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:55:14,577 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:55:14,578 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:55:14,773 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:55:14,774 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:55:15,369 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:55:15,387 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:55:15,389 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:55:15,391 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:15 BoogieIcfgContainer [2022-02-20 17:55:15,391 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:55:15,393 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:55:15,393 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:55:15,396 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:55:15,396 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:55:13" (1/3) ... [2022-02-20 17:55:15,397 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@38b09893 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:15, skipping insertion in model container [2022-02-20 17:55:15,397 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:14" (2/3) ... [2022-02-20 17:55:15,397 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@38b09893 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:15, skipping insertion in model container [2022-02-20 17:55:15,398 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:15" (3/3) ... [2022-02-20 17:55:15,399 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec1_product12.cil.c [2022-02-20 17:55:15,403 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:55:15,403 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:55:15,437 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:55:15,443 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:55:15,444 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:55:15,479 INFO L276 IsEmpty]: Start isEmpty. Operand has 261 states, 205 states have (on average 1.5560975609756098) internal successors, (319), 209 states have internal predecessors, (319), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) [2022-02-20 17:55:15,498 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 87 [2022-02-20 17:55:15,499 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:15,499 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:15,500 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:15,504 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:15,505 INFO L85 PathProgramCache]: Analyzing trace with hash -624496629, now seen corresponding path program 1 times [2022-02-20 17:55:15,512 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:15,513 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1934590771] [2022-02-20 17:55:15,513 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:15,514 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:15,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,809 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:15,815 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,831 INFO L290 TraceCheckUtils]: 0: Hoare triple {307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,831 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,832 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,832 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {264#true} {264#true} #815#return; {264#true} is VALID [2022-02-20 17:55:15,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:15,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,852 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,852 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {264#true} {264#true} #817#return; {264#true} is VALID [2022-02-20 17:55:15,852 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:15,859 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,890 INFO L290 TraceCheckUtils]: 0: Hoare triple {307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {309#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:15,891 INFO L290 TraceCheckUtils]: 1: Hoare triple {309#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {310#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:15,891 INFO L290 TraceCheckUtils]: 2: Hoare triple {310#(= |setClientId_#in~handle| 1)} assume true; {310#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:15,892 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {310#(= |setClientId_#in~handle| 1)} {274#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #819#return; {265#false} is VALID [2022-02-20 17:55:15,893 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:15,895 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,902 INFO L290 TraceCheckUtils]: 0: Hoare triple {308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,902 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,902 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,903 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {264#true} {265#false} #821#return; {265#false} is VALID [2022-02-20 17:55:15,903 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:15,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,909 INFO L290 TraceCheckUtils]: 0: Hoare triple {307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,910 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,910 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,910 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {264#true} {265#false} #823#return; {265#false} is VALID [2022-02-20 17:55:15,910 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:15,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,916 INFO L290 TraceCheckUtils]: 0: Hoare triple {308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,916 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,916 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,916 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {264#true} {265#false} #825#return; {265#false} is VALID [2022-02-20 17:55:15,923 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:55:15,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,927 INFO L290 TraceCheckUtils]: 0: Hoare triple {311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,927 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,927 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,928 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {264#true} {265#false} #811#return; {265#false} is VALID [2022-02-20 17:55:15,928 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:55:15,929 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,933 INFO L290 TraceCheckUtils]: 0: Hoare triple {264#true} ~handle := #in~handle;havoc ~retValue_acc~28; {264#true} is VALID [2022-02-20 17:55:15,933 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {264#true} is VALID [2022-02-20 17:55:15,933 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,934 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {264#true} {265#false} #781#return; {265#false} is VALID [2022-02-20 17:55:15,934 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:55:15,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,943 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,943 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,943 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {264#true} {265#false} #787#return; {265#false} is VALID [2022-02-20 17:55:15,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:55:15,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:15,950 INFO L290 TraceCheckUtils]: 0: Hoare triple {264#true} ~handle := #in~handle;havoc ~retValue_acc~31; {264#true} is VALID [2022-02-20 17:55:15,950 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {264#true} is VALID [2022-02-20 17:55:15,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,953 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {264#true} {265#false} #791#return; {265#false} is VALID [2022-02-20 17:55:15,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {264#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {264#true} is VALID [2022-02-20 17:55:15,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {264#true} is VALID [2022-02-20 17:55:15,957 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {264#true} is VALID [2022-02-20 17:55:15,958 INFO L290 TraceCheckUtils]: 3: Hoare triple {264#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {264#true} is VALID [2022-02-20 17:55:15,958 INFO L290 TraceCheckUtils]: 4: Hoare triple {264#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {264#true} is VALID [2022-02-20 17:55:15,958 INFO L290 TraceCheckUtils]: 5: Hoare triple {264#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {264#true} is VALID [2022-02-20 17:55:15,959 INFO L272 TraceCheckUtils]: 6: Hoare triple {264#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:15,959 INFO L290 TraceCheckUtils]: 7: Hoare triple {307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,960 INFO L290 TraceCheckUtils]: 8: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,962 INFO L290 TraceCheckUtils]: 9: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,962 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {264#true} {264#true} #815#return; {264#true} is VALID [2022-02-20 17:55:15,963 INFO L290 TraceCheckUtils]: 11: Hoare triple {264#true} assume { :end_inline_setup_bob__wrappee__Base } true; {264#true} is VALID [2022-02-20 17:55:15,964 INFO L272 TraceCheckUtils]: 12: Hoare triple {264#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:15,964 INFO L290 TraceCheckUtils]: 13: Hoare triple {308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,964 INFO L290 TraceCheckUtils]: 14: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,964 INFO L290 TraceCheckUtils]: 15: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,964 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {264#true} {264#true} #817#return; {264#true} is VALID [2022-02-20 17:55:15,965 INFO L290 TraceCheckUtils]: 17: Hoare triple {264#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {274#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:15,966 INFO L272 TraceCheckUtils]: 18: Hoare triple {274#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:15,967 INFO L290 TraceCheckUtils]: 19: Hoare triple {307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {309#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:15,968 INFO L290 TraceCheckUtils]: 20: Hoare triple {309#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {310#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:15,969 INFO L290 TraceCheckUtils]: 21: Hoare triple {310#(= |setClientId_#in~handle| 1)} assume true; {310#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:15,969 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {310#(= |setClientId_#in~handle| 1)} {274#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #819#return; {265#false} is VALID [2022-02-20 17:55:15,969 INFO L290 TraceCheckUtils]: 23: Hoare triple {265#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {265#false} is VALID [2022-02-20 17:55:15,970 INFO L272 TraceCheckUtils]: 24: Hoare triple {265#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:15,970 INFO L290 TraceCheckUtils]: 25: Hoare triple {308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,970 INFO L290 TraceCheckUtils]: 26: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,970 INFO L290 TraceCheckUtils]: 27: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,970 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {264#true} {265#false} #821#return; {265#false} is VALID [2022-02-20 17:55:15,970 INFO L290 TraceCheckUtils]: 29: Hoare triple {265#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {265#false} is VALID [2022-02-20 17:55:15,971 INFO L272 TraceCheckUtils]: 30: Hoare triple {265#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:15,971 INFO L290 TraceCheckUtils]: 31: Hoare triple {307#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,971 INFO L290 TraceCheckUtils]: 32: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,972 INFO L290 TraceCheckUtils]: 33: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,972 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {264#true} {265#false} #823#return; {265#false} is VALID [2022-02-20 17:55:15,972 INFO L290 TraceCheckUtils]: 35: Hoare triple {265#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {265#false} is VALID [2022-02-20 17:55:15,972 INFO L272 TraceCheckUtils]: 36: Hoare triple {265#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:15,972 INFO L290 TraceCheckUtils]: 37: Hoare triple {308#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,972 INFO L290 TraceCheckUtils]: 38: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,973 INFO L290 TraceCheckUtils]: 39: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,973 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {264#true} {265#false} #825#return; {265#false} is VALID [2022-02-20 17:55:15,973 INFO L290 TraceCheckUtils]: 41: Hoare triple {265#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {265#false} is VALID [2022-02-20 17:55:15,974 INFO L290 TraceCheckUtils]: 42: Hoare triple {265#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {265#false} is VALID [2022-02-20 17:55:15,974 INFO L290 TraceCheckUtils]: 43: Hoare triple {265#false} assume !true; {265#false} is VALID [2022-02-20 17:55:15,974 INFO L290 TraceCheckUtils]: 44: Hoare triple {265#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {265#false} is VALID [2022-02-20 17:55:15,974 INFO L272 TraceCheckUtils]: 45: Hoare triple {265#false} call sendEmail(~bob~0, ~rjh~0); {265#false} is VALID [2022-02-20 17:55:15,975 INFO L290 TraceCheckUtils]: 46: Hoare triple {265#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {265#false} is VALID [2022-02-20 17:55:15,975 INFO L272 TraceCheckUtils]: 47: Hoare triple {265#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:15,975 INFO L290 TraceCheckUtils]: 48: Hoare triple {311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,975 INFO L290 TraceCheckUtils]: 49: Hoare triple {264#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,975 INFO L290 TraceCheckUtils]: 50: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,976 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {264#true} {265#false} #811#return; {265#false} is VALID [2022-02-20 17:55:15,976 INFO L290 TraceCheckUtils]: 52: Hoare triple {265#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {265#false} is VALID [2022-02-20 17:55:15,976 INFO L290 TraceCheckUtils]: 53: Hoare triple {265#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {265#false} is VALID [2022-02-20 17:55:15,976 INFO L290 TraceCheckUtils]: 54: Hoare triple {265#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {265#false} is VALID [2022-02-20 17:55:15,976 INFO L290 TraceCheckUtils]: 55: Hoare triple {265#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {265#false} is VALID [2022-02-20 17:55:15,977 INFO L272 TraceCheckUtils]: 56: Hoare triple {265#false} call outgoing(~sender#1, ~email~0#1); {265#false} is VALID [2022-02-20 17:55:15,977 INFO L290 TraceCheckUtils]: 57: Hoare triple {265#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {265#false} is VALID [2022-02-20 17:55:15,977 INFO L272 TraceCheckUtils]: 58: Hoare triple {265#false} call #t~ret42#1 := getEmailTo(~msg#1); {264#true} is VALID [2022-02-20 17:55:15,977 INFO L290 TraceCheckUtils]: 59: Hoare triple {264#true} ~handle := #in~handle;havoc ~retValue_acc~28; {264#true} is VALID [2022-02-20 17:55:15,977 INFO L290 TraceCheckUtils]: 60: Hoare triple {264#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {264#true} is VALID [2022-02-20 17:55:15,977 INFO L290 TraceCheckUtils]: 61: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,978 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {264#true} {265#false} #781#return; {265#false} is VALID [2022-02-20 17:55:15,978 INFO L290 TraceCheckUtils]: 63: Hoare triple {265#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {265#false} is VALID [2022-02-20 17:55:15,978 INFO L290 TraceCheckUtils]: 64: Hoare triple {265#false} assume 1 == findPublicKey_~handle#1; {265#false} is VALID [2022-02-20 17:55:15,978 INFO L290 TraceCheckUtils]: 65: Hoare triple {265#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {265#false} is VALID [2022-02-20 17:55:15,978 INFO L290 TraceCheckUtils]: 66: Hoare triple {265#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {265#false} is VALID [2022-02-20 17:55:15,979 INFO L290 TraceCheckUtils]: 67: Hoare triple {265#false} assume !(0 != ~pubkey~0#1); {265#false} is VALID [2022-02-20 17:55:15,979 INFO L290 TraceCheckUtils]: 68: Hoare triple {265#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {265#false} is VALID [2022-02-20 17:55:15,979 INFO L290 TraceCheckUtils]: 69: Hoare triple {265#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {265#false} is VALID [2022-02-20 17:55:15,979 INFO L290 TraceCheckUtils]: 70: Hoare triple {265#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {265#false} is VALID [2022-02-20 17:55:15,979 INFO L272 TraceCheckUtils]: 71: Hoare triple {265#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:15,980 INFO L290 TraceCheckUtils]: 72: Hoare triple {311#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:15,980 INFO L290 TraceCheckUtils]: 73: Hoare triple {264#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:15,980 INFO L290 TraceCheckUtils]: 74: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,980 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {264#true} {265#false} #787#return; {265#false} is VALID [2022-02-20 17:55:15,980 INFO L290 TraceCheckUtils]: 76: Hoare triple {265#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {265#false} is VALID [2022-02-20 17:55:15,980 INFO L290 TraceCheckUtils]: 77: Hoare triple {265#false} assume !(-1 == ~mail_is_sensitive~0); {265#false} is VALID [2022-02-20 17:55:15,981 INFO L272 TraceCheckUtils]: 78: Hoare triple {265#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {264#true} is VALID [2022-02-20 17:55:15,981 INFO L290 TraceCheckUtils]: 79: Hoare triple {264#true} ~handle := #in~handle;havoc ~retValue_acc~31; {264#true} is VALID [2022-02-20 17:55:15,981 INFO L290 TraceCheckUtils]: 80: Hoare triple {264#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {264#true} is VALID [2022-02-20 17:55:15,981 INFO L290 TraceCheckUtils]: 81: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:15,981 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {264#true} {265#false} #791#return; {265#false} is VALID [2022-02-20 17:55:15,981 INFO L290 TraceCheckUtils]: 83: Hoare triple {265#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {265#false} is VALID [2022-02-20 17:55:15,982 INFO L290 TraceCheckUtils]: 84: Hoare triple {265#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {265#false} is VALID [2022-02-20 17:55:15,982 INFO L290 TraceCheckUtils]: 85: Hoare triple {265#false} assume !false; {265#false} is VALID [2022-02-20 17:55:15,983 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:15,983 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:15,983 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1934590771] [2022-02-20 17:55:15,984 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1934590771] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:15,984 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [718482448] [2022-02-20 17:55:15,984 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:15,984 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:15,984 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:15,986 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:15,987 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:55:16,187 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,195 INFO L263 TraceCheckSpWp]: Trace formula consists of 902 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:55:16,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:16,277 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:16,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {264#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {264#true} is VALID [2022-02-20 17:55:16,462 INFO L290 TraceCheckUtils]: 1: Hoare triple {264#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {264#true} is VALID [2022-02-20 17:55:16,469 INFO L290 TraceCheckUtils]: 2: Hoare triple {264#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {264#true} is VALID [2022-02-20 17:55:16,470 INFO L290 TraceCheckUtils]: 3: Hoare triple {264#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {264#true} is VALID [2022-02-20 17:55:16,470 INFO L290 TraceCheckUtils]: 4: Hoare triple {264#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {264#true} is VALID [2022-02-20 17:55:16,470 INFO L290 TraceCheckUtils]: 5: Hoare triple {264#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {264#true} is VALID [2022-02-20 17:55:16,470 INFO L272 TraceCheckUtils]: 6: Hoare triple {264#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {264#true} is VALID [2022-02-20 17:55:16,471 INFO L290 TraceCheckUtils]: 7: Hoare triple {264#true} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:16,471 INFO L290 TraceCheckUtils]: 8: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:16,471 INFO L290 TraceCheckUtils]: 9: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:16,471 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {264#true} {264#true} #815#return; {264#true} is VALID [2022-02-20 17:55:16,471 INFO L290 TraceCheckUtils]: 11: Hoare triple {264#true} assume { :end_inline_setup_bob__wrappee__Base } true; {264#true} is VALID [2022-02-20 17:55:16,472 INFO L272 TraceCheckUtils]: 12: Hoare triple {264#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {264#true} is VALID [2022-02-20 17:55:16,472 INFO L290 TraceCheckUtils]: 13: Hoare triple {264#true} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:16,472 INFO L290 TraceCheckUtils]: 14: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:16,472 INFO L290 TraceCheckUtils]: 15: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:16,473 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {264#true} {264#true} #817#return; {264#true} is VALID [2022-02-20 17:55:16,475 INFO L290 TraceCheckUtils]: 17: Hoare triple {264#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {264#true} is VALID [2022-02-20 17:55:16,475 INFO L272 TraceCheckUtils]: 18: Hoare triple {264#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {264#true} is VALID [2022-02-20 17:55:16,475 INFO L290 TraceCheckUtils]: 19: Hoare triple {264#true} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:16,476 INFO L290 TraceCheckUtils]: 20: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:16,476 INFO L290 TraceCheckUtils]: 21: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:16,476 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {264#true} {264#true} #819#return; {264#true} is VALID [2022-02-20 17:55:16,476 INFO L290 TraceCheckUtils]: 23: Hoare triple {264#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {264#true} is VALID [2022-02-20 17:55:16,476 INFO L272 TraceCheckUtils]: 24: Hoare triple {264#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {264#true} is VALID [2022-02-20 17:55:16,477 INFO L290 TraceCheckUtils]: 25: Hoare triple {264#true} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:16,479 INFO L290 TraceCheckUtils]: 26: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:16,479 INFO L290 TraceCheckUtils]: 27: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:16,479 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {264#true} {264#true} #821#return; {264#true} is VALID [2022-02-20 17:55:16,479 INFO L290 TraceCheckUtils]: 29: Hoare triple {264#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {264#true} is VALID [2022-02-20 17:55:16,480 INFO L272 TraceCheckUtils]: 30: Hoare triple {264#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {264#true} is VALID [2022-02-20 17:55:16,480 INFO L290 TraceCheckUtils]: 31: Hoare triple {264#true} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:16,480 INFO L290 TraceCheckUtils]: 32: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:16,480 INFO L290 TraceCheckUtils]: 33: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:16,480 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {264#true} {264#true} #823#return; {264#true} is VALID [2022-02-20 17:55:16,481 INFO L290 TraceCheckUtils]: 35: Hoare triple {264#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {264#true} is VALID [2022-02-20 17:55:16,481 INFO L272 TraceCheckUtils]: 36: Hoare triple {264#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {264#true} is VALID [2022-02-20 17:55:16,481 INFO L290 TraceCheckUtils]: 37: Hoare triple {264#true} ~handle := #in~handle;~value := #in~value; {264#true} is VALID [2022-02-20 17:55:16,481 INFO L290 TraceCheckUtils]: 38: Hoare triple {264#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {264#true} is VALID [2022-02-20 17:55:16,481 INFO L290 TraceCheckUtils]: 39: Hoare triple {264#true} assume true; {264#true} is VALID [2022-02-20 17:55:16,481 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {264#true} {264#true} #825#return; {264#true} is VALID [2022-02-20 17:55:16,482 INFO L290 TraceCheckUtils]: 41: Hoare triple {264#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {264#true} is VALID [2022-02-20 17:55:16,482 INFO L290 TraceCheckUtils]: 42: Hoare triple {264#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {264#true} is VALID [2022-02-20 17:55:16,482 INFO L290 TraceCheckUtils]: 43: Hoare triple {264#true} assume !true; {265#false} is VALID [2022-02-20 17:55:16,483 INFO L290 TraceCheckUtils]: 44: Hoare triple {265#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {265#false} is VALID [2022-02-20 17:55:16,483 INFO L272 TraceCheckUtils]: 45: Hoare triple {265#false} call sendEmail(~bob~0, ~rjh~0); {265#false} is VALID [2022-02-20 17:55:16,483 INFO L290 TraceCheckUtils]: 46: Hoare triple {265#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {265#false} is VALID [2022-02-20 17:55:16,483 INFO L272 TraceCheckUtils]: 47: Hoare triple {265#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {265#false} is VALID [2022-02-20 17:55:16,484 INFO L290 TraceCheckUtils]: 48: Hoare triple {265#false} ~handle := #in~handle;~value := #in~value; {265#false} is VALID [2022-02-20 17:55:16,484 INFO L290 TraceCheckUtils]: 49: Hoare triple {265#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {265#false} is VALID [2022-02-20 17:55:16,484 INFO L290 TraceCheckUtils]: 50: Hoare triple {265#false} assume true; {265#false} is VALID [2022-02-20 17:55:16,484 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {265#false} {265#false} #811#return; {265#false} is VALID [2022-02-20 17:55:16,485 INFO L290 TraceCheckUtils]: 52: Hoare triple {265#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {265#false} is VALID [2022-02-20 17:55:16,485 INFO L290 TraceCheckUtils]: 53: Hoare triple {265#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {265#false} is VALID [2022-02-20 17:55:16,486 INFO L290 TraceCheckUtils]: 54: Hoare triple {265#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {265#false} is VALID [2022-02-20 17:55:16,486 INFO L290 TraceCheckUtils]: 55: Hoare triple {265#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {265#false} is VALID [2022-02-20 17:55:16,487 INFO L272 TraceCheckUtils]: 56: Hoare triple {265#false} call outgoing(~sender#1, ~email~0#1); {265#false} is VALID [2022-02-20 17:55:16,487 INFO L290 TraceCheckUtils]: 57: Hoare triple {265#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {265#false} is VALID [2022-02-20 17:55:16,488 INFO L272 TraceCheckUtils]: 58: Hoare triple {265#false} call #t~ret42#1 := getEmailTo(~msg#1); {265#false} is VALID [2022-02-20 17:55:16,488 INFO L290 TraceCheckUtils]: 59: Hoare triple {265#false} ~handle := #in~handle;havoc ~retValue_acc~28; {265#false} is VALID [2022-02-20 17:55:16,488 INFO L290 TraceCheckUtils]: 60: Hoare triple {265#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {265#false} is VALID [2022-02-20 17:55:16,491 INFO L290 TraceCheckUtils]: 61: Hoare triple {265#false} assume true; {265#false} is VALID [2022-02-20 17:55:16,491 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {265#false} {265#false} #781#return; {265#false} is VALID [2022-02-20 17:55:16,492 INFO L290 TraceCheckUtils]: 63: Hoare triple {265#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {265#false} is VALID [2022-02-20 17:55:16,493 INFO L290 TraceCheckUtils]: 64: Hoare triple {265#false} assume 1 == findPublicKey_~handle#1; {265#false} is VALID [2022-02-20 17:55:16,493 INFO L290 TraceCheckUtils]: 65: Hoare triple {265#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {265#false} is VALID [2022-02-20 17:55:16,493 INFO L290 TraceCheckUtils]: 66: Hoare triple {265#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {265#false} is VALID [2022-02-20 17:55:16,494 INFO L290 TraceCheckUtils]: 67: Hoare triple {265#false} assume !(0 != ~pubkey~0#1); {265#false} is VALID [2022-02-20 17:55:16,494 INFO L290 TraceCheckUtils]: 68: Hoare triple {265#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {265#false} is VALID [2022-02-20 17:55:16,494 INFO L290 TraceCheckUtils]: 69: Hoare triple {265#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {265#false} is VALID [2022-02-20 17:55:16,494 INFO L290 TraceCheckUtils]: 70: Hoare triple {265#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {265#false} is VALID [2022-02-20 17:55:16,495 INFO L272 TraceCheckUtils]: 71: Hoare triple {265#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {265#false} is VALID [2022-02-20 17:55:16,497 INFO L290 TraceCheckUtils]: 72: Hoare triple {265#false} ~handle := #in~handle;~value := #in~value; {265#false} is VALID [2022-02-20 17:55:16,497 INFO L290 TraceCheckUtils]: 73: Hoare triple {265#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {265#false} is VALID [2022-02-20 17:55:16,498 INFO L290 TraceCheckUtils]: 74: Hoare triple {265#false} assume true; {265#false} is VALID [2022-02-20 17:55:16,498 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {265#false} {265#false} #787#return; {265#false} is VALID [2022-02-20 17:55:16,498 INFO L290 TraceCheckUtils]: 76: Hoare triple {265#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {265#false} is VALID [2022-02-20 17:55:16,498 INFO L290 TraceCheckUtils]: 77: Hoare triple {265#false} assume !(-1 == ~mail_is_sensitive~0); {265#false} is VALID [2022-02-20 17:55:16,498 INFO L272 TraceCheckUtils]: 78: Hoare triple {265#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {265#false} is VALID [2022-02-20 17:55:16,499 INFO L290 TraceCheckUtils]: 79: Hoare triple {265#false} ~handle := #in~handle;havoc ~retValue_acc~31; {265#false} is VALID [2022-02-20 17:55:16,499 INFO L290 TraceCheckUtils]: 80: Hoare triple {265#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {265#false} is VALID [2022-02-20 17:55:16,499 INFO L290 TraceCheckUtils]: 81: Hoare triple {265#false} assume true; {265#false} is VALID [2022-02-20 17:55:16,499 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {265#false} {265#false} #791#return; {265#false} is VALID [2022-02-20 17:55:16,499 INFO L290 TraceCheckUtils]: 83: Hoare triple {265#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {265#false} is VALID [2022-02-20 17:55:16,500 INFO L290 TraceCheckUtils]: 84: Hoare triple {265#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {265#false} is VALID [2022-02-20 17:55:16,500 INFO L290 TraceCheckUtils]: 85: Hoare triple {265#false} assume !false; {265#false} is VALID [2022-02-20 17:55:16,501 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:16,501 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:16,502 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [718482448] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:16,502 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:16,502 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [8] total 8 [2022-02-20 17:55:16,505 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [427928212] [2022-02-20 17:55:16,505 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:16,509 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 86 [2022-02-20 17:55:16,511 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:16,513 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:16,567 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 71 edges. 71 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:16,568 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:55:16,568 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:16,592 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:55:16,592 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:55:16,598 INFO L87 Difference]: Start difference. First operand has 261 states, 205 states have (on average 1.5560975609756098) internal successors, (319), 209 states have internal predecessors, (319), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (39), 39 states have call predecessors, (39), 39 states have call successors, (39) Second operand has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:16,882 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:16,882 INFO L93 Difference]: Finished difference Result 373 states and 556 transitions. [2022-02-20 17:55:16,883 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:55:16,883 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 86 [2022-02-20 17:55:16,884 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:16,885 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:16,901 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 556 transitions. [2022-02-20 17:55:16,902 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:16,914 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 556 transitions. [2022-02-20 17:55:16,914 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 556 transitions. [2022-02-20 17:55:17,310 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 556 edges. 556 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:17,327 INFO L225 Difference]: With dead ends: 373 [2022-02-20 17:55:17,328 INFO L226 Difference]: Without dead ends: 254 [2022-02-20 17:55:17,331 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 109 GetRequests, 103 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:55:17,333 INFO L933 BasicCegarLoop]: 393 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 393 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:17,334 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 393 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:17,346 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 254 states. [2022-02-20 17:55:17,364 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 254 to 254. [2022-02-20 17:55:17,365 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:17,366 INFO L82 GeneralOperation]: Start isEquivalent. First operand 254 states. Second operand has 254 states, 199 states have (on average 1.5477386934673367) internal successors, (308), 202 states have internal predecessors, (308), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 17:55:17,368 INFO L74 IsIncluded]: Start isIncluded. First operand 254 states. Second operand has 254 states, 199 states have (on average 1.5477386934673367) internal successors, (308), 202 states have internal predecessors, (308), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 17:55:17,376 INFO L87 Difference]: Start difference. First operand 254 states. Second operand has 254 states, 199 states have (on average 1.5477386934673367) internal successors, (308), 202 states have internal predecessors, (308), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 17:55:17,391 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:17,391 INFO L93 Difference]: Finished difference Result 254 states and 385 transitions. [2022-02-20 17:55:17,391 INFO L276 IsEmpty]: Start isEmpty. Operand 254 states and 385 transitions. [2022-02-20 17:55:17,396 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:17,396 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:17,398 INFO L74 IsIncluded]: Start isIncluded. First operand has 254 states, 199 states have (on average 1.5477386934673367) internal successors, (308), 202 states have internal predecessors, (308), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) Second operand 254 states. [2022-02-20 17:55:17,399 INFO L87 Difference]: Start difference. First operand has 254 states, 199 states have (on average 1.5477386934673367) internal successors, (308), 202 states have internal predecessors, (308), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) Second operand 254 states. [2022-02-20 17:55:17,410 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:17,411 INFO L93 Difference]: Finished difference Result 254 states and 385 transitions. [2022-02-20 17:55:17,411 INFO L276 IsEmpty]: Start isEmpty. Operand 254 states and 385 transitions. [2022-02-20 17:55:17,412 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:17,412 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:17,412 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:17,412 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:17,413 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 254 states, 199 states have (on average 1.5477386934673367) internal successors, (308), 202 states have internal predecessors, (308), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 17:55:17,428 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 254 states to 254 states and 385 transitions. [2022-02-20 17:55:17,430 INFO L78 Accepts]: Start accepts. Automaton has 254 states and 385 transitions. Word has length 86 [2022-02-20 17:55:17,430 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:17,430 INFO L470 AbstractCegarLoop]: Abstraction has 254 states and 385 transitions. [2022-02-20 17:55:17,431 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 24.5) internal successors, (49), 2 states have internal predecessors, (49), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:17,431 INFO L276 IsEmpty]: Start isEmpty. Operand 254 states and 385 transitions. [2022-02-20 17:55:17,433 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 88 [2022-02-20 17:55:17,433 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:17,433 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:17,452 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:17,637 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:55:17,638 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:17,638 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:17,638 INFO L85 PathProgramCache]: Analyzing trace with hash 434501306, now seen corresponding path program 1 times [2022-02-20 17:55:17,638 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:17,638 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1961203769] [2022-02-20 17:55:17,638 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:17,638 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:17,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:17,729 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,732 INFO L290 TraceCheckUtils]: 0: Hoare triple {1993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,732 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,733 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,733 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1950#true} #815#return; {1950#true} is VALID [2022-02-20 17:55:17,738 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:17,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,743 INFO L290 TraceCheckUtils]: 0: Hoare triple {1994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,744 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1950#true} #817#return; {1950#true} is VALID [2022-02-20 17:55:17,744 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:17,750 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,764 INFO L290 TraceCheckUtils]: 0: Hoare triple {1993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1995#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:17,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {1995#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1996#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:17,765 INFO L290 TraceCheckUtils]: 2: Hoare triple {1996#(= |setClientId_#in~handle| 1)} assume true; {1996#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:17,766 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1996#(= |setClientId_#in~handle| 1)} {1960#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #819#return; {1951#false} is VALID [2022-02-20 17:55:17,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:17,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,770 INFO L290 TraceCheckUtils]: 0: Hoare triple {1994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,770 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,770 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,771 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1951#false} #821#return; {1951#false} is VALID [2022-02-20 17:55:17,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:17,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {1993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,775 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,775 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,775 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1951#false} #823#return; {1951#false} is VALID [2022-02-20 17:55:17,775 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:17,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,780 INFO L290 TraceCheckUtils]: 0: Hoare triple {1994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,780 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,780 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,780 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1951#false} #825#return; {1951#false} is VALID [2022-02-20 17:55:17,787 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:55:17,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,790 INFO L290 TraceCheckUtils]: 0: Hoare triple {1997#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,790 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,790 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,790 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1951#false} #811#return; {1951#false} is VALID [2022-02-20 17:55:17,790 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:55:17,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,793 INFO L290 TraceCheckUtils]: 0: Hoare triple {1950#true} ~handle := #in~handle;havoc ~retValue_acc~28; {1950#true} is VALID [2022-02-20 17:55:17,793 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {1950#true} is VALID [2022-02-20 17:55:17,793 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,793 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1951#false} #781#return; {1951#false} is VALID [2022-02-20 17:55:17,794 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:55:17,795 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {1997#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,797 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,797 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1951#false} #787#return; {1951#false} is VALID [2022-02-20 17:55:17,797 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:55:17,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:17,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {1950#true} ~handle := #in~handle;havoc ~retValue_acc~31; {1950#true} is VALID [2022-02-20 17:55:17,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {1950#true} is VALID [2022-02-20 17:55:17,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,801 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {1950#true} {1951#false} #791#return; {1951#false} is VALID [2022-02-20 17:55:17,801 INFO L290 TraceCheckUtils]: 0: Hoare triple {1950#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {1950#true} is VALID [2022-02-20 17:55:17,801 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {1950#true} is VALID [2022-02-20 17:55:17,801 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1950#true} is VALID [2022-02-20 17:55:17,801 INFO L290 TraceCheckUtils]: 3: Hoare triple {1950#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {1950#true} is VALID [2022-02-20 17:55:17,801 INFO L290 TraceCheckUtils]: 4: Hoare triple {1950#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {1950#true} is VALID [2022-02-20 17:55:17,802 INFO L290 TraceCheckUtils]: 5: Hoare triple {1950#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {1950#true} is VALID [2022-02-20 17:55:17,802 INFO L272 TraceCheckUtils]: 6: Hoare triple {1950#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {1993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:17,802 INFO L290 TraceCheckUtils]: 7: Hoare triple {1993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,803 INFO L290 TraceCheckUtils]: 8: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,803 INFO L290 TraceCheckUtils]: 9: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,803 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {1950#true} {1950#true} #815#return; {1950#true} is VALID [2022-02-20 17:55:17,803 INFO L290 TraceCheckUtils]: 11: Hoare triple {1950#true} assume { :end_inline_setup_bob__wrappee__Base } true; {1950#true} is VALID [2022-02-20 17:55:17,804 INFO L272 TraceCheckUtils]: 12: Hoare triple {1950#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {1994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:17,804 INFO L290 TraceCheckUtils]: 13: Hoare triple {1994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,804 INFO L290 TraceCheckUtils]: 14: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,804 INFO L290 TraceCheckUtils]: 15: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,804 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {1950#true} {1950#true} #817#return; {1950#true} is VALID [2022-02-20 17:55:17,805 INFO L290 TraceCheckUtils]: 17: Hoare triple {1950#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {1960#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:17,805 INFO L272 TraceCheckUtils]: 18: Hoare triple {1960#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {1993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:17,806 INFO L290 TraceCheckUtils]: 19: Hoare triple {1993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1995#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:17,806 INFO L290 TraceCheckUtils]: 20: Hoare triple {1995#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1996#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:17,806 INFO L290 TraceCheckUtils]: 21: Hoare triple {1996#(= |setClientId_#in~handle| 1)} assume true; {1996#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:17,807 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1996#(= |setClientId_#in~handle| 1)} {1960#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #819#return; {1951#false} is VALID [2022-02-20 17:55:17,807 INFO L290 TraceCheckUtils]: 23: Hoare triple {1951#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {1951#false} is VALID [2022-02-20 17:55:17,807 INFO L272 TraceCheckUtils]: 24: Hoare triple {1951#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {1994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:17,807 INFO L290 TraceCheckUtils]: 25: Hoare triple {1994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,808 INFO L290 TraceCheckUtils]: 26: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,808 INFO L290 TraceCheckUtils]: 27: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,808 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {1950#true} {1951#false} #821#return; {1951#false} is VALID [2022-02-20 17:55:17,808 INFO L290 TraceCheckUtils]: 29: Hoare triple {1951#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {1951#false} is VALID [2022-02-20 17:55:17,808 INFO L272 TraceCheckUtils]: 30: Hoare triple {1951#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {1993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:17,808 INFO L290 TraceCheckUtils]: 31: Hoare triple {1993#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,808 INFO L290 TraceCheckUtils]: 32: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,809 INFO L290 TraceCheckUtils]: 33: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,809 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {1950#true} {1951#false} #823#return; {1951#false} is VALID [2022-02-20 17:55:17,809 INFO L290 TraceCheckUtils]: 35: Hoare triple {1951#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {1951#false} is VALID [2022-02-20 17:55:17,809 INFO L272 TraceCheckUtils]: 36: Hoare triple {1951#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {1994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:17,809 INFO L290 TraceCheckUtils]: 37: Hoare triple {1994#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,809 INFO L290 TraceCheckUtils]: 38: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,809 INFO L290 TraceCheckUtils]: 39: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,809 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {1950#true} {1951#false} #825#return; {1951#false} is VALID [2022-02-20 17:55:17,810 INFO L290 TraceCheckUtils]: 41: Hoare triple {1951#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {1951#false} is VALID [2022-02-20 17:55:17,810 INFO L290 TraceCheckUtils]: 42: Hoare triple {1951#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {1951#false} is VALID [2022-02-20 17:55:17,810 INFO L290 TraceCheckUtils]: 43: Hoare triple {1951#false} assume !false; {1951#false} is VALID [2022-02-20 17:55:17,810 INFO L290 TraceCheckUtils]: 44: Hoare triple {1951#false} assume !(test_~splverifierCounter~0#1 < 4); {1951#false} is VALID [2022-02-20 17:55:17,810 INFO L290 TraceCheckUtils]: 45: Hoare triple {1951#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {1951#false} is VALID [2022-02-20 17:55:17,810 INFO L272 TraceCheckUtils]: 46: Hoare triple {1951#false} call sendEmail(~bob~0, ~rjh~0); {1951#false} is VALID [2022-02-20 17:55:17,810 INFO L290 TraceCheckUtils]: 47: Hoare triple {1951#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {1951#false} is VALID [2022-02-20 17:55:17,811 INFO L272 TraceCheckUtils]: 48: Hoare triple {1951#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {1997#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:17,811 INFO L290 TraceCheckUtils]: 49: Hoare triple {1997#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,811 INFO L290 TraceCheckUtils]: 50: Hoare triple {1950#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,811 INFO L290 TraceCheckUtils]: 51: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,811 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {1950#true} {1951#false} #811#return; {1951#false} is VALID [2022-02-20 17:55:17,811 INFO L290 TraceCheckUtils]: 53: Hoare triple {1951#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {1951#false} is VALID [2022-02-20 17:55:17,811 INFO L290 TraceCheckUtils]: 54: Hoare triple {1951#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {1951#false} is VALID [2022-02-20 17:55:17,812 INFO L290 TraceCheckUtils]: 55: Hoare triple {1951#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {1951#false} is VALID [2022-02-20 17:55:17,812 INFO L290 TraceCheckUtils]: 56: Hoare triple {1951#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {1951#false} is VALID [2022-02-20 17:55:17,812 INFO L272 TraceCheckUtils]: 57: Hoare triple {1951#false} call outgoing(~sender#1, ~email~0#1); {1951#false} is VALID [2022-02-20 17:55:17,812 INFO L290 TraceCheckUtils]: 58: Hoare triple {1951#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {1951#false} is VALID [2022-02-20 17:55:17,812 INFO L272 TraceCheckUtils]: 59: Hoare triple {1951#false} call #t~ret42#1 := getEmailTo(~msg#1); {1950#true} is VALID [2022-02-20 17:55:17,812 INFO L290 TraceCheckUtils]: 60: Hoare triple {1950#true} ~handle := #in~handle;havoc ~retValue_acc~28; {1950#true} is VALID [2022-02-20 17:55:17,812 INFO L290 TraceCheckUtils]: 61: Hoare triple {1950#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {1950#true} is VALID [2022-02-20 17:55:17,813 INFO L290 TraceCheckUtils]: 62: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,813 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {1950#true} {1951#false} #781#return; {1951#false} is VALID [2022-02-20 17:55:17,813 INFO L290 TraceCheckUtils]: 64: Hoare triple {1951#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {1951#false} is VALID [2022-02-20 17:55:17,813 INFO L290 TraceCheckUtils]: 65: Hoare triple {1951#false} assume 1 == findPublicKey_~handle#1; {1951#false} is VALID [2022-02-20 17:55:17,813 INFO L290 TraceCheckUtils]: 66: Hoare triple {1951#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {1951#false} is VALID [2022-02-20 17:55:17,813 INFO L290 TraceCheckUtils]: 67: Hoare triple {1951#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {1951#false} is VALID [2022-02-20 17:55:17,813 INFO L290 TraceCheckUtils]: 68: Hoare triple {1951#false} assume !(0 != ~pubkey~0#1); {1951#false} is VALID [2022-02-20 17:55:17,813 INFO L290 TraceCheckUtils]: 69: Hoare triple {1951#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {1951#false} is VALID [2022-02-20 17:55:17,814 INFO L290 TraceCheckUtils]: 70: Hoare triple {1951#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {1951#false} is VALID [2022-02-20 17:55:17,814 INFO L290 TraceCheckUtils]: 71: Hoare triple {1951#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {1951#false} is VALID [2022-02-20 17:55:17,814 INFO L272 TraceCheckUtils]: 72: Hoare triple {1951#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {1997#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:17,814 INFO L290 TraceCheckUtils]: 73: Hoare triple {1997#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:17,814 INFO L290 TraceCheckUtils]: 74: Hoare triple {1950#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:17,814 INFO L290 TraceCheckUtils]: 75: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,814 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {1950#true} {1951#false} #787#return; {1951#false} is VALID [2022-02-20 17:55:17,815 INFO L290 TraceCheckUtils]: 77: Hoare triple {1951#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {1951#false} is VALID [2022-02-20 17:55:17,815 INFO L290 TraceCheckUtils]: 78: Hoare triple {1951#false} assume !(-1 == ~mail_is_sensitive~0); {1951#false} is VALID [2022-02-20 17:55:17,815 INFO L272 TraceCheckUtils]: 79: Hoare triple {1951#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {1950#true} is VALID [2022-02-20 17:55:17,815 INFO L290 TraceCheckUtils]: 80: Hoare triple {1950#true} ~handle := #in~handle;havoc ~retValue_acc~31; {1950#true} is VALID [2022-02-20 17:55:17,815 INFO L290 TraceCheckUtils]: 81: Hoare triple {1950#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {1950#true} is VALID [2022-02-20 17:55:17,815 INFO L290 TraceCheckUtils]: 82: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:17,815 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {1950#true} {1951#false} #791#return; {1951#false} is VALID [2022-02-20 17:55:17,815 INFO L290 TraceCheckUtils]: 84: Hoare triple {1951#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {1951#false} is VALID [2022-02-20 17:55:17,816 INFO L290 TraceCheckUtils]: 85: Hoare triple {1951#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {1951#false} is VALID [2022-02-20 17:55:17,816 INFO L290 TraceCheckUtils]: 86: Hoare triple {1951#false} assume !false; {1951#false} is VALID [2022-02-20 17:55:17,816 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:17,816 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:17,816 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1961203769] [2022-02-20 17:55:17,817 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1961203769] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:17,817 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1442467011] [2022-02-20 17:55:17,817 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:17,817 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:17,817 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:17,818 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:17,819 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:55:18,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,018 INFO L263 TraceCheckSpWp]: Trace formula consists of 903 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:55:18,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:18,062 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:18,275 INFO L290 TraceCheckUtils]: 0: Hoare triple {1950#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {1950#true} is VALID [2022-02-20 17:55:18,275 INFO L290 TraceCheckUtils]: 1: Hoare triple {1950#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {1950#true} is VALID [2022-02-20 17:55:18,275 INFO L290 TraceCheckUtils]: 2: Hoare triple {1950#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1950#true} is VALID [2022-02-20 17:55:18,275 INFO L290 TraceCheckUtils]: 3: Hoare triple {1950#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {1950#true} is VALID [2022-02-20 17:55:18,275 INFO L290 TraceCheckUtils]: 4: Hoare triple {1950#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {1950#true} is VALID [2022-02-20 17:55:18,275 INFO L290 TraceCheckUtils]: 5: Hoare triple {1950#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {1950#true} is VALID [2022-02-20 17:55:18,276 INFO L272 TraceCheckUtils]: 6: Hoare triple {1950#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {1950#true} is VALID [2022-02-20 17:55:18,276 INFO L290 TraceCheckUtils]: 7: Hoare triple {1950#true} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:18,276 INFO L290 TraceCheckUtils]: 8: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 9: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {1950#true} {1950#true} #815#return; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 11: Hoare triple {1950#true} assume { :end_inline_setup_bob__wrappee__Base } true; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L272 TraceCheckUtils]: 12: Hoare triple {1950#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 13: Hoare triple {1950#true} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 14: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 15: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {1950#true} {1950#true} #817#return; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 17: Hoare triple {1950#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L272 TraceCheckUtils]: 18: Hoare triple {1950#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 19: Hoare triple {1950#true} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 20: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 21: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1950#true} {1950#true} #819#return; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 23: Hoare triple {1950#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L272 TraceCheckUtils]: 24: Hoare triple {1950#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {1950#true} is VALID [2022-02-20 17:55:18,277 INFO L290 TraceCheckUtils]: 25: Hoare triple {1950#true} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L290 TraceCheckUtils]: 26: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L290 TraceCheckUtils]: 27: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {1950#true} {1950#true} #821#return; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L290 TraceCheckUtils]: 29: Hoare triple {1950#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L272 TraceCheckUtils]: 30: Hoare triple {1950#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L290 TraceCheckUtils]: 31: Hoare triple {1950#true} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L290 TraceCheckUtils]: 32: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L290 TraceCheckUtils]: 33: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {1950#true} {1950#true} #823#return; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L290 TraceCheckUtils]: 35: Hoare triple {1950#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L272 TraceCheckUtils]: 36: Hoare triple {1950#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {1950#true} is VALID [2022-02-20 17:55:18,278 INFO L290 TraceCheckUtils]: 37: Hoare triple {1950#true} ~handle := #in~handle;~value := #in~value; {1950#true} is VALID [2022-02-20 17:55:18,279 INFO L290 TraceCheckUtils]: 38: Hoare triple {1950#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {1950#true} is VALID [2022-02-20 17:55:18,279 INFO L290 TraceCheckUtils]: 39: Hoare triple {1950#true} assume true; {1950#true} is VALID [2022-02-20 17:55:18,279 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {1950#true} {1950#true} #825#return; {1950#true} is VALID [2022-02-20 17:55:18,279 INFO L290 TraceCheckUtils]: 41: Hoare triple {1950#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {1950#true} is VALID [2022-02-20 17:55:18,280 INFO L290 TraceCheckUtils]: 42: Hoare triple {1950#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2127#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:18,280 INFO L290 TraceCheckUtils]: 43: Hoare triple {2127#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2127#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:18,280 INFO L290 TraceCheckUtils]: 44: Hoare triple {2127#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {1951#false} is VALID [2022-02-20 17:55:18,280 INFO L290 TraceCheckUtils]: 45: Hoare triple {1951#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {1951#false} is VALID [2022-02-20 17:55:18,280 INFO L272 TraceCheckUtils]: 46: Hoare triple {1951#false} call sendEmail(~bob~0, ~rjh~0); {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 47: Hoare triple {1951#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L272 TraceCheckUtils]: 48: Hoare triple {1951#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 49: Hoare triple {1951#false} ~handle := #in~handle;~value := #in~value; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 50: Hoare triple {1951#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 51: Hoare triple {1951#false} assume true; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {1951#false} {1951#false} #811#return; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 53: Hoare triple {1951#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 54: Hoare triple {1951#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 55: Hoare triple {1951#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 56: Hoare triple {1951#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L272 TraceCheckUtils]: 57: Hoare triple {1951#false} call outgoing(~sender#1, ~email~0#1); {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 58: Hoare triple {1951#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L272 TraceCheckUtils]: 59: Hoare triple {1951#false} call #t~ret42#1 := getEmailTo(~msg#1); {1951#false} is VALID [2022-02-20 17:55:18,281 INFO L290 TraceCheckUtils]: 60: Hoare triple {1951#false} ~handle := #in~handle;havoc ~retValue_acc~28; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 61: Hoare triple {1951#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 62: Hoare triple {1951#false} assume true; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {1951#false} {1951#false} #781#return; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 64: Hoare triple {1951#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 65: Hoare triple {1951#false} assume 1 == findPublicKey_~handle#1; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 66: Hoare triple {1951#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 67: Hoare triple {1951#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 68: Hoare triple {1951#false} assume !(0 != ~pubkey~0#1); {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 69: Hoare triple {1951#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 70: Hoare triple {1951#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 71: Hoare triple {1951#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L272 TraceCheckUtils]: 72: Hoare triple {1951#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 73: Hoare triple {1951#false} ~handle := #in~handle;~value := #in~value; {1951#false} is VALID [2022-02-20 17:55:18,282 INFO L290 TraceCheckUtils]: 74: Hoare triple {1951#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {1951#false} is VALID [2022-02-20 17:55:18,283 INFO L290 TraceCheckUtils]: 75: Hoare triple {1951#false} assume true; {1951#false} is VALID [2022-02-20 17:55:18,283 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {1951#false} {1951#false} #787#return; {1951#false} is VALID [2022-02-20 17:55:18,283 INFO L290 TraceCheckUtils]: 77: Hoare triple {1951#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {1951#false} is VALID [2022-02-20 17:55:18,283 INFO L290 TraceCheckUtils]: 78: Hoare triple {1951#false} assume !(-1 == ~mail_is_sensitive~0); {1951#false} is VALID [2022-02-20 17:55:18,283 INFO L272 TraceCheckUtils]: 79: Hoare triple {1951#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {1951#false} is VALID [2022-02-20 17:55:18,283 INFO L290 TraceCheckUtils]: 80: Hoare triple {1951#false} ~handle := #in~handle;havoc ~retValue_acc~31; {1951#false} is VALID [2022-02-20 17:55:18,283 INFO L290 TraceCheckUtils]: 81: Hoare triple {1951#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {1951#false} is VALID [2022-02-20 17:55:18,283 INFO L290 TraceCheckUtils]: 82: Hoare triple {1951#false} assume true; {1951#false} is VALID [2022-02-20 17:55:18,284 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {1951#false} {1951#false} #791#return; {1951#false} is VALID [2022-02-20 17:55:18,284 INFO L290 TraceCheckUtils]: 84: Hoare triple {1951#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {1951#false} is VALID [2022-02-20 17:55:18,284 INFO L290 TraceCheckUtils]: 85: Hoare triple {1951#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {1951#false} is VALID [2022-02-20 17:55:18,284 INFO L290 TraceCheckUtils]: 86: Hoare triple {1951#false} assume !false; {1951#false} is VALID [2022-02-20 17:55:18,284 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:18,284 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:18,285 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1442467011] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:18,285 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:18,285 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 17:55:18,285 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1438259239] [2022-02-20 17:55:18,285 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:18,286 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 87 [2022-02-20 17:55:18,287 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:18,287 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:18,350 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 72 edges. 72 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:18,350 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:18,351 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:18,351 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:18,351 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:18,352 INFO L87 Difference]: Start difference. First operand 254 states and 385 transitions. Second operand has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:18,653 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:18,653 INFO L93 Difference]: Finished difference Result 363 states and 537 transitions. [2022-02-20 17:55:18,653 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:18,654 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 87 [2022-02-20 17:55:18,654 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:18,654 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:18,660 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 537 transitions. [2022-02-20 17:55:18,661 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:18,666 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 537 transitions. [2022-02-20 17:55:18,667 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 537 transitions. [2022-02-20 17:55:19,011 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 537 edges. 537 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:19,023 INFO L225 Difference]: With dead ends: 363 [2022-02-20 17:55:19,023 INFO L226 Difference]: Without dead ends: 257 [2022-02-20 17:55:19,024 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 110 GetRequests, 103 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:19,025 INFO L933 BasicCegarLoop]: 383 mSDtfsCounter, 1 mSDsluCounter, 381 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 764 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:19,025 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 764 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:19,026 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 257 states. [2022-02-20 17:55:19,035 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 257 to 256. [2022-02-20 17:55:19,035 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:19,036 INFO L82 GeneralOperation]: Start isEquivalent. First operand 257 states. Second operand has 256 states, 201 states have (on average 1.5422885572139304) internal successors, (310), 204 states have internal predecessors, (310), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 17:55:19,037 INFO L74 IsIncluded]: Start isIncluded. First operand 257 states. Second operand has 256 states, 201 states have (on average 1.5422885572139304) internal successors, (310), 204 states have internal predecessors, (310), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 17:55:19,037 INFO L87 Difference]: Start difference. First operand 257 states. Second operand has 256 states, 201 states have (on average 1.5422885572139304) internal successors, (310), 204 states have internal predecessors, (310), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 17:55:19,045 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:19,045 INFO L93 Difference]: Finished difference Result 257 states and 388 transitions. [2022-02-20 17:55:19,045 INFO L276 IsEmpty]: Start isEmpty. Operand 257 states and 388 transitions. [2022-02-20 17:55:19,046 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:19,046 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:19,047 INFO L74 IsIncluded]: Start isIncluded. First operand has 256 states, 201 states have (on average 1.5422885572139304) internal successors, (310), 204 states have internal predecessors, (310), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) Second operand 257 states. [2022-02-20 17:55:19,047 INFO L87 Difference]: Start difference. First operand has 256 states, 201 states have (on average 1.5422885572139304) internal successors, (310), 204 states have internal predecessors, (310), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) Second operand 257 states. [2022-02-20 17:55:19,054 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:19,054 INFO L93 Difference]: Finished difference Result 257 states and 388 transitions. [2022-02-20 17:55:19,054 INFO L276 IsEmpty]: Start isEmpty. Operand 257 states and 388 transitions. [2022-02-20 17:55:19,055 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:19,055 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:19,055 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:19,056 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:19,056 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 256 states, 201 states have (on average 1.5422885572139304) internal successors, (310), 204 states have internal predecessors, (310), 39 states have call successors, (39), 15 states have call predecessors, (39), 15 states have return successors, (38), 38 states have call predecessors, (38), 38 states have call successors, (38) [2022-02-20 17:55:19,064 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 256 states to 256 states and 387 transitions. [2022-02-20 17:55:19,064 INFO L78 Accepts]: Start accepts. Automaton has 256 states and 387 transitions. Word has length 87 [2022-02-20 17:55:19,065 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:19,065 INFO L470 AbstractCegarLoop]: Abstraction has 256 states and 387 transitions. [2022-02-20 17:55:19,065 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 16.666666666666668) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:19,065 INFO L276 IsEmpty]: Start isEmpty. Operand 256 states and 387 transitions. [2022-02-20 17:55:19,067 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 94 [2022-02-20 17:55:19,067 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:19,067 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:19,086 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:19,286 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:55:19,286 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:19,287 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:19,287 INFO L85 PathProgramCache]: Analyzing trace with hash -2121837743, now seen corresponding path program 1 times [2022-02-20 17:55:19,287 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:19,287 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1621872495] [2022-02-20 17:55:19,287 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:19,287 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:19,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,352 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:19,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,358 INFO L290 TraceCheckUtils]: 0: Hoare triple {3676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,358 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,359 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,359 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3633#true} {3633#true} #815#return; {3633#true} is VALID [2022-02-20 17:55:19,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:19,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,372 INFO L290 TraceCheckUtils]: 0: Hoare triple {3677#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,372 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,372 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,372 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3633#true} {3633#true} #817#return; {3633#true} is VALID [2022-02-20 17:55:19,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:19,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,387 INFO L290 TraceCheckUtils]: 0: Hoare triple {3676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3678#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:19,388 INFO L290 TraceCheckUtils]: 1: Hoare triple {3678#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3679#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,388 INFO L290 TraceCheckUtils]: 2: Hoare triple {3679#(= |setClientId_#in~handle| 1)} assume true; {3679#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,389 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3679#(= |setClientId_#in~handle| 1)} {3643#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #819#return; {3634#false} is VALID [2022-02-20 17:55:19,389 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:19,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,397 INFO L290 TraceCheckUtils]: 0: Hoare triple {3677#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,397 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,398 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,398 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3633#true} {3634#false} #821#return; {3634#false} is VALID [2022-02-20 17:55:19,398 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:19,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {3676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,416 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,416 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,416 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3633#true} {3634#false} #823#return; {3634#false} is VALID [2022-02-20 17:55:19,416 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:19,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,422 INFO L290 TraceCheckUtils]: 0: Hoare triple {3677#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,422 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,422 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,422 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3633#true} {3634#false} #825#return; {3634#false} is VALID [2022-02-20 17:55:19,428 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 17:55:19,429 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,432 INFO L290 TraceCheckUtils]: 0: Hoare triple {3680#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,432 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,433 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,433 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3633#true} {3634#false} #811#return; {3634#false} is VALID [2022-02-20 17:55:19,433 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:55:19,434 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,438 INFO L290 TraceCheckUtils]: 0: Hoare triple {3633#true} ~handle := #in~handle;havoc ~retValue_acc~28; {3633#true} is VALID [2022-02-20 17:55:19,438 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {3633#true} is VALID [2022-02-20 17:55:19,438 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,438 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3633#true} {3634#false} #781#return; {3634#false} is VALID [2022-02-20 17:55:19,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:55:19,440 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,442 INFO L290 TraceCheckUtils]: 0: Hoare triple {3680#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,442 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,442 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,442 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3633#true} {3634#false} #787#return; {3634#false} is VALID [2022-02-20 17:55:19,442 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:55:19,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {3633#true} ~handle := #in~handle;havoc ~retValue_acc~31; {3633#true} is VALID [2022-02-20 17:55:19,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {3633#true} is VALID [2022-02-20 17:55:19,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,449 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3633#true} {3634#false} #791#return; {3634#false} is VALID [2022-02-20 17:55:19,450 INFO L290 TraceCheckUtils]: 0: Hoare triple {3633#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {3633#true} is VALID [2022-02-20 17:55:19,450 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {3633#true} is VALID [2022-02-20 17:55:19,450 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3633#true} is VALID [2022-02-20 17:55:19,450 INFO L290 TraceCheckUtils]: 3: Hoare triple {3633#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {3633#true} is VALID [2022-02-20 17:55:19,450 INFO L290 TraceCheckUtils]: 4: Hoare triple {3633#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {3633#true} is VALID [2022-02-20 17:55:19,450 INFO L290 TraceCheckUtils]: 5: Hoare triple {3633#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3633#true} is VALID [2022-02-20 17:55:19,451 INFO L272 TraceCheckUtils]: 6: Hoare triple {3633#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,451 INFO L290 TraceCheckUtils]: 7: Hoare triple {3676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,452 INFO L290 TraceCheckUtils]: 8: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,452 INFO L290 TraceCheckUtils]: 9: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,452 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3633#true} {3633#true} #815#return; {3633#true} is VALID [2022-02-20 17:55:19,452 INFO L290 TraceCheckUtils]: 11: Hoare triple {3633#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3633#true} is VALID [2022-02-20 17:55:19,453 INFO L272 TraceCheckUtils]: 12: Hoare triple {3633#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3677#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:19,453 INFO L290 TraceCheckUtils]: 13: Hoare triple {3677#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,453 INFO L290 TraceCheckUtils]: 14: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,453 INFO L290 TraceCheckUtils]: 15: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,453 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3633#true} {3633#true} #817#return; {3633#true} is VALID [2022-02-20 17:55:19,454 INFO L290 TraceCheckUtils]: 17: Hoare triple {3633#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3643#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:19,454 INFO L272 TraceCheckUtils]: 18: Hoare triple {3643#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,455 INFO L290 TraceCheckUtils]: 19: Hoare triple {3676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3678#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:19,455 INFO L290 TraceCheckUtils]: 20: Hoare triple {3678#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3679#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,455 INFO L290 TraceCheckUtils]: 21: Hoare triple {3679#(= |setClientId_#in~handle| 1)} assume true; {3679#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,456 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3679#(= |setClientId_#in~handle| 1)} {3643#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #819#return; {3634#false} is VALID [2022-02-20 17:55:19,456 INFO L290 TraceCheckUtils]: 23: Hoare triple {3634#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3634#false} is VALID [2022-02-20 17:55:19,456 INFO L272 TraceCheckUtils]: 24: Hoare triple {3634#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3677#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:19,456 INFO L290 TraceCheckUtils]: 25: Hoare triple {3677#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,456 INFO L290 TraceCheckUtils]: 26: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,457 INFO L290 TraceCheckUtils]: 27: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,457 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3633#true} {3634#false} #821#return; {3634#false} is VALID [2022-02-20 17:55:19,457 INFO L290 TraceCheckUtils]: 29: Hoare triple {3634#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3634#false} is VALID [2022-02-20 17:55:19,457 INFO L272 TraceCheckUtils]: 30: Hoare triple {3634#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,457 INFO L290 TraceCheckUtils]: 31: Hoare triple {3676#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,457 INFO L290 TraceCheckUtils]: 32: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,457 INFO L290 TraceCheckUtils]: 33: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,457 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3633#true} {3634#false} #823#return; {3634#false} is VALID [2022-02-20 17:55:19,458 INFO L290 TraceCheckUtils]: 35: Hoare triple {3634#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3634#false} is VALID [2022-02-20 17:55:19,458 INFO L272 TraceCheckUtils]: 36: Hoare triple {3634#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3677#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:19,458 INFO L290 TraceCheckUtils]: 37: Hoare triple {3677#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,458 INFO L290 TraceCheckUtils]: 38: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,460 INFO L290 TraceCheckUtils]: 39: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,460 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3633#true} {3634#false} #825#return; {3634#false} is VALID [2022-02-20 17:55:19,466 INFO L290 TraceCheckUtils]: 41: Hoare triple {3634#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {3634#false} is VALID [2022-02-20 17:55:19,467 INFO L290 TraceCheckUtils]: 42: Hoare triple {3634#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3634#false} is VALID [2022-02-20 17:55:19,468 INFO L290 TraceCheckUtils]: 43: Hoare triple {3634#false} assume !false; {3634#false} is VALID [2022-02-20 17:55:19,468 INFO L290 TraceCheckUtils]: 44: Hoare triple {3634#false} assume test_~splverifierCounter~0#1 < 4; {3634#false} is VALID [2022-02-20 17:55:19,468 INFO L290 TraceCheckUtils]: 45: Hoare triple {3634#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {3634#false} is VALID [2022-02-20 17:55:19,469 INFO L290 TraceCheckUtils]: 46: Hoare triple {3634#false} assume !(0 == test_~op1~0#1); {3634#false} is VALID [2022-02-20 17:55:19,470 INFO L290 TraceCheckUtils]: 47: Hoare triple {3634#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {3634#false} is VALID [2022-02-20 17:55:19,470 INFO L290 TraceCheckUtils]: 48: Hoare triple {3634#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {3634#false} is VALID [2022-02-20 17:55:19,470 INFO L290 TraceCheckUtils]: 49: Hoare triple {3634#false} assume !false; {3634#false} is VALID [2022-02-20 17:55:19,470 INFO L290 TraceCheckUtils]: 50: Hoare triple {3634#false} assume !(test_~splverifierCounter~0#1 < 4); {3634#false} is VALID [2022-02-20 17:55:19,471 INFO L290 TraceCheckUtils]: 51: Hoare triple {3634#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {3634#false} is VALID [2022-02-20 17:55:19,471 INFO L272 TraceCheckUtils]: 52: Hoare triple {3634#false} call sendEmail(~bob~0, ~rjh~0); {3634#false} is VALID [2022-02-20 17:55:19,471 INFO L290 TraceCheckUtils]: 53: Hoare triple {3634#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3634#false} is VALID [2022-02-20 17:55:19,471 INFO L272 TraceCheckUtils]: 54: Hoare triple {3634#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3680#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:19,471 INFO L290 TraceCheckUtils]: 55: Hoare triple {3680#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,471 INFO L290 TraceCheckUtils]: 56: Hoare triple {3633#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,471 INFO L290 TraceCheckUtils]: 57: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,471 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {3633#true} {3634#false} #811#return; {3634#false} is VALID [2022-02-20 17:55:19,472 INFO L290 TraceCheckUtils]: 59: Hoare triple {3634#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {3634#false} is VALID [2022-02-20 17:55:19,472 INFO L290 TraceCheckUtils]: 60: Hoare triple {3634#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {3634#false} is VALID [2022-02-20 17:55:19,472 INFO L290 TraceCheckUtils]: 61: Hoare triple {3634#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {3634#false} is VALID [2022-02-20 17:55:19,472 INFO L290 TraceCheckUtils]: 62: Hoare triple {3634#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {3634#false} is VALID [2022-02-20 17:55:19,472 INFO L272 TraceCheckUtils]: 63: Hoare triple {3634#false} call outgoing(~sender#1, ~email~0#1); {3634#false} is VALID [2022-02-20 17:55:19,472 INFO L290 TraceCheckUtils]: 64: Hoare triple {3634#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {3634#false} is VALID [2022-02-20 17:55:19,472 INFO L272 TraceCheckUtils]: 65: Hoare triple {3634#false} call #t~ret42#1 := getEmailTo(~msg#1); {3633#true} is VALID [2022-02-20 17:55:19,472 INFO L290 TraceCheckUtils]: 66: Hoare triple {3633#true} ~handle := #in~handle;havoc ~retValue_acc~28; {3633#true} is VALID [2022-02-20 17:55:19,472 INFO L290 TraceCheckUtils]: 67: Hoare triple {3633#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {3633#true} is VALID [2022-02-20 17:55:19,472 INFO L290 TraceCheckUtils]: 68: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,473 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {3633#true} {3634#false} #781#return; {3634#false} is VALID [2022-02-20 17:55:19,473 INFO L290 TraceCheckUtils]: 70: Hoare triple {3634#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {3634#false} is VALID [2022-02-20 17:55:19,473 INFO L290 TraceCheckUtils]: 71: Hoare triple {3634#false} assume 1 == findPublicKey_~handle#1; {3634#false} is VALID [2022-02-20 17:55:19,473 INFO L290 TraceCheckUtils]: 72: Hoare triple {3634#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {3634#false} is VALID [2022-02-20 17:55:19,473 INFO L290 TraceCheckUtils]: 73: Hoare triple {3634#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {3634#false} is VALID [2022-02-20 17:55:19,473 INFO L290 TraceCheckUtils]: 74: Hoare triple {3634#false} assume !(0 != ~pubkey~0#1); {3634#false} is VALID [2022-02-20 17:55:19,473 INFO L290 TraceCheckUtils]: 75: Hoare triple {3634#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {3634#false} is VALID [2022-02-20 17:55:19,473 INFO L290 TraceCheckUtils]: 76: Hoare triple {3634#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {3634#false} is VALID [2022-02-20 17:55:19,473 INFO L290 TraceCheckUtils]: 77: Hoare triple {3634#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {3634#false} is VALID [2022-02-20 17:55:19,474 INFO L272 TraceCheckUtils]: 78: Hoare triple {3634#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {3680#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:19,474 INFO L290 TraceCheckUtils]: 79: Hoare triple {3680#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,474 INFO L290 TraceCheckUtils]: 80: Hoare triple {3633#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,474 INFO L290 TraceCheckUtils]: 81: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,474 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3633#true} {3634#false} #787#return; {3634#false} is VALID [2022-02-20 17:55:19,474 INFO L290 TraceCheckUtils]: 83: Hoare triple {3634#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {3634#false} is VALID [2022-02-20 17:55:19,474 INFO L290 TraceCheckUtils]: 84: Hoare triple {3634#false} assume !(-1 == ~mail_is_sensitive~0); {3634#false} is VALID [2022-02-20 17:55:19,474 INFO L272 TraceCheckUtils]: 85: Hoare triple {3634#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {3633#true} is VALID [2022-02-20 17:55:19,474 INFO L290 TraceCheckUtils]: 86: Hoare triple {3633#true} ~handle := #in~handle;havoc ~retValue_acc~31; {3633#true} is VALID [2022-02-20 17:55:19,475 INFO L290 TraceCheckUtils]: 87: Hoare triple {3633#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {3633#true} is VALID [2022-02-20 17:55:19,475 INFO L290 TraceCheckUtils]: 88: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,475 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {3633#true} {3634#false} #791#return; {3634#false} is VALID [2022-02-20 17:55:19,475 INFO L290 TraceCheckUtils]: 90: Hoare triple {3634#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {3634#false} is VALID [2022-02-20 17:55:19,475 INFO L290 TraceCheckUtils]: 91: Hoare triple {3634#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {3634#false} is VALID [2022-02-20 17:55:19,475 INFO L290 TraceCheckUtils]: 92: Hoare triple {3634#false} assume !false; {3634#false} is VALID [2022-02-20 17:55:19,476 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:19,477 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:19,477 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1621872495] [2022-02-20 17:55:19,478 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1621872495] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:19,478 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1798404085] [2022-02-20 17:55:19,478 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:19,478 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:19,478 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:19,479 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:19,484 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:55:19,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,656 INFO L263 TraceCheckSpWp]: Trace formula consists of 917 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:55:19,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,698 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:19,893 INFO L290 TraceCheckUtils]: 0: Hoare triple {3633#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {3633#true} is VALID [2022-02-20 17:55:19,893 INFO L290 TraceCheckUtils]: 1: Hoare triple {3633#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {3633#true} is VALID [2022-02-20 17:55:19,894 INFO L290 TraceCheckUtils]: 2: Hoare triple {3633#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3633#true} is VALID [2022-02-20 17:55:19,894 INFO L290 TraceCheckUtils]: 3: Hoare triple {3633#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {3633#true} is VALID [2022-02-20 17:55:19,894 INFO L290 TraceCheckUtils]: 4: Hoare triple {3633#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {3633#true} is VALID [2022-02-20 17:55:19,894 INFO L290 TraceCheckUtils]: 5: Hoare triple {3633#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3633#true} is VALID [2022-02-20 17:55:19,894 INFO L272 TraceCheckUtils]: 6: Hoare triple {3633#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3633#true} is VALID [2022-02-20 17:55:19,894 INFO L290 TraceCheckUtils]: 7: Hoare triple {3633#true} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,894 INFO L290 TraceCheckUtils]: 8: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,894 INFO L290 TraceCheckUtils]: 9: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,894 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3633#true} {3633#true} #815#return; {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L290 TraceCheckUtils]: 11: Hoare triple {3633#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L272 TraceCheckUtils]: 12: Hoare triple {3633#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L290 TraceCheckUtils]: 13: Hoare triple {3633#true} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L290 TraceCheckUtils]: 14: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L290 TraceCheckUtils]: 15: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3633#true} {3633#true} #817#return; {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L290 TraceCheckUtils]: 17: Hoare triple {3633#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L272 TraceCheckUtils]: 18: Hoare triple {3633#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L290 TraceCheckUtils]: 19: Hoare triple {3633#true} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,895 INFO L290 TraceCheckUtils]: 20: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,896 INFO L290 TraceCheckUtils]: 21: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,896 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3633#true} {3633#true} #819#return; {3633#true} is VALID [2022-02-20 17:55:19,896 INFO L290 TraceCheckUtils]: 23: Hoare triple {3633#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3633#true} is VALID [2022-02-20 17:55:19,896 INFO L272 TraceCheckUtils]: 24: Hoare triple {3633#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3633#true} is VALID [2022-02-20 17:55:19,896 INFO L290 TraceCheckUtils]: 25: Hoare triple {3633#true} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,896 INFO L290 TraceCheckUtils]: 26: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,896 INFO L290 TraceCheckUtils]: 27: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,896 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3633#true} {3633#true} #821#return; {3633#true} is VALID [2022-02-20 17:55:19,897 INFO L290 TraceCheckUtils]: 29: Hoare triple {3633#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3633#true} is VALID [2022-02-20 17:55:19,897 INFO L272 TraceCheckUtils]: 30: Hoare triple {3633#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3633#true} is VALID [2022-02-20 17:55:19,897 INFO L290 TraceCheckUtils]: 31: Hoare triple {3633#true} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,897 INFO L290 TraceCheckUtils]: 32: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,897 INFO L290 TraceCheckUtils]: 33: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,897 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3633#true} {3633#true} #823#return; {3633#true} is VALID [2022-02-20 17:55:19,897 INFO L290 TraceCheckUtils]: 35: Hoare triple {3633#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3633#true} is VALID [2022-02-20 17:55:19,897 INFO L272 TraceCheckUtils]: 36: Hoare triple {3633#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3633#true} is VALID [2022-02-20 17:55:19,898 INFO L290 TraceCheckUtils]: 37: Hoare triple {3633#true} ~handle := #in~handle;~value := #in~value; {3633#true} is VALID [2022-02-20 17:55:19,898 INFO L290 TraceCheckUtils]: 38: Hoare triple {3633#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3633#true} is VALID [2022-02-20 17:55:19,898 INFO L290 TraceCheckUtils]: 39: Hoare triple {3633#true} assume true; {3633#true} is VALID [2022-02-20 17:55:19,898 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3633#true} {3633#true} #825#return; {3633#true} is VALID [2022-02-20 17:55:19,898 INFO L290 TraceCheckUtils]: 41: Hoare triple {3633#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {3633#true} is VALID [2022-02-20 17:55:19,898 INFO L290 TraceCheckUtils]: 42: Hoare triple {3633#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3810#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:19,899 INFO L290 TraceCheckUtils]: 43: Hoare triple {3810#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {3810#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:19,899 INFO L290 TraceCheckUtils]: 44: Hoare triple {3810#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {3810#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:19,899 INFO L290 TraceCheckUtils]: 45: Hoare triple {3810#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {3810#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:19,900 INFO L290 TraceCheckUtils]: 46: Hoare triple {3810#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {3634#false} is VALID [2022-02-20 17:55:19,900 INFO L290 TraceCheckUtils]: 47: Hoare triple {3634#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {3634#false} is VALID [2022-02-20 17:55:19,900 INFO L290 TraceCheckUtils]: 48: Hoare triple {3634#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {3634#false} is VALID [2022-02-20 17:55:19,900 INFO L290 TraceCheckUtils]: 49: Hoare triple {3634#false} assume !false; {3634#false} is VALID [2022-02-20 17:55:19,900 INFO L290 TraceCheckUtils]: 50: Hoare triple {3634#false} assume !(test_~splverifierCounter~0#1 < 4); {3634#false} is VALID [2022-02-20 17:55:19,900 INFO L290 TraceCheckUtils]: 51: Hoare triple {3634#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {3634#false} is VALID [2022-02-20 17:55:19,900 INFO L272 TraceCheckUtils]: 52: Hoare triple {3634#false} call sendEmail(~bob~0, ~rjh~0); {3634#false} is VALID [2022-02-20 17:55:19,900 INFO L290 TraceCheckUtils]: 53: Hoare triple {3634#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3634#false} is VALID [2022-02-20 17:55:19,901 INFO L272 TraceCheckUtils]: 54: Hoare triple {3634#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3634#false} is VALID [2022-02-20 17:55:19,901 INFO L290 TraceCheckUtils]: 55: Hoare triple {3634#false} ~handle := #in~handle;~value := #in~value; {3634#false} is VALID [2022-02-20 17:55:19,901 INFO L290 TraceCheckUtils]: 56: Hoare triple {3634#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3634#false} is VALID [2022-02-20 17:55:19,901 INFO L290 TraceCheckUtils]: 57: Hoare triple {3634#false} assume true; {3634#false} is VALID [2022-02-20 17:55:19,901 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {3634#false} {3634#false} #811#return; {3634#false} is VALID [2022-02-20 17:55:19,901 INFO L290 TraceCheckUtils]: 59: Hoare triple {3634#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {3634#false} is VALID [2022-02-20 17:55:19,901 INFO L290 TraceCheckUtils]: 60: Hoare triple {3634#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {3634#false} is VALID [2022-02-20 17:55:19,901 INFO L290 TraceCheckUtils]: 61: Hoare triple {3634#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {3634#false} is VALID [2022-02-20 17:55:19,901 INFO L290 TraceCheckUtils]: 62: Hoare triple {3634#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {3634#false} is VALID [2022-02-20 17:55:19,902 INFO L272 TraceCheckUtils]: 63: Hoare triple {3634#false} call outgoing(~sender#1, ~email~0#1); {3634#false} is VALID [2022-02-20 17:55:19,902 INFO L290 TraceCheckUtils]: 64: Hoare triple {3634#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {3634#false} is VALID [2022-02-20 17:55:19,902 INFO L272 TraceCheckUtils]: 65: Hoare triple {3634#false} call #t~ret42#1 := getEmailTo(~msg#1); {3634#false} is VALID [2022-02-20 17:55:19,902 INFO L290 TraceCheckUtils]: 66: Hoare triple {3634#false} ~handle := #in~handle;havoc ~retValue_acc~28; {3634#false} is VALID [2022-02-20 17:55:19,902 INFO L290 TraceCheckUtils]: 67: Hoare triple {3634#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {3634#false} is VALID [2022-02-20 17:55:19,902 INFO L290 TraceCheckUtils]: 68: Hoare triple {3634#false} assume true; {3634#false} is VALID [2022-02-20 17:55:19,902 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {3634#false} {3634#false} #781#return; {3634#false} is VALID [2022-02-20 17:55:19,902 INFO L290 TraceCheckUtils]: 70: Hoare triple {3634#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {3634#false} is VALID [2022-02-20 17:55:19,902 INFO L290 TraceCheckUtils]: 71: Hoare triple {3634#false} assume 1 == findPublicKey_~handle#1; {3634#false} is VALID [2022-02-20 17:55:19,903 INFO L290 TraceCheckUtils]: 72: Hoare triple {3634#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {3634#false} is VALID [2022-02-20 17:55:19,903 INFO L290 TraceCheckUtils]: 73: Hoare triple {3634#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {3634#false} is VALID [2022-02-20 17:55:19,903 INFO L290 TraceCheckUtils]: 74: Hoare triple {3634#false} assume !(0 != ~pubkey~0#1); {3634#false} is VALID [2022-02-20 17:55:19,903 INFO L290 TraceCheckUtils]: 75: Hoare triple {3634#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {3634#false} is VALID [2022-02-20 17:55:19,903 INFO L290 TraceCheckUtils]: 76: Hoare triple {3634#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {3634#false} is VALID [2022-02-20 17:55:19,903 INFO L290 TraceCheckUtils]: 77: Hoare triple {3634#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {3634#false} is VALID [2022-02-20 17:55:19,903 INFO L272 TraceCheckUtils]: 78: Hoare triple {3634#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {3634#false} is VALID [2022-02-20 17:55:19,903 INFO L290 TraceCheckUtils]: 79: Hoare triple {3634#false} ~handle := #in~handle;~value := #in~value; {3634#false} is VALID [2022-02-20 17:55:19,904 INFO L290 TraceCheckUtils]: 80: Hoare triple {3634#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3634#false} is VALID [2022-02-20 17:55:19,904 INFO L290 TraceCheckUtils]: 81: Hoare triple {3634#false} assume true; {3634#false} is VALID [2022-02-20 17:55:19,904 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3634#false} {3634#false} #787#return; {3634#false} is VALID [2022-02-20 17:55:19,904 INFO L290 TraceCheckUtils]: 83: Hoare triple {3634#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {3634#false} is VALID [2022-02-20 17:55:19,904 INFO L290 TraceCheckUtils]: 84: Hoare triple {3634#false} assume !(-1 == ~mail_is_sensitive~0); {3634#false} is VALID [2022-02-20 17:55:19,904 INFO L272 TraceCheckUtils]: 85: Hoare triple {3634#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {3634#false} is VALID [2022-02-20 17:55:19,904 INFO L290 TraceCheckUtils]: 86: Hoare triple {3634#false} ~handle := #in~handle;havoc ~retValue_acc~31; {3634#false} is VALID [2022-02-20 17:55:19,904 INFO L290 TraceCheckUtils]: 87: Hoare triple {3634#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {3634#false} is VALID [2022-02-20 17:55:19,904 INFO L290 TraceCheckUtils]: 88: Hoare triple {3634#false} assume true; {3634#false} is VALID [2022-02-20 17:55:19,905 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {3634#false} {3634#false} #791#return; {3634#false} is VALID [2022-02-20 17:55:19,905 INFO L290 TraceCheckUtils]: 90: Hoare triple {3634#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {3634#false} is VALID [2022-02-20 17:55:19,905 INFO L290 TraceCheckUtils]: 91: Hoare triple {3634#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {3634#false} is VALID [2022-02-20 17:55:19,905 INFO L290 TraceCheckUtils]: 92: Hoare triple {3634#false} assume !false; {3634#false} is VALID [2022-02-20 17:55:19,905 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:19,905 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:19,905 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1798404085] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:19,906 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:19,906 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [8] total 9 [2022-02-20 17:55:19,906 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1284332429] [2022-02-20 17:55:19,906 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:19,906 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 93 [2022-02-20 17:55:19,907 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:19,907 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:19,965 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 78 edges. 78 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:19,966 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:19,966 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:19,966 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:19,966 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:19,967 INFO L87 Difference]: Start difference. First operand 256 states and 387 transitions. Second operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:20,303 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:20,303 INFO L93 Difference]: Finished difference Result 537 states and 825 transitions. [2022-02-20 17:55:20,304 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:20,304 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 93 [2022-02-20 17:55:20,304 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:20,304 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:20,314 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 823 transitions. [2022-02-20 17:55:20,319 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:20,333 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 823 transitions. [2022-02-20 17:55:20,333 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 823 transitions. [2022-02-20 17:55:20,898 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 823 edges. 823 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:20,907 INFO L225 Difference]: With dead ends: 537 [2022-02-20 17:55:20,907 INFO L226 Difference]: Without dead ends: 308 [2022-02-20 17:55:20,909 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 116 GetRequests, 109 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:20,914 INFO L933 BasicCegarLoop]: 410 mSDtfsCounter, 99 mSDsluCounter, 339 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 114 SdHoareTripleChecker+Valid, 749 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:20,915 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [114 Valid, 749 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:20,916 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 308 states. [2022-02-20 17:55:20,928 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 308 to 300. [2022-02-20 17:55:20,928 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:20,929 INFO L82 GeneralOperation]: Start isEquivalent. First operand 308 states. Second operand has 300 states, 234 states have (on average 1.5555555555555556) internal successors, (364), 237 states have internal predecessors, (364), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:55:20,930 INFO L74 IsIncluded]: Start isIncluded. First operand 308 states. Second operand has 300 states, 234 states have (on average 1.5555555555555556) internal successors, (364), 237 states have internal predecessors, (364), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:55:20,931 INFO L87 Difference]: Start difference. First operand 308 states. Second operand has 300 states, 234 states have (on average 1.5555555555555556) internal successors, (364), 237 states have internal predecessors, (364), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:55:20,939 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:20,939 INFO L93 Difference]: Finished difference Result 308 states and 472 transitions. [2022-02-20 17:55:20,939 INFO L276 IsEmpty]: Start isEmpty. Operand 308 states and 472 transitions. [2022-02-20 17:55:20,940 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:20,940 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:20,941 INFO L74 IsIncluded]: Start isIncluded. First operand has 300 states, 234 states have (on average 1.5555555555555556) internal successors, (364), 237 states have internal predecessors, (364), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 308 states. [2022-02-20 17:55:20,942 INFO L87 Difference]: Start difference. First operand has 300 states, 234 states have (on average 1.5555555555555556) internal successors, (364), 237 states have internal predecessors, (364), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) Second operand 308 states. [2022-02-20 17:55:20,953 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:20,953 INFO L93 Difference]: Finished difference Result 308 states and 472 transitions. [2022-02-20 17:55:20,953 INFO L276 IsEmpty]: Start isEmpty. Operand 308 states and 472 transitions. [2022-02-20 17:55:20,963 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:20,963 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:20,964 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:20,964 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:20,965 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 300 states, 234 states have (on average 1.5555555555555556) internal successors, (364), 237 states have internal predecessors, (364), 50 states have call successors, (50), 15 states have call predecessors, (50), 15 states have return successors, (49), 49 states have call predecessors, (49), 49 states have call successors, (49) [2022-02-20 17:55:20,979 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 300 states to 300 states and 463 transitions. [2022-02-20 17:55:20,980 INFO L78 Accepts]: Start accepts. Automaton has 300 states and 463 transitions. Word has length 93 [2022-02-20 17:55:20,980 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:20,980 INFO L470 AbstractCegarLoop]: Abstraction has 300 states and 463 transitions. [2022-02-20 17:55:20,980 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 18.666666666666668) internal successors, (56), 3 states have internal predecessors, (56), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:20,980 INFO L276 IsEmpty]: Start isEmpty. Operand 300 states and 463 transitions. [2022-02-20 17:55:20,983 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 95 [2022-02-20 17:55:20,983 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:20,983 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:21,005 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:21,198 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:21,199 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:21,200 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:21,200 INFO L85 PathProgramCache]: Analyzing trace with hash -2132692778, now seen corresponding path program 1 times [2022-02-20 17:55:21,200 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:21,200 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [197117034] [2022-02-20 17:55:21,200 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:21,200 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:21,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,254 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:21,256 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,259 INFO L290 TraceCheckUtils]: 0: Hoare triple {5801#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,259 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,259 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,259 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5758#true} {5758#true} #815#return; {5758#true} is VALID [2022-02-20 17:55:21,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:21,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,268 INFO L290 TraceCheckUtils]: 0: Hoare triple {5802#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,268 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5758#true} {5758#true} #817#return; {5758#true} is VALID [2022-02-20 17:55:21,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:21,270 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,281 INFO L290 TraceCheckUtils]: 0: Hoare triple {5801#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5803#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:21,281 INFO L290 TraceCheckUtils]: 1: Hoare triple {5803#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5804#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:21,281 INFO L290 TraceCheckUtils]: 2: Hoare triple {5804#(= |setClientId_#in~handle| 1)} assume true; {5804#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:21,282 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5804#(= |setClientId_#in~handle| 1)} {5768#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #819#return; {5759#false} is VALID [2022-02-20 17:55:21,282 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:21,284 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,286 INFO L290 TraceCheckUtils]: 0: Hoare triple {5802#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,287 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,287 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,287 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5758#true} {5759#false} #821#return; {5759#false} is VALID [2022-02-20 17:55:21,287 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:21,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,291 INFO L290 TraceCheckUtils]: 0: Hoare triple {5801#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,291 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,291 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,291 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5758#true} {5759#false} #823#return; {5759#false} is VALID [2022-02-20 17:55:21,291 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:21,294 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,300 INFO L290 TraceCheckUtils]: 0: Hoare triple {5802#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,300 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5758#true} {5759#false} #825#return; {5759#false} is VALID [2022-02-20 17:55:21,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:55:21,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {5805#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,314 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,314 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,314 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5758#true} {5759#false} #811#return; {5759#false} is VALID [2022-02-20 17:55:21,314 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:55:21,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,316 INFO L290 TraceCheckUtils]: 0: Hoare triple {5758#true} ~handle := #in~handle;havoc ~retValue_acc~28; {5758#true} is VALID [2022-02-20 17:55:21,316 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {5758#true} is VALID [2022-02-20 17:55:21,316 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,317 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5758#true} {5759#false} #781#return; {5759#false} is VALID [2022-02-20 17:55:21,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:55:21,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,319 INFO L290 TraceCheckUtils]: 0: Hoare triple {5805#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,319 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,319 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,319 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5758#true} {5759#false} #787#return; {5759#false} is VALID [2022-02-20 17:55:21,320 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:55:21,320 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,321 INFO L290 TraceCheckUtils]: 0: Hoare triple {5758#true} ~handle := #in~handle;havoc ~retValue_acc~31; {5758#true} is VALID [2022-02-20 17:55:21,321 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {5758#true} is VALID [2022-02-20 17:55:21,321 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,322 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5758#true} {5759#false} #791#return; {5759#false} is VALID [2022-02-20 17:55:21,322 INFO L290 TraceCheckUtils]: 0: Hoare triple {5758#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {5758#true} is VALID [2022-02-20 17:55:21,322 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {5758#true} is VALID [2022-02-20 17:55:21,322 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5758#true} is VALID [2022-02-20 17:55:21,322 INFO L290 TraceCheckUtils]: 3: Hoare triple {5758#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {5758#true} is VALID [2022-02-20 17:55:21,322 INFO L290 TraceCheckUtils]: 4: Hoare triple {5758#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {5758#true} is VALID [2022-02-20 17:55:21,322 INFO L290 TraceCheckUtils]: 5: Hoare triple {5758#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5758#true} is VALID [2022-02-20 17:55:21,326 INFO L272 TraceCheckUtils]: 6: Hoare triple {5758#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5801#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:21,326 INFO L290 TraceCheckUtils]: 7: Hoare triple {5801#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,326 INFO L290 TraceCheckUtils]: 8: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,327 INFO L290 TraceCheckUtils]: 9: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,327 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5758#true} {5758#true} #815#return; {5758#true} is VALID [2022-02-20 17:55:21,327 INFO L290 TraceCheckUtils]: 11: Hoare triple {5758#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5758#true} is VALID [2022-02-20 17:55:21,327 INFO L272 TraceCheckUtils]: 12: Hoare triple {5758#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5802#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:21,327 INFO L290 TraceCheckUtils]: 13: Hoare triple {5802#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,328 INFO L290 TraceCheckUtils]: 14: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,328 INFO L290 TraceCheckUtils]: 15: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,328 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5758#true} {5758#true} #817#return; {5758#true} is VALID [2022-02-20 17:55:21,328 INFO L290 TraceCheckUtils]: 17: Hoare triple {5758#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5768#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:21,329 INFO L272 TraceCheckUtils]: 18: Hoare triple {5768#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5801#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:21,329 INFO L290 TraceCheckUtils]: 19: Hoare triple {5801#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5803#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:21,329 INFO L290 TraceCheckUtils]: 20: Hoare triple {5803#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5804#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:21,330 INFO L290 TraceCheckUtils]: 21: Hoare triple {5804#(= |setClientId_#in~handle| 1)} assume true; {5804#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:21,330 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5804#(= |setClientId_#in~handle| 1)} {5768#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #819#return; {5759#false} is VALID [2022-02-20 17:55:21,330 INFO L290 TraceCheckUtils]: 23: Hoare triple {5759#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5759#false} is VALID [2022-02-20 17:55:21,330 INFO L272 TraceCheckUtils]: 24: Hoare triple {5759#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5802#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:21,330 INFO L290 TraceCheckUtils]: 25: Hoare triple {5802#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,330 INFO L290 TraceCheckUtils]: 26: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,331 INFO L290 TraceCheckUtils]: 27: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,331 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5758#true} {5759#false} #821#return; {5759#false} is VALID [2022-02-20 17:55:21,331 INFO L290 TraceCheckUtils]: 29: Hoare triple {5759#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5759#false} is VALID [2022-02-20 17:55:21,331 INFO L272 TraceCheckUtils]: 30: Hoare triple {5759#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5801#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:21,331 INFO L290 TraceCheckUtils]: 31: Hoare triple {5801#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,331 INFO L290 TraceCheckUtils]: 32: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,331 INFO L290 TraceCheckUtils]: 33: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,331 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5758#true} {5759#false} #823#return; {5759#false} is VALID [2022-02-20 17:55:21,331 INFO L290 TraceCheckUtils]: 35: Hoare triple {5759#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5759#false} is VALID [2022-02-20 17:55:21,332 INFO L272 TraceCheckUtils]: 36: Hoare triple {5759#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5802#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:21,332 INFO L290 TraceCheckUtils]: 37: Hoare triple {5802#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,332 INFO L290 TraceCheckUtils]: 38: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,332 INFO L290 TraceCheckUtils]: 39: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,332 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5758#true} {5759#false} #825#return; {5759#false} is VALID [2022-02-20 17:55:21,332 INFO L290 TraceCheckUtils]: 41: Hoare triple {5759#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {5759#false} is VALID [2022-02-20 17:55:21,332 INFO L290 TraceCheckUtils]: 42: Hoare triple {5759#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5759#false} is VALID [2022-02-20 17:55:21,332 INFO L290 TraceCheckUtils]: 43: Hoare triple {5759#false} assume !false; {5759#false} is VALID [2022-02-20 17:55:21,332 INFO L290 TraceCheckUtils]: 44: Hoare triple {5759#false} assume test_~splverifierCounter~0#1 < 4; {5759#false} is VALID [2022-02-20 17:55:21,332 INFO L290 TraceCheckUtils]: 45: Hoare triple {5759#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5759#false} is VALID [2022-02-20 17:55:21,333 INFO L290 TraceCheckUtils]: 46: Hoare triple {5759#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5759#false} is VALID [2022-02-20 17:55:21,333 INFO L290 TraceCheckUtils]: 47: Hoare triple {5759#false} assume !(0 != test_~tmp___9~0#1); {5759#false} is VALID [2022-02-20 17:55:21,333 INFO L290 TraceCheckUtils]: 48: Hoare triple {5759#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5759#false} is VALID [2022-02-20 17:55:21,333 INFO L290 TraceCheckUtils]: 49: Hoare triple {5759#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5759#false} is VALID [2022-02-20 17:55:21,333 INFO L290 TraceCheckUtils]: 50: Hoare triple {5759#false} assume !false; {5759#false} is VALID [2022-02-20 17:55:21,333 INFO L290 TraceCheckUtils]: 51: Hoare triple {5759#false} assume !(test_~splverifierCounter~0#1 < 4); {5759#false} is VALID [2022-02-20 17:55:21,333 INFO L290 TraceCheckUtils]: 52: Hoare triple {5759#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {5759#false} is VALID [2022-02-20 17:55:21,333 INFO L272 TraceCheckUtils]: 53: Hoare triple {5759#false} call sendEmail(~bob~0, ~rjh~0); {5759#false} is VALID [2022-02-20 17:55:21,333 INFO L290 TraceCheckUtils]: 54: Hoare triple {5759#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5759#false} is VALID [2022-02-20 17:55:21,334 INFO L272 TraceCheckUtils]: 55: Hoare triple {5759#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5805#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:21,334 INFO L290 TraceCheckUtils]: 56: Hoare triple {5805#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,334 INFO L290 TraceCheckUtils]: 57: Hoare triple {5758#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,334 INFO L290 TraceCheckUtils]: 58: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,334 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {5758#true} {5759#false} #811#return; {5759#false} is VALID [2022-02-20 17:55:21,334 INFO L290 TraceCheckUtils]: 60: Hoare triple {5759#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {5759#false} is VALID [2022-02-20 17:55:21,334 INFO L290 TraceCheckUtils]: 61: Hoare triple {5759#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {5759#false} is VALID [2022-02-20 17:55:21,334 INFO L290 TraceCheckUtils]: 62: Hoare triple {5759#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {5759#false} is VALID [2022-02-20 17:55:21,334 INFO L290 TraceCheckUtils]: 63: Hoare triple {5759#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {5759#false} is VALID [2022-02-20 17:55:21,334 INFO L272 TraceCheckUtils]: 64: Hoare triple {5759#false} call outgoing(~sender#1, ~email~0#1); {5759#false} is VALID [2022-02-20 17:55:21,335 INFO L290 TraceCheckUtils]: 65: Hoare triple {5759#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {5759#false} is VALID [2022-02-20 17:55:21,335 INFO L272 TraceCheckUtils]: 66: Hoare triple {5759#false} call #t~ret42#1 := getEmailTo(~msg#1); {5758#true} is VALID [2022-02-20 17:55:21,335 INFO L290 TraceCheckUtils]: 67: Hoare triple {5758#true} ~handle := #in~handle;havoc ~retValue_acc~28; {5758#true} is VALID [2022-02-20 17:55:21,335 INFO L290 TraceCheckUtils]: 68: Hoare triple {5758#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {5758#true} is VALID [2022-02-20 17:55:21,335 INFO L290 TraceCheckUtils]: 69: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,335 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {5758#true} {5759#false} #781#return; {5759#false} is VALID [2022-02-20 17:55:21,335 INFO L290 TraceCheckUtils]: 71: Hoare triple {5759#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {5759#false} is VALID [2022-02-20 17:55:21,335 INFO L290 TraceCheckUtils]: 72: Hoare triple {5759#false} assume 1 == findPublicKey_~handle#1; {5759#false} is VALID [2022-02-20 17:55:21,335 INFO L290 TraceCheckUtils]: 73: Hoare triple {5759#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {5759#false} is VALID [2022-02-20 17:55:21,336 INFO L290 TraceCheckUtils]: 74: Hoare triple {5759#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {5759#false} is VALID [2022-02-20 17:55:21,336 INFO L290 TraceCheckUtils]: 75: Hoare triple {5759#false} assume !(0 != ~pubkey~0#1); {5759#false} is VALID [2022-02-20 17:55:21,336 INFO L290 TraceCheckUtils]: 76: Hoare triple {5759#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {5759#false} is VALID [2022-02-20 17:55:21,336 INFO L290 TraceCheckUtils]: 77: Hoare triple {5759#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {5759#false} is VALID [2022-02-20 17:55:21,336 INFO L290 TraceCheckUtils]: 78: Hoare triple {5759#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {5759#false} is VALID [2022-02-20 17:55:21,336 INFO L272 TraceCheckUtils]: 79: Hoare triple {5759#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {5805#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:21,336 INFO L290 TraceCheckUtils]: 80: Hoare triple {5805#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,336 INFO L290 TraceCheckUtils]: 81: Hoare triple {5758#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,336 INFO L290 TraceCheckUtils]: 82: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,336 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5758#true} {5759#false} #787#return; {5759#false} is VALID [2022-02-20 17:55:21,337 INFO L290 TraceCheckUtils]: 84: Hoare triple {5759#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {5759#false} is VALID [2022-02-20 17:55:21,337 INFO L290 TraceCheckUtils]: 85: Hoare triple {5759#false} assume !(-1 == ~mail_is_sensitive~0); {5759#false} is VALID [2022-02-20 17:55:21,337 INFO L272 TraceCheckUtils]: 86: Hoare triple {5759#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {5758#true} is VALID [2022-02-20 17:55:21,337 INFO L290 TraceCheckUtils]: 87: Hoare triple {5758#true} ~handle := #in~handle;havoc ~retValue_acc~31; {5758#true} is VALID [2022-02-20 17:55:21,337 INFO L290 TraceCheckUtils]: 88: Hoare triple {5758#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {5758#true} is VALID [2022-02-20 17:55:21,337 INFO L290 TraceCheckUtils]: 89: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,337 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5758#true} {5759#false} #791#return; {5759#false} is VALID [2022-02-20 17:55:21,337 INFO L290 TraceCheckUtils]: 91: Hoare triple {5759#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {5759#false} is VALID [2022-02-20 17:55:21,337 INFO L290 TraceCheckUtils]: 92: Hoare triple {5759#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {5759#false} is VALID [2022-02-20 17:55:21,338 INFO L290 TraceCheckUtils]: 93: Hoare triple {5759#false} assume !false; {5759#false} is VALID [2022-02-20 17:55:21,338 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:21,338 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:21,338 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [197117034] [2022-02-20 17:55:21,338 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [197117034] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:21,338 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1293364597] [2022-02-20 17:55:21,338 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:21,339 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:21,339 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:21,340 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:21,341 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:55:21,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,520 INFO L263 TraceCheckSpWp]: Trace formula consists of 924 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:55:21,560 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,563 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:21,805 INFO L290 TraceCheckUtils]: 0: Hoare triple {5758#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 1: Hoare triple {5758#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 2: Hoare triple {5758#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 3: Hoare triple {5758#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 4: Hoare triple {5758#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 5: Hoare triple {5758#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L272 TraceCheckUtils]: 6: Hoare triple {5758#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 7: Hoare triple {5758#true} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 8: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 9: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5758#true} {5758#true} #815#return; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 11: Hoare triple {5758#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L272 TraceCheckUtils]: 12: Hoare triple {5758#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 13: Hoare triple {5758#true} ~handle := #in~handle;~value := #in~value; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 14: Hoare triple {5758#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L290 TraceCheckUtils]: 15: Hoare triple {5758#true} assume true; {5758#true} is VALID [2022-02-20 17:55:21,806 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5758#true} {5758#true} #817#return; {5758#true} is VALID [2022-02-20 17:55:21,811 INFO L290 TraceCheckUtils]: 17: Hoare triple {5758#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5860#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:55:21,811 INFO L272 TraceCheckUtils]: 18: Hoare triple {5860#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5758#true} is VALID [2022-02-20 17:55:21,811 INFO L290 TraceCheckUtils]: 19: Hoare triple {5758#true} ~handle := #in~handle;~value := #in~value; {5867#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:55:21,812 INFO L290 TraceCheckUtils]: 20: Hoare triple {5867#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5871#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:21,812 INFO L290 TraceCheckUtils]: 21: Hoare triple {5871#(<= |setClientId_#in~handle| 1)} assume true; {5871#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:21,812 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5871#(<= |setClientId_#in~handle| 1)} {5860#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #819#return; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 23: Hoare triple {5759#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L272 TraceCheckUtils]: 24: Hoare triple {5759#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 25: Hoare triple {5759#false} ~handle := #in~handle;~value := #in~value; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 26: Hoare triple {5759#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 27: Hoare triple {5759#false} assume true; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5759#false} {5759#false} #821#return; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 29: Hoare triple {5759#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L272 TraceCheckUtils]: 30: Hoare triple {5759#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 31: Hoare triple {5759#false} ~handle := #in~handle;~value := #in~value; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 32: Hoare triple {5759#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 33: Hoare triple {5759#false} assume true; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5759#false} {5759#false} #823#return; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 35: Hoare triple {5759#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L272 TraceCheckUtils]: 36: Hoare triple {5759#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 37: Hoare triple {5759#false} ~handle := #in~handle;~value := #in~value; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 38: Hoare triple {5759#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5759#false} is VALID [2022-02-20 17:55:21,813 INFO L290 TraceCheckUtils]: 39: Hoare triple {5759#false} assume true; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5759#false} {5759#false} #825#return; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 41: Hoare triple {5759#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 42: Hoare triple {5759#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 43: Hoare triple {5759#false} assume !false; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 44: Hoare triple {5759#false} assume test_~splverifierCounter~0#1 < 4; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 45: Hoare triple {5759#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 46: Hoare triple {5759#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 47: Hoare triple {5759#false} assume !(0 != test_~tmp___9~0#1); {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 48: Hoare triple {5759#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 49: Hoare triple {5759#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 50: Hoare triple {5759#false} assume !false; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 51: Hoare triple {5759#false} assume !(test_~splverifierCounter~0#1 < 4); {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 52: Hoare triple {5759#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L272 TraceCheckUtils]: 53: Hoare triple {5759#false} call sendEmail(~bob~0, ~rjh~0); {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 54: Hoare triple {5759#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L272 TraceCheckUtils]: 55: Hoare triple {5759#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 56: Hoare triple {5759#false} ~handle := #in~handle;~value := #in~value; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 57: Hoare triple {5759#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L290 TraceCheckUtils]: 58: Hoare triple {5759#false} assume true; {5759#false} is VALID [2022-02-20 17:55:21,814 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {5759#false} {5759#false} #811#return; {5759#false} is VALID [2022-02-20 17:55:21,815 INFO L290 TraceCheckUtils]: 60: Hoare triple {5759#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {5759#false} is VALID [2022-02-20 17:55:21,815 INFO L290 TraceCheckUtils]: 61: Hoare triple {5759#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {5759#false} is VALID [2022-02-20 17:55:21,815 INFO L290 TraceCheckUtils]: 62: Hoare triple {5759#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {5759#false} is VALID [2022-02-20 17:55:21,815 INFO L290 TraceCheckUtils]: 63: Hoare triple {5759#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {5759#false} is VALID [2022-02-20 17:55:21,815 INFO L272 TraceCheckUtils]: 64: Hoare triple {5759#false} call outgoing(~sender#1, ~email~0#1); {5759#false} is VALID [2022-02-20 17:55:21,815 INFO L290 TraceCheckUtils]: 65: Hoare triple {5759#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {5759#false} is VALID [2022-02-20 17:55:21,815 INFO L272 TraceCheckUtils]: 66: Hoare triple {5759#false} call #t~ret42#1 := getEmailTo(~msg#1); {5759#false} is VALID [2022-02-20 17:55:21,815 INFO L290 TraceCheckUtils]: 67: Hoare triple {5759#false} ~handle := #in~handle;havoc ~retValue_acc~28; {5759#false} is VALID [2022-02-20 17:55:21,815 INFO L290 TraceCheckUtils]: 68: Hoare triple {5759#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {5759#false} is VALID [2022-02-20 17:55:21,816 INFO L290 TraceCheckUtils]: 69: Hoare triple {5759#false} assume true; {5759#false} is VALID [2022-02-20 17:55:21,816 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {5759#false} {5759#false} #781#return; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 71: Hoare triple {5759#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 72: Hoare triple {5759#false} assume 1 == findPublicKey_~handle#1; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 73: Hoare triple {5759#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 74: Hoare triple {5759#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 75: Hoare triple {5759#false} assume !(0 != ~pubkey~0#1); {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 76: Hoare triple {5759#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 77: Hoare triple {5759#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 78: Hoare triple {5759#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L272 TraceCheckUtils]: 79: Hoare triple {5759#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 80: Hoare triple {5759#false} ~handle := #in~handle;~value := #in~value; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 81: Hoare triple {5759#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 82: Hoare triple {5759#false} assume true; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5759#false} {5759#false} #787#return; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 84: Hoare triple {5759#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 85: Hoare triple {5759#false} assume !(-1 == ~mail_is_sensitive~0); {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L272 TraceCheckUtils]: 86: Hoare triple {5759#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 87: Hoare triple {5759#false} ~handle := #in~handle;havoc ~retValue_acc~31; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 88: Hoare triple {5759#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L290 TraceCheckUtils]: 89: Hoare triple {5759#false} assume true; {5759#false} is VALID [2022-02-20 17:55:21,817 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5759#false} {5759#false} #791#return; {5759#false} is VALID [2022-02-20 17:55:21,818 INFO L290 TraceCheckUtils]: 91: Hoare triple {5759#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {5759#false} is VALID [2022-02-20 17:55:21,818 INFO L290 TraceCheckUtils]: 92: Hoare triple {5759#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {5759#false} is VALID [2022-02-20 17:55:21,818 INFO L290 TraceCheckUtils]: 93: Hoare triple {5759#false} assume !false; {5759#false} is VALID [2022-02-20 17:55:21,818 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:55:21,818 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:21,818 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1293364597] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:21,818 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:21,818 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [8] total 11 [2022-02-20 17:55:21,818 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2006405593] [2022-02-20 17:55:21,818 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:21,819 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 94 [2022-02-20 17:55:21,819 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:21,819 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:21,895 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:21,895 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:55:21,896 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:21,896 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:55:21,896 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=88, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:55:21,896 INFO L87 Difference]: Start difference. First operand 300 states and 463 transitions. Second operand has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:22,618 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:22,618 INFO L93 Difference]: Finished difference Result 591 states and 916 transitions. [2022-02-20 17:55:22,618 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:55:22,618 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 94 [2022-02-20 17:55:22,618 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:22,618 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:22,625 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 760 transitions. [2022-02-20 17:55:22,625 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:22,632 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 760 transitions. [2022-02-20 17:55:22,632 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 760 transitions. [2022-02-20 17:55:23,136 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 760 edges. 760 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:23,143 INFO L225 Difference]: With dead ends: 591 [2022-02-20 17:55:23,143 INFO L226 Difference]: Without dead ends: 302 [2022-02-20 17:55:23,144 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 118 GetRequests, 108 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=26, Invalid=106, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:55:23,145 INFO L933 BasicCegarLoop]: 376 mSDtfsCounter, 117 mSDsluCounter, 992 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 137 SdHoareTripleChecker+Valid, 1368 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:23,145 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [137 Valid, 1368 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:23,146 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 302 states. [2022-02-20 17:55:23,215 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 302 to 302. [2022-02-20 17:55:23,215 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:23,216 INFO L82 GeneralOperation]: Start isEquivalent. First operand 302 states. Second operand has 302 states, 235 states have (on average 1.553191489361702) internal successors, (365), 239 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) [2022-02-20 17:55:23,217 INFO L74 IsIncluded]: Start isIncluded. First operand 302 states. Second operand has 302 states, 235 states have (on average 1.553191489361702) internal successors, (365), 239 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) [2022-02-20 17:55:23,217 INFO L87 Difference]: Start difference. First operand 302 states. Second operand has 302 states, 235 states have (on average 1.553191489361702) internal successors, (365), 239 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) [2022-02-20 17:55:23,225 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:23,225 INFO L93 Difference]: Finished difference Result 302 states and 466 transitions. [2022-02-20 17:55:23,225 INFO L276 IsEmpty]: Start isEmpty. Operand 302 states and 466 transitions. [2022-02-20 17:55:23,226 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:23,226 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:23,227 INFO L74 IsIncluded]: Start isIncluded. First operand has 302 states, 235 states have (on average 1.553191489361702) internal successors, (365), 239 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) Second operand 302 states. [2022-02-20 17:55:23,227 INFO L87 Difference]: Start difference. First operand has 302 states, 235 states have (on average 1.553191489361702) internal successors, (365), 239 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) Second operand 302 states. [2022-02-20 17:55:23,236 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:23,236 INFO L93 Difference]: Finished difference Result 302 states and 466 transitions. [2022-02-20 17:55:23,236 INFO L276 IsEmpty]: Start isEmpty. Operand 302 states and 466 transitions. [2022-02-20 17:55:23,238 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:23,238 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:23,238 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:23,238 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:23,239 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 302 states, 235 states have (on average 1.553191489361702) internal successors, (365), 239 states have internal predecessors, (365), 50 states have call successors, (50), 15 states have call predecessors, (50), 16 states have return successors, (51), 49 states have call predecessors, (51), 49 states have call successors, (51) [2022-02-20 17:55:23,248 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 302 states to 302 states and 466 transitions. [2022-02-20 17:55:23,248 INFO L78 Accepts]: Start accepts. Automaton has 302 states and 466 transitions. Word has length 94 [2022-02-20 17:55:23,248 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:23,248 INFO L470 AbstractCegarLoop]: Abstraction has 302 states and 466 transitions. [2022-02-20 17:55:23,249 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 16.25) internal successors, (65), 5 states have internal predecessors, (65), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:23,249 INFO L276 IsEmpty]: Start isEmpty. Operand 302 states and 466 transitions. [2022-02-20 17:55:23,250 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 96 [2022-02-20 17:55:23,250 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:23,250 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:23,281 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:23,470 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:23,470 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:23,471 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:23,471 INFO L85 PathProgramCache]: Analyzing trace with hash -1205446056, now seen corresponding path program 1 times [2022-02-20 17:55:23,471 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:23,471 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2145731469] [2022-02-20 17:55:23,471 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:23,471 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:23,495 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,526 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:23,527 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {8010#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,536 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,536 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7965#true} {7965#true} #815#return; {7965#true} is VALID [2022-02-20 17:55:23,542 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:23,543 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {8011#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,546 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,546 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7965#true} {7965#true} #817#return; {7965#true} is VALID [2022-02-20 17:55:23,546 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:23,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,561 INFO L290 TraceCheckUtils]: 0: Hoare triple {8010#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8012#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {8012#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {8012#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,562 INFO L290 TraceCheckUtils]: 2: Hoare triple {8012#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8013#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,562 INFO L290 TraceCheckUtils]: 3: Hoare triple {8013#(= 2 |setClientId_#in~handle|)} assume true; {8013#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,563 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8013#(= 2 |setClientId_#in~handle|)} {7975#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #819#return; {7981#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:23,563 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:23,564 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,578 INFO L290 TraceCheckUtils]: 0: Hoare triple {8011#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8014#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:23,578 INFO L290 TraceCheckUtils]: 1: Hoare triple {8014#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8015#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:23,578 INFO L290 TraceCheckUtils]: 2: Hoare triple {8015#(= |setClientPrivateKey_#in~handle| 1)} assume true; {8015#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:23,579 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8015#(= |setClientPrivateKey_#in~handle| 1)} {7981#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #821#return; {7966#false} is VALID [2022-02-20 17:55:23,579 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:55:23,581 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,583 INFO L290 TraceCheckUtils]: 0: Hoare triple {8010#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,583 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,583 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,583 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7965#true} {7966#false} #823#return; {7966#false} is VALID [2022-02-20 17:55:23,583 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:55:23,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,586 INFO L290 TraceCheckUtils]: 0: Hoare triple {8011#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,586 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,586 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,586 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7965#true} {7966#false} #825#return; {7966#false} is VALID [2022-02-20 17:55:23,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 17:55:23,594 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,595 INFO L290 TraceCheckUtils]: 0: Hoare triple {8016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,595 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,596 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,596 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7965#true} {7966#false} #811#return; {7966#false} is VALID [2022-02-20 17:55:23,596 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:55:23,596 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {7965#true} ~handle := #in~handle;havoc ~retValue_acc~28; {7965#true} is VALID [2022-02-20 17:55:23,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {7965#true} is VALID [2022-02-20 17:55:23,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,601 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7965#true} {7966#false} #781#return; {7966#false} is VALID [2022-02-20 17:55:23,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:55:23,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {8016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,604 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7965#true} {7966#false} #787#return; {7966#false} is VALID [2022-02-20 17:55:23,604 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:55:23,605 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,607 INFO L290 TraceCheckUtils]: 0: Hoare triple {7965#true} ~handle := #in~handle;havoc ~retValue_acc~31; {7965#true} is VALID [2022-02-20 17:55:23,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {7965#true} is VALID [2022-02-20 17:55:23,607 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,607 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7965#true} {7966#false} #791#return; {7966#false} is VALID [2022-02-20 17:55:23,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {7965#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {7965#true} is VALID [2022-02-20 17:55:23,608 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {7965#true} is VALID [2022-02-20 17:55:23,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7965#true} is VALID [2022-02-20 17:55:23,608 INFO L290 TraceCheckUtils]: 3: Hoare triple {7965#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {7965#true} is VALID [2022-02-20 17:55:23,608 INFO L290 TraceCheckUtils]: 4: Hoare triple {7965#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {7965#true} is VALID [2022-02-20 17:55:23,608 INFO L290 TraceCheckUtils]: 5: Hoare triple {7965#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7965#true} is VALID [2022-02-20 17:55:23,609 INFO L272 TraceCheckUtils]: 6: Hoare triple {7965#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8010#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,609 INFO L290 TraceCheckUtils]: 7: Hoare triple {8010#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,609 INFO L290 TraceCheckUtils]: 8: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,609 INFO L290 TraceCheckUtils]: 9: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,609 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7965#true} {7965#true} #815#return; {7965#true} is VALID [2022-02-20 17:55:23,609 INFO L290 TraceCheckUtils]: 11: Hoare triple {7965#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7965#true} is VALID [2022-02-20 17:55:23,609 INFO L272 TraceCheckUtils]: 12: Hoare triple {7965#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8011#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:23,610 INFO L290 TraceCheckUtils]: 13: Hoare triple {8011#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,610 INFO L290 TraceCheckUtils]: 14: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,610 INFO L290 TraceCheckUtils]: 15: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,610 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7965#true} {7965#true} #817#return; {7965#true} is VALID [2022-02-20 17:55:23,610 INFO L290 TraceCheckUtils]: 17: Hoare triple {7965#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7975#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:55:23,611 INFO L272 TraceCheckUtils]: 18: Hoare triple {7975#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8010#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,611 INFO L290 TraceCheckUtils]: 19: Hoare triple {8010#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8012#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,611 INFO L290 TraceCheckUtils]: 20: Hoare triple {8012#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {8012#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,612 INFO L290 TraceCheckUtils]: 21: Hoare triple {8012#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {8013#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,612 INFO L290 TraceCheckUtils]: 22: Hoare triple {8013#(= 2 |setClientId_#in~handle|)} assume true; {8013#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:23,612 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {8013#(= 2 |setClientId_#in~handle|)} {7975#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #819#return; {7981#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:23,613 INFO L290 TraceCheckUtils]: 24: Hoare triple {7981#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {7981#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:23,613 INFO L272 TraceCheckUtils]: 25: Hoare triple {7981#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8011#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:23,614 INFO L290 TraceCheckUtils]: 26: Hoare triple {8011#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8014#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:23,614 INFO L290 TraceCheckUtils]: 27: Hoare triple {8014#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8015#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:23,614 INFO L290 TraceCheckUtils]: 28: Hoare triple {8015#(= |setClientPrivateKey_#in~handle| 1)} assume true; {8015#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:23,615 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {8015#(= |setClientPrivateKey_#in~handle| 1)} {7981#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #821#return; {7966#false} is VALID [2022-02-20 17:55:23,615 INFO L290 TraceCheckUtils]: 30: Hoare triple {7966#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7966#false} is VALID [2022-02-20 17:55:23,615 INFO L272 TraceCheckUtils]: 31: Hoare triple {7966#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8010#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:23,615 INFO L290 TraceCheckUtils]: 32: Hoare triple {8010#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,615 INFO L290 TraceCheckUtils]: 33: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,615 INFO L290 TraceCheckUtils]: 34: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,616 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {7965#true} {7966#false} #823#return; {7966#false} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 36: Hoare triple {7966#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7966#false} is VALID [2022-02-20 17:55:23,616 INFO L272 TraceCheckUtils]: 37: Hoare triple {7966#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8011#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 38: Hoare triple {8011#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 39: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 40: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,616 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {7965#true} {7966#false} #825#return; {7966#false} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 42: Hoare triple {7966#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {7966#false} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 43: Hoare triple {7966#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7966#false} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 44: Hoare triple {7966#false} assume !false; {7966#false} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 45: Hoare triple {7966#false} assume test_~splverifierCounter~0#1 < 4; {7966#false} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 46: Hoare triple {7966#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7966#false} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 47: Hoare triple {7966#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {7966#false} is VALID [2022-02-20 17:55:23,616 INFO L290 TraceCheckUtils]: 48: Hoare triple {7966#false} assume !(0 != test_~tmp___9~0#1); {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 49: Hoare triple {7966#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 50: Hoare triple {7966#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 51: Hoare triple {7966#false} assume !false; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 52: Hoare triple {7966#false} assume !(test_~splverifierCounter~0#1 < 4); {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 53: Hoare triple {7966#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L272 TraceCheckUtils]: 54: Hoare triple {7966#false} call sendEmail(~bob~0, ~rjh~0); {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 55: Hoare triple {7966#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L272 TraceCheckUtils]: 56: Hoare triple {7966#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 57: Hoare triple {8016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 58: Hoare triple {7965#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 59: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,617 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {7965#true} {7966#false} #811#return; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 61: Hoare triple {7966#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 62: Hoare triple {7966#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 63: Hoare triple {7966#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 64: Hoare triple {7966#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L272 TraceCheckUtils]: 65: Hoare triple {7966#false} call outgoing(~sender#1, ~email~0#1); {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 66: Hoare triple {7966#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {7966#false} is VALID [2022-02-20 17:55:23,617 INFO L272 TraceCheckUtils]: 67: Hoare triple {7966#false} call #t~ret42#1 := getEmailTo(~msg#1); {7965#true} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 68: Hoare triple {7965#true} ~handle := #in~handle;havoc ~retValue_acc~28; {7965#true} is VALID [2022-02-20 17:55:23,617 INFO L290 TraceCheckUtils]: 69: Hoare triple {7965#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {7965#true} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 70: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,618 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {7965#true} {7966#false} #781#return; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 72: Hoare triple {7966#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 73: Hoare triple {7966#false} assume 1 == findPublicKey_~handle#1; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 74: Hoare triple {7966#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 75: Hoare triple {7966#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 76: Hoare triple {7966#false} assume !(0 != ~pubkey~0#1); {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 77: Hoare triple {7966#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 78: Hoare triple {7966#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 79: Hoare triple {7966#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L272 TraceCheckUtils]: 80: Hoare triple {7966#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {8016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 81: Hoare triple {8016#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 82: Hoare triple {7965#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 83: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,618 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {7965#true} {7966#false} #787#return; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 85: Hoare triple {7966#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 86: Hoare triple {7966#false} assume !(-1 == ~mail_is_sensitive~0); {7966#false} is VALID [2022-02-20 17:55:23,618 INFO L272 TraceCheckUtils]: 87: Hoare triple {7966#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {7965#true} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 88: Hoare triple {7965#true} ~handle := #in~handle;havoc ~retValue_acc~31; {7965#true} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 89: Hoare triple {7965#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {7965#true} is VALID [2022-02-20 17:55:23,618 INFO L290 TraceCheckUtils]: 90: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:23,619 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7965#true} {7966#false} #791#return; {7966#false} is VALID [2022-02-20 17:55:23,619 INFO L290 TraceCheckUtils]: 92: Hoare triple {7966#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {7966#false} is VALID [2022-02-20 17:55:23,619 INFO L290 TraceCheckUtils]: 93: Hoare triple {7966#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {7966#false} is VALID [2022-02-20 17:55:23,619 INFO L290 TraceCheckUtils]: 94: Hoare triple {7966#false} assume !false; {7966#false} is VALID [2022-02-20 17:55:23,619 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:55:23,619 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:23,619 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2145731469] [2022-02-20 17:55:23,619 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2145731469] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:23,619 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2015236942] [2022-02-20 17:55:23,619 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:23,619 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:23,620 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:23,620 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:23,621 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:55:23,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,792 INFO L263 TraceCheckSpWp]: Trace formula consists of 925 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:55:23,839 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:23,841 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:24,089 INFO L290 TraceCheckUtils]: 0: Hoare triple {7965#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {7965#true} is VALID [2022-02-20 17:55:24,089 INFO L290 TraceCheckUtils]: 1: Hoare triple {7965#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {7965#true} is VALID [2022-02-20 17:55:24,089 INFO L290 TraceCheckUtils]: 2: Hoare triple {7965#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7965#true} is VALID [2022-02-20 17:55:24,089 INFO L290 TraceCheckUtils]: 3: Hoare triple {7965#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {7965#true} is VALID [2022-02-20 17:55:24,089 INFO L290 TraceCheckUtils]: 4: Hoare triple {7965#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {7965#true} is VALID [2022-02-20 17:55:24,090 INFO L290 TraceCheckUtils]: 5: Hoare triple {7965#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7965#true} is VALID [2022-02-20 17:55:24,090 INFO L272 TraceCheckUtils]: 6: Hoare triple {7965#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7965#true} is VALID [2022-02-20 17:55:24,090 INFO L290 TraceCheckUtils]: 7: Hoare triple {7965#true} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:24,090 INFO L290 TraceCheckUtils]: 8: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:24,090 INFO L290 TraceCheckUtils]: 9: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:24,090 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7965#true} {7965#true} #815#return; {7965#true} is VALID [2022-02-20 17:55:24,090 INFO L290 TraceCheckUtils]: 11: Hoare triple {7965#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7965#true} is VALID [2022-02-20 17:55:24,090 INFO L272 TraceCheckUtils]: 12: Hoare triple {7965#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7965#true} is VALID [2022-02-20 17:55:24,091 INFO L290 TraceCheckUtils]: 13: Hoare triple {7965#true} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:24,091 INFO L290 TraceCheckUtils]: 14: Hoare triple {7965#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:24,091 INFO L290 TraceCheckUtils]: 15: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:24,091 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7965#true} {7965#true} #817#return; {7965#true} is VALID [2022-02-20 17:55:24,103 INFO L290 TraceCheckUtils]: 17: Hoare triple {7965#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8071#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:24,104 INFO L272 TraceCheckUtils]: 18: Hoare triple {8071#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7965#true} is VALID [2022-02-20 17:55:24,104 INFO L290 TraceCheckUtils]: 19: Hoare triple {7965#true} ~handle := #in~handle;~value := #in~value; {7965#true} is VALID [2022-02-20 17:55:24,104 INFO L290 TraceCheckUtils]: 20: Hoare triple {7965#true} assume !(1 == ~handle); {7965#true} is VALID [2022-02-20 17:55:24,104 INFO L290 TraceCheckUtils]: 21: Hoare triple {7965#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {7965#true} is VALID [2022-02-20 17:55:24,104 INFO L290 TraceCheckUtils]: 22: Hoare triple {7965#true} assume true; {7965#true} is VALID [2022-02-20 17:55:24,105 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {7965#true} {8071#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #819#return; {8071#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:24,105 INFO L290 TraceCheckUtils]: 24: Hoare triple {8071#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {8071#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:24,105 INFO L272 TraceCheckUtils]: 25: Hoare triple {8071#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7965#true} is VALID [2022-02-20 17:55:24,105 INFO L290 TraceCheckUtils]: 26: Hoare triple {7965#true} ~handle := #in~handle;~value := #in~value; {8099#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:55:24,106 INFO L290 TraceCheckUtils]: 27: Hoare triple {8099#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8103#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:24,106 INFO L290 TraceCheckUtils]: 28: Hoare triple {8103#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {8103#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:24,106 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {8103#(<= |setClientPrivateKey_#in~handle| 1)} {8071#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #821#return; {7966#false} is VALID [2022-02-20 17:55:24,107 INFO L290 TraceCheckUtils]: 30: Hoare triple {7966#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7966#false} is VALID [2022-02-20 17:55:24,107 INFO L272 TraceCheckUtils]: 31: Hoare triple {7966#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7966#false} is VALID [2022-02-20 17:55:24,107 INFO L290 TraceCheckUtils]: 32: Hoare triple {7966#false} ~handle := #in~handle;~value := #in~value; {7966#false} is VALID [2022-02-20 17:55:24,107 INFO L290 TraceCheckUtils]: 33: Hoare triple {7966#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7966#false} is VALID [2022-02-20 17:55:24,107 INFO L290 TraceCheckUtils]: 34: Hoare triple {7966#false} assume true; {7966#false} is VALID [2022-02-20 17:55:24,107 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {7966#false} {7966#false} #823#return; {7966#false} is VALID [2022-02-20 17:55:24,107 INFO L290 TraceCheckUtils]: 36: Hoare triple {7966#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7966#false} is VALID [2022-02-20 17:55:24,107 INFO L272 TraceCheckUtils]: 37: Hoare triple {7966#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7966#false} is VALID [2022-02-20 17:55:24,107 INFO L290 TraceCheckUtils]: 38: Hoare triple {7966#false} ~handle := #in~handle;~value := #in~value; {7966#false} is VALID [2022-02-20 17:55:24,108 INFO L290 TraceCheckUtils]: 39: Hoare triple {7966#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7966#false} is VALID [2022-02-20 17:55:24,108 INFO L290 TraceCheckUtils]: 40: Hoare triple {7966#false} assume true; {7966#false} is VALID [2022-02-20 17:55:24,108 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {7966#false} {7966#false} #825#return; {7966#false} is VALID [2022-02-20 17:55:24,108 INFO L290 TraceCheckUtils]: 42: Hoare triple {7966#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {7966#false} is VALID [2022-02-20 17:55:24,108 INFO L290 TraceCheckUtils]: 43: Hoare triple {7966#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7966#false} is VALID [2022-02-20 17:55:24,108 INFO L290 TraceCheckUtils]: 44: Hoare triple {7966#false} assume !false; {7966#false} is VALID [2022-02-20 17:55:24,108 INFO L290 TraceCheckUtils]: 45: Hoare triple {7966#false} assume test_~splverifierCounter~0#1 < 4; {7966#false} is VALID [2022-02-20 17:55:24,108 INFO L290 TraceCheckUtils]: 46: Hoare triple {7966#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7966#false} is VALID [2022-02-20 17:55:24,108 INFO L290 TraceCheckUtils]: 47: Hoare triple {7966#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {7966#false} is VALID [2022-02-20 17:55:24,109 INFO L290 TraceCheckUtils]: 48: Hoare triple {7966#false} assume !(0 != test_~tmp___9~0#1); {7966#false} is VALID [2022-02-20 17:55:24,109 INFO L290 TraceCheckUtils]: 49: Hoare triple {7966#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {7966#false} is VALID [2022-02-20 17:55:24,109 INFO L290 TraceCheckUtils]: 50: Hoare triple {7966#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7966#false} is VALID [2022-02-20 17:55:24,109 INFO L290 TraceCheckUtils]: 51: Hoare triple {7966#false} assume !false; {7966#false} is VALID [2022-02-20 17:55:24,109 INFO L290 TraceCheckUtils]: 52: Hoare triple {7966#false} assume !(test_~splverifierCounter~0#1 < 4); {7966#false} is VALID [2022-02-20 17:55:24,109 INFO L290 TraceCheckUtils]: 53: Hoare triple {7966#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {7966#false} is VALID [2022-02-20 17:55:24,109 INFO L272 TraceCheckUtils]: 54: Hoare triple {7966#false} call sendEmail(~bob~0, ~rjh~0); {7966#false} is VALID [2022-02-20 17:55:24,109 INFO L290 TraceCheckUtils]: 55: Hoare triple {7966#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7966#false} is VALID [2022-02-20 17:55:24,109 INFO L272 TraceCheckUtils]: 56: Hoare triple {7966#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7966#false} is VALID [2022-02-20 17:55:24,110 INFO L290 TraceCheckUtils]: 57: Hoare triple {7966#false} ~handle := #in~handle;~value := #in~value; {7966#false} is VALID [2022-02-20 17:55:24,110 INFO L290 TraceCheckUtils]: 58: Hoare triple {7966#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7966#false} is VALID [2022-02-20 17:55:24,110 INFO L290 TraceCheckUtils]: 59: Hoare triple {7966#false} assume true; {7966#false} is VALID [2022-02-20 17:55:24,110 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {7966#false} {7966#false} #811#return; {7966#false} is VALID [2022-02-20 17:55:24,110 INFO L290 TraceCheckUtils]: 61: Hoare triple {7966#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {7966#false} is VALID [2022-02-20 17:55:24,110 INFO L290 TraceCheckUtils]: 62: Hoare triple {7966#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {7966#false} is VALID [2022-02-20 17:55:24,110 INFO L290 TraceCheckUtils]: 63: Hoare triple {7966#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {7966#false} is VALID [2022-02-20 17:55:24,110 INFO L290 TraceCheckUtils]: 64: Hoare triple {7966#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L272 TraceCheckUtils]: 65: Hoare triple {7966#false} call outgoing(~sender#1, ~email~0#1); {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L290 TraceCheckUtils]: 66: Hoare triple {7966#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L272 TraceCheckUtils]: 67: Hoare triple {7966#false} call #t~ret42#1 := getEmailTo(~msg#1); {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L290 TraceCheckUtils]: 68: Hoare triple {7966#false} ~handle := #in~handle;havoc ~retValue_acc~28; {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L290 TraceCheckUtils]: 69: Hoare triple {7966#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L290 TraceCheckUtils]: 70: Hoare triple {7966#false} assume true; {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {7966#false} {7966#false} #781#return; {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L290 TraceCheckUtils]: 72: Hoare triple {7966#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L290 TraceCheckUtils]: 73: Hoare triple {7966#false} assume 1 == findPublicKey_~handle#1; {7966#false} is VALID [2022-02-20 17:55:24,111 INFO L290 TraceCheckUtils]: 74: Hoare triple {7966#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {7966#false} is VALID [2022-02-20 17:55:24,112 INFO L290 TraceCheckUtils]: 75: Hoare triple {7966#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {7966#false} is VALID [2022-02-20 17:55:24,112 INFO L290 TraceCheckUtils]: 76: Hoare triple {7966#false} assume !(0 != ~pubkey~0#1); {7966#false} is VALID [2022-02-20 17:55:24,112 INFO L290 TraceCheckUtils]: 77: Hoare triple {7966#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {7966#false} is VALID [2022-02-20 17:55:24,112 INFO L290 TraceCheckUtils]: 78: Hoare triple {7966#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {7966#false} is VALID [2022-02-20 17:55:24,112 INFO L290 TraceCheckUtils]: 79: Hoare triple {7966#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {7966#false} is VALID [2022-02-20 17:55:24,112 INFO L272 TraceCheckUtils]: 80: Hoare triple {7966#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {7966#false} is VALID [2022-02-20 17:55:24,112 INFO L290 TraceCheckUtils]: 81: Hoare triple {7966#false} ~handle := #in~handle;~value := #in~value; {7966#false} is VALID [2022-02-20 17:55:24,112 INFO L290 TraceCheckUtils]: 82: Hoare triple {7966#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7966#false} is VALID [2022-02-20 17:55:24,112 INFO L290 TraceCheckUtils]: 83: Hoare triple {7966#false} assume true; {7966#false} is VALID [2022-02-20 17:55:24,113 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {7966#false} {7966#false} #787#return; {7966#false} is VALID [2022-02-20 17:55:24,113 INFO L290 TraceCheckUtils]: 85: Hoare triple {7966#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {7966#false} is VALID [2022-02-20 17:55:24,113 INFO L290 TraceCheckUtils]: 86: Hoare triple {7966#false} assume !(-1 == ~mail_is_sensitive~0); {7966#false} is VALID [2022-02-20 17:55:24,113 INFO L272 TraceCheckUtils]: 87: Hoare triple {7966#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {7966#false} is VALID [2022-02-20 17:55:24,113 INFO L290 TraceCheckUtils]: 88: Hoare triple {7966#false} ~handle := #in~handle;havoc ~retValue_acc~31; {7966#false} is VALID [2022-02-20 17:55:24,113 INFO L290 TraceCheckUtils]: 89: Hoare triple {7966#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {7966#false} is VALID [2022-02-20 17:55:24,113 INFO L290 TraceCheckUtils]: 90: Hoare triple {7966#false} assume true; {7966#false} is VALID [2022-02-20 17:55:24,114 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7966#false} {7966#false} #791#return; {7966#false} is VALID [2022-02-20 17:55:24,114 INFO L290 TraceCheckUtils]: 92: Hoare triple {7966#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {7966#false} is VALID [2022-02-20 17:55:24,114 INFO L290 TraceCheckUtils]: 93: Hoare triple {7966#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {7966#false} is VALID [2022-02-20 17:55:24,114 INFO L290 TraceCheckUtils]: 94: Hoare triple {7966#false} assume !false; {7966#false} is VALID [2022-02-20 17:55:24,114 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:55:24,114 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:24,115 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2015236942] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:24,115 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:24,115 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [11] total 14 [2022-02-20 17:55:24,115 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1481493469] [2022-02-20 17:55:24,115 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:24,116 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) Word has length 95 [2022-02-20 17:55:24,116 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:24,116 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:24,174 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 89 edges. 89 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:24,174 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:55:24,174 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:24,174 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:55:24,174 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=28, Invalid=154, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:55:24,175 INFO L87 Difference]: Start difference. First operand 302 states and 466 transitions. Second operand has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:24,857 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:24,857 INFO L93 Difference]: Finished difference Result 593 states and 921 transitions. [2022-02-20 17:55:24,857 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:55:24,858 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) Word has length 95 [2022-02-20 17:55:24,858 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:24,858 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:24,863 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 759 transitions. [2022-02-20 17:55:24,864 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:24,869 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 759 transitions. [2022-02-20 17:55:24,869 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 759 transitions. [2022-02-20 17:55:25,312 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 759 edges. 759 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:25,320 INFO L225 Difference]: With dead ends: 593 [2022-02-20 17:55:25,320 INFO L226 Difference]: Without dead ends: 304 [2022-02-20 17:55:25,321 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 121 GetRequests, 108 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=32, Invalid=178, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:55:25,322 INFO L933 BasicCegarLoop]: 374 mSDtfsCounter, 116 mSDsluCounter, 983 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 136 SdHoareTripleChecker+Valid, 1357 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:25,322 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [136 Valid, 1357 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:25,323 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 304 states. [2022-02-20 17:55:25,411 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 304 to 304. [2022-02-20 17:55:25,411 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:25,412 INFO L82 GeneralOperation]: Start isEquivalent. First operand 304 states. Second operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 17:55:25,413 INFO L74 IsIncluded]: Start isIncluded. First operand 304 states. Second operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 17:55:25,413 INFO L87 Difference]: Start difference. First operand 304 states. Second operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 17:55:25,421 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:25,422 INFO L93 Difference]: Finished difference Result 304 states and 472 transitions. [2022-02-20 17:55:25,422 INFO L276 IsEmpty]: Start isEmpty. Operand 304 states and 472 transitions. [2022-02-20 17:55:25,423 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:25,423 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:25,424 INFO L74 IsIncluded]: Start isIncluded. First operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) Second operand 304 states. [2022-02-20 17:55:25,425 INFO L87 Difference]: Start difference. First operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) Second operand 304 states. [2022-02-20 17:55:25,432 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:25,432 INFO L93 Difference]: Finished difference Result 304 states and 472 transitions. [2022-02-20 17:55:25,432 INFO L276 IsEmpty]: Start isEmpty. Operand 304 states and 472 transitions. [2022-02-20 17:55:25,434 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:25,434 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:25,434 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:25,434 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:25,435 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 17:55:25,444 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 304 states to 304 states and 472 transitions. [2022-02-20 17:55:25,444 INFO L78 Accepts]: Start accepts. Automaton has 304 states and 472 transitions. Word has length 95 [2022-02-20 17:55:25,445 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:25,447 INFO L470 AbstractCegarLoop]: Abstraction has 304 states and 472 transitions. [2022-02-20 17:55:25,447 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 13.4) internal successors, (67), 5 states have internal predecessors, (67), 3 states have call successors, (12), 2 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:25,447 INFO L276 IsEmpty]: Start isEmpty. Operand 304 states and 472 transitions. [2022-02-20 17:55:25,448 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 97 [2022-02-20 17:55:25,448 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:25,449 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:25,473 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:25,663 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:25,663 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:25,664 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:25,664 INFO L85 PathProgramCache]: Analyzing trace with hash 658475617, now seen corresponding path program 1 times [2022-02-20 17:55:25,664 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:25,664 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1614064257] [2022-02-20 17:55:25,664 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:25,664 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:25,691 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:25,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,732 INFO L290 TraceCheckUtils]: 0: Hoare triple {10230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,732 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,732 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,732 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10185#true} {10185#true} #815#return; {10185#true} is VALID [2022-02-20 17:55:25,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:25,738 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,741 INFO L290 TraceCheckUtils]: 0: Hoare triple {10231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,741 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,741 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,741 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10185#true} {10185#true} #817#return; {10185#true} is VALID [2022-02-20 17:55:25,742 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:25,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,745 INFO L290 TraceCheckUtils]: 0: Hoare triple {10230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,745 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume !(1 == ~handle); {10185#true} is VALID [2022-02-20 17:55:25,745 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,745 INFO L290 TraceCheckUtils]: 3: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,746 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10185#true} {10185#true} #819#return; {10185#true} is VALID [2022-02-20 17:55:25,746 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:25,747 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {10231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume !(1 == ~handle); {10185#true} is VALID [2022-02-20 17:55:25,749 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,749 INFO L290 TraceCheckUtils]: 3: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,749 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10185#true} {10185#true} #821#return; {10185#true} is VALID [2022-02-20 17:55:25,749 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:25,751 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,762 INFO L290 TraceCheckUtils]: 0: Hoare triple {10230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10232#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:25,762 INFO L290 TraceCheckUtils]: 1: Hoare triple {10232#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10233#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:25,762 INFO L290 TraceCheckUtils]: 2: Hoare triple {10233#(= |setClientId_#in~handle| 1)} assume true; {10233#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:25,763 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10233#(= |setClientId_#in~handle| 1)} {10205#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #823#return; {10186#false} is VALID [2022-02-20 17:55:25,763 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:25,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,767 INFO L290 TraceCheckUtils]: 0: Hoare triple {10231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,767 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10185#true} {10186#false} #825#return; {10186#false} is VALID [2022-02-20 17:55:25,772 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:55:25,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {10234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,775 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,775 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,775 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10185#true} {10186#false} #811#return; {10186#false} is VALID [2022-02-20 17:55:25,775 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:55:25,776 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,777 INFO L290 TraceCheckUtils]: 0: Hoare triple {10185#true} ~handle := #in~handle;havoc ~retValue_acc~28; {10185#true} is VALID [2022-02-20 17:55:25,778 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {10185#true} is VALID [2022-02-20 17:55:25,778 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,778 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10185#true} {10186#false} #781#return; {10186#false} is VALID [2022-02-20 17:55:25,778 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:55:25,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,781 INFO L290 TraceCheckUtils]: 0: Hoare triple {10234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,781 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,781 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,781 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10185#true} {10186#false} #787#return; {10186#false} is VALID [2022-02-20 17:55:25,782 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:55:25,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:25,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {10185#true} ~handle := #in~handle;havoc ~retValue_acc~31; {10185#true} is VALID [2022-02-20 17:55:25,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {10185#true} is VALID [2022-02-20 17:55:25,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,784 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10185#true} {10186#false} #791#return; {10186#false} is VALID [2022-02-20 17:55:25,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {10185#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {10185#true} is VALID [2022-02-20 17:55:25,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {10185#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {10185#true} is VALID [2022-02-20 17:55:25,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {10185#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10185#true} is VALID [2022-02-20 17:55:25,784 INFO L290 TraceCheckUtils]: 3: Hoare triple {10185#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {10185#true} is VALID [2022-02-20 17:55:25,785 INFO L290 TraceCheckUtils]: 4: Hoare triple {10185#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {10185#true} is VALID [2022-02-20 17:55:25,785 INFO L290 TraceCheckUtils]: 5: Hoare triple {10185#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10185#true} is VALID [2022-02-20 17:55:25,785 INFO L272 TraceCheckUtils]: 6: Hoare triple {10185#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:25,785 INFO L290 TraceCheckUtils]: 7: Hoare triple {10230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,785 INFO L290 TraceCheckUtils]: 8: Hoare triple {10185#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,785 INFO L290 TraceCheckUtils]: 9: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,786 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10185#true} {10185#true} #815#return; {10185#true} is VALID [2022-02-20 17:55:25,786 INFO L290 TraceCheckUtils]: 11: Hoare triple {10185#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10185#true} is VALID [2022-02-20 17:55:25,786 INFO L272 TraceCheckUtils]: 12: Hoare triple {10185#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:25,786 INFO L290 TraceCheckUtils]: 13: Hoare triple {10231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,786 INFO L290 TraceCheckUtils]: 14: Hoare triple {10185#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,787 INFO L290 TraceCheckUtils]: 15: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,787 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10185#true} {10185#true} #817#return; {10185#true} is VALID [2022-02-20 17:55:25,787 INFO L290 TraceCheckUtils]: 17: Hoare triple {10185#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10185#true} is VALID [2022-02-20 17:55:25,787 INFO L272 TraceCheckUtils]: 18: Hoare triple {10185#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:25,787 INFO L290 TraceCheckUtils]: 19: Hoare triple {10230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,787 INFO L290 TraceCheckUtils]: 20: Hoare triple {10185#true} assume !(1 == ~handle); {10185#true} is VALID [2022-02-20 17:55:25,788 INFO L290 TraceCheckUtils]: 21: Hoare triple {10185#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,788 INFO L290 TraceCheckUtils]: 22: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,788 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10185#true} {10185#true} #819#return; {10185#true} is VALID [2022-02-20 17:55:25,788 INFO L290 TraceCheckUtils]: 24: Hoare triple {10185#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {10185#true} is VALID [2022-02-20 17:55:25,788 INFO L272 TraceCheckUtils]: 25: Hoare triple {10185#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:25,789 INFO L290 TraceCheckUtils]: 26: Hoare triple {10231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,789 INFO L290 TraceCheckUtils]: 27: Hoare triple {10185#true} assume !(1 == ~handle); {10185#true} is VALID [2022-02-20 17:55:25,789 INFO L290 TraceCheckUtils]: 28: Hoare triple {10185#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,789 INFO L290 TraceCheckUtils]: 29: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,789 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {10185#true} {10185#true} #821#return; {10185#true} is VALID [2022-02-20 17:55:25,789 INFO L290 TraceCheckUtils]: 31: Hoare triple {10185#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10205#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:55:25,790 INFO L272 TraceCheckUtils]: 32: Hoare triple {10205#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:25,790 INFO L290 TraceCheckUtils]: 33: Hoare triple {10230#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10232#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:25,790 INFO L290 TraceCheckUtils]: 34: Hoare triple {10232#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10233#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:25,791 INFO L290 TraceCheckUtils]: 35: Hoare triple {10233#(= |setClientId_#in~handle| 1)} assume true; {10233#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:25,791 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {10233#(= |setClientId_#in~handle| 1)} {10205#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #823#return; {10186#false} is VALID [2022-02-20 17:55:25,791 INFO L290 TraceCheckUtils]: 37: Hoare triple {10186#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10186#false} is VALID [2022-02-20 17:55:25,791 INFO L272 TraceCheckUtils]: 38: Hoare triple {10186#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:25,792 INFO L290 TraceCheckUtils]: 39: Hoare triple {10231#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,792 INFO L290 TraceCheckUtils]: 40: Hoare triple {10185#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,792 INFO L290 TraceCheckUtils]: 41: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,792 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {10185#true} {10186#false} #825#return; {10186#false} is VALID [2022-02-20 17:55:25,792 INFO L290 TraceCheckUtils]: 43: Hoare triple {10186#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {10186#false} is VALID [2022-02-20 17:55:25,792 INFO L290 TraceCheckUtils]: 44: Hoare triple {10186#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10186#false} is VALID [2022-02-20 17:55:25,792 INFO L290 TraceCheckUtils]: 45: Hoare triple {10186#false} assume !false; {10186#false} is VALID [2022-02-20 17:55:25,792 INFO L290 TraceCheckUtils]: 46: Hoare triple {10186#false} assume test_~splverifierCounter~0#1 < 4; {10186#false} is VALID [2022-02-20 17:55:25,792 INFO L290 TraceCheckUtils]: 47: Hoare triple {10186#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L290 TraceCheckUtils]: 48: Hoare triple {10186#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L290 TraceCheckUtils]: 49: Hoare triple {10186#false} assume !(0 != test_~tmp___9~0#1); {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L290 TraceCheckUtils]: 50: Hoare triple {10186#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L290 TraceCheckUtils]: 51: Hoare triple {10186#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L290 TraceCheckUtils]: 52: Hoare triple {10186#false} assume !false; {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L290 TraceCheckUtils]: 53: Hoare triple {10186#false} assume !(test_~splverifierCounter~0#1 < 4); {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L290 TraceCheckUtils]: 54: Hoare triple {10186#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L272 TraceCheckUtils]: 55: Hoare triple {10186#false} call sendEmail(~bob~0, ~rjh~0); {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L290 TraceCheckUtils]: 56: Hoare triple {10186#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10186#false} is VALID [2022-02-20 17:55:25,793 INFO L272 TraceCheckUtils]: 57: Hoare triple {10186#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:25,794 INFO L290 TraceCheckUtils]: 58: Hoare triple {10234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,794 INFO L290 TraceCheckUtils]: 59: Hoare triple {10185#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,794 INFO L290 TraceCheckUtils]: 60: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,794 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {10185#true} {10186#false} #811#return; {10186#false} is VALID [2022-02-20 17:55:25,794 INFO L290 TraceCheckUtils]: 62: Hoare triple {10186#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {10186#false} is VALID [2022-02-20 17:55:25,794 INFO L290 TraceCheckUtils]: 63: Hoare triple {10186#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {10186#false} is VALID [2022-02-20 17:55:25,794 INFO L290 TraceCheckUtils]: 64: Hoare triple {10186#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {10186#false} is VALID [2022-02-20 17:55:25,794 INFO L290 TraceCheckUtils]: 65: Hoare triple {10186#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {10186#false} is VALID [2022-02-20 17:55:25,794 INFO L272 TraceCheckUtils]: 66: Hoare triple {10186#false} call outgoing(~sender#1, ~email~0#1); {10186#false} is VALID [2022-02-20 17:55:25,795 INFO L290 TraceCheckUtils]: 67: Hoare triple {10186#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {10186#false} is VALID [2022-02-20 17:55:25,795 INFO L272 TraceCheckUtils]: 68: Hoare triple {10186#false} call #t~ret42#1 := getEmailTo(~msg#1); {10185#true} is VALID [2022-02-20 17:55:25,795 INFO L290 TraceCheckUtils]: 69: Hoare triple {10185#true} ~handle := #in~handle;havoc ~retValue_acc~28; {10185#true} is VALID [2022-02-20 17:55:25,795 INFO L290 TraceCheckUtils]: 70: Hoare triple {10185#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {10185#true} is VALID [2022-02-20 17:55:25,795 INFO L290 TraceCheckUtils]: 71: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,795 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {10185#true} {10186#false} #781#return; {10186#false} is VALID [2022-02-20 17:55:25,795 INFO L290 TraceCheckUtils]: 73: Hoare triple {10186#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {10186#false} is VALID [2022-02-20 17:55:25,795 INFO L290 TraceCheckUtils]: 74: Hoare triple {10186#false} assume 1 == findPublicKey_~handle#1; {10186#false} is VALID [2022-02-20 17:55:25,795 INFO L290 TraceCheckUtils]: 75: Hoare triple {10186#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {10186#false} is VALID [2022-02-20 17:55:25,796 INFO L290 TraceCheckUtils]: 76: Hoare triple {10186#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {10186#false} is VALID [2022-02-20 17:55:25,796 INFO L290 TraceCheckUtils]: 77: Hoare triple {10186#false} assume !(0 != ~pubkey~0#1); {10186#false} is VALID [2022-02-20 17:55:25,796 INFO L290 TraceCheckUtils]: 78: Hoare triple {10186#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {10186#false} is VALID [2022-02-20 17:55:25,796 INFO L290 TraceCheckUtils]: 79: Hoare triple {10186#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {10186#false} is VALID [2022-02-20 17:55:25,796 INFO L290 TraceCheckUtils]: 80: Hoare triple {10186#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {10186#false} is VALID [2022-02-20 17:55:25,796 INFO L272 TraceCheckUtils]: 81: Hoare triple {10186#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {10234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:25,796 INFO L290 TraceCheckUtils]: 82: Hoare triple {10234#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10185#true} is VALID [2022-02-20 17:55:25,796 INFO L290 TraceCheckUtils]: 83: Hoare triple {10185#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10185#true} is VALID [2022-02-20 17:55:25,796 INFO L290 TraceCheckUtils]: 84: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,797 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {10185#true} {10186#false} #787#return; {10186#false} is VALID [2022-02-20 17:55:25,797 INFO L290 TraceCheckUtils]: 86: Hoare triple {10186#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {10186#false} is VALID [2022-02-20 17:55:25,797 INFO L290 TraceCheckUtils]: 87: Hoare triple {10186#false} assume !(-1 == ~mail_is_sensitive~0); {10186#false} is VALID [2022-02-20 17:55:25,797 INFO L272 TraceCheckUtils]: 88: Hoare triple {10186#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {10185#true} is VALID [2022-02-20 17:55:25,797 INFO L290 TraceCheckUtils]: 89: Hoare triple {10185#true} ~handle := #in~handle;havoc ~retValue_acc~31; {10185#true} is VALID [2022-02-20 17:55:25,797 INFO L290 TraceCheckUtils]: 90: Hoare triple {10185#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {10185#true} is VALID [2022-02-20 17:55:25,797 INFO L290 TraceCheckUtils]: 91: Hoare triple {10185#true} assume true; {10185#true} is VALID [2022-02-20 17:55:25,797 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {10185#true} {10186#false} #791#return; {10186#false} is VALID [2022-02-20 17:55:25,797 INFO L290 TraceCheckUtils]: 93: Hoare triple {10186#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {10186#false} is VALID [2022-02-20 17:55:25,798 INFO L290 TraceCheckUtils]: 94: Hoare triple {10186#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {10186#false} is VALID [2022-02-20 17:55:25,798 INFO L290 TraceCheckUtils]: 95: Hoare triple {10186#false} assume !false; {10186#false} is VALID [2022-02-20 17:55:25,798 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:25,798 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:25,798 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1614064257] [2022-02-20 17:55:25,798 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1614064257] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:25,798 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:25,798 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 17:55:25,799 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1756696786] [2022-02-20 17:55:25,799 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:25,799 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 96 [2022-02-20 17:55:25,799 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:25,800 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:25,847 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 85 edges. 85 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:25,847 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:55:25,847 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:25,848 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:55:25,848 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:55:25,849 INFO L87 Difference]: Start difference. First operand 304 states and 472 transitions. Second operand has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:29,097 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:29,097 INFO L93 Difference]: Finished difference Result 637 states and 995 transitions. [2022-02-20 17:55:29,097 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:55:29,098 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 96 [2022-02-20 17:55:29,098 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:29,098 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:29,103 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 825 transitions. [2022-02-20 17:55:29,104 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:29,109 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 825 transitions. [2022-02-20 17:55:29,110 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 825 transitions. [2022-02-20 17:55:29,736 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 825 edges. 825 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:29,744 INFO L225 Difference]: With dead ends: 637 [2022-02-20 17:55:29,744 INFO L226 Difference]: Without dead ends: 356 [2022-02-20 17:55:29,745 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:55:29,745 INFO L933 BasicCegarLoop]: 414 mSDtfsCounter, 673 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1168 mSolverCounterSat, 188 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 690 SdHoareTripleChecker+Valid, 1065 SdHoareTripleChecker+Invalid, 1356 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 188 IncrementalHoareTripleChecker+Valid, 1168 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.4s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:29,746 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [690 Valid, 1065 Invalid, 1356 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [188 Valid, 1168 Invalid, 0 Unknown, 0 Unchecked, 1.4s Time] [2022-02-20 17:55:29,746 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 356 states. [2022-02-20 17:55:29,839 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 356 to 304. [2022-02-20 17:55:29,840 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:29,840 INFO L82 GeneralOperation]: Start isEquivalent. First operand 356 states. Second operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) [2022-02-20 17:55:29,841 INFO L74 IsIncluded]: Start isIncluded. First operand 356 states. Second operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) [2022-02-20 17:55:29,842 INFO L87 Difference]: Start difference. First operand 356 states. Second operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) [2022-02-20 17:55:29,850 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:29,850 INFO L93 Difference]: Finished difference Result 356 states and 554 transitions. [2022-02-20 17:55:29,851 INFO L276 IsEmpty]: Start isEmpty. Operand 356 states and 554 transitions. [2022-02-20 17:55:29,852 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:29,852 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:29,853 INFO L74 IsIncluded]: Start isIncluded. First operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) Second operand 356 states. [2022-02-20 17:55:29,853 INFO L87 Difference]: Start difference. First operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) Second operand 356 states. [2022-02-20 17:55:29,863 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:29,863 INFO L93 Difference]: Finished difference Result 356 states and 554 transitions. [2022-02-20 17:55:29,863 INFO L276 IsEmpty]: Start isEmpty. Operand 356 states and 554 transitions. [2022-02-20 17:55:29,864 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:29,864 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:29,865 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:29,865 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:29,865 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 304 states, 236 states have (on average 1.5508474576271187) internal successors, (366), 241 states have internal predecessors, (366), 50 states have call successors, (50), 15 states have call predecessors, (50), 17 states have return successors, (55), 49 states have call predecessors, (55), 49 states have call successors, (55) [2022-02-20 17:55:29,873 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 304 states to 304 states and 471 transitions. [2022-02-20 17:55:29,873 INFO L78 Accepts]: Start accepts. Automaton has 304 states and 471 transitions. Word has length 96 [2022-02-20 17:55:29,873 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:29,873 INFO L470 AbstractCegarLoop]: Abstraction has 304 states and 471 transitions. [2022-02-20 17:55:29,873 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 9.0) internal successors, (63), 5 states have internal predecessors, (63), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:29,873 INFO L276 IsEmpty]: Start isEmpty. Operand 304 states and 471 transitions. [2022-02-20 17:55:29,874 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 98 [2022-02-20 17:55:29,874 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:29,874 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:29,875 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:55:29,875 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:29,875 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:29,875 INFO L85 PathProgramCache]: Analyzing trace with hash -1219216955, now seen corresponding path program 2 times [2022-02-20 17:55:29,875 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:29,875 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1136346178] [2022-02-20 17:55:29,875 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:29,875 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:29,899 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:29,935 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,938 INFO L290 TraceCheckUtils]: 0: Hoare triple {12342#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,938 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,938 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,938 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12296#true} {12296#true} #815#return; {12296#true} is VALID [2022-02-20 17:55:29,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:29,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {12343#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,946 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,946 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12296#true} {12296#true} #817#return; {12296#true} is VALID [2022-02-20 17:55:29,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:29,948 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,949 INFO L290 TraceCheckUtils]: 0: Hoare triple {12342#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,949 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume !(1 == ~handle); {12296#true} is VALID [2022-02-20 17:55:29,949 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,949 INFO L290 TraceCheckUtils]: 3: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,949 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12296#true} {12296#true} #819#return; {12296#true} is VALID [2022-02-20 17:55:29,950 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:29,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,954 INFO L290 TraceCheckUtils]: 0: Hoare triple {12343#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,954 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume !(1 == ~handle); {12296#true} is VALID [2022-02-20 17:55:29,954 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,954 INFO L290 TraceCheckUtils]: 3: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,954 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12296#true} {12296#true} #821#return; {12296#true} is VALID [2022-02-20 17:55:29,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:29,956 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {12342#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12344#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {12344#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12344#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {12344#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12345#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,969 INFO L290 TraceCheckUtils]: 3: Hoare triple {12345#(= 2 |setClientId_#in~handle|)} assume true; {12345#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,970 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12345#(= 2 |setClientId_#in~handle|)} {12316#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #823#return; {12297#false} is VALID [2022-02-20 17:55:29,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:55:29,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,974 INFO L290 TraceCheckUtils]: 0: Hoare triple {12343#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,974 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,974 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,974 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12296#true} {12297#false} #825#return; {12297#false} is VALID [2022-02-20 17:55:29,980 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:55:29,980 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,982 INFO L290 TraceCheckUtils]: 0: Hoare triple {12346#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,982 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,982 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12296#true} {12297#false} #811#return; {12297#false} is VALID [2022-02-20 17:55:29,982 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:55:29,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {12296#true} ~handle := #in~handle;havoc ~retValue_acc~28; {12296#true} is VALID [2022-02-20 17:55:29,985 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {12296#true} is VALID [2022-02-20 17:55:29,985 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,985 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12296#true} {12297#false} #781#return; {12297#false} is VALID [2022-02-20 17:55:29,985 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:55:29,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,988 INFO L290 TraceCheckUtils]: 0: Hoare triple {12346#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,988 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,988 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,988 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12296#true} {12297#false} #787#return; {12297#false} is VALID [2022-02-20 17:55:29,988 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:55:29,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {12296#true} ~handle := #in~handle;havoc ~retValue_acc~31; {12296#true} is VALID [2022-02-20 17:55:29,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {12296#true} is VALID [2022-02-20 17:55:29,991 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,991 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12296#true} {12297#false} #791#return; {12297#false} is VALID [2022-02-20 17:55:29,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {12296#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {12296#true} is VALID [2022-02-20 17:55:29,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {12296#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {12296#true} is VALID [2022-02-20 17:55:29,991 INFO L290 TraceCheckUtils]: 2: Hoare triple {12296#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12296#true} is VALID [2022-02-20 17:55:29,991 INFO L290 TraceCheckUtils]: 3: Hoare triple {12296#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {12296#true} is VALID [2022-02-20 17:55:29,991 INFO L290 TraceCheckUtils]: 4: Hoare triple {12296#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {12296#true} is VALID [2022-02-20 17:55:29,991 INFO L290 TraceCheckUtils]: 5: Hoare triple {12296#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12296#true} is VALID [2022-02-20 17:55:29,992 INFO L272 TraceCheckUtils]: 6: Hoare triple {12296#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12342#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:29,992 INFO L290 TraceCheckUtils]: 7: Hoare triple {12342#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,992 INFO L290 TraceCheckUtils]: 8: Hoare triple {12296#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,992 INFO L290 TraceCheckUtils]: 9: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,992 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12296#true} {12296#true} #815#return; {12296#true} is VALID [2022-02-20 17:55:29,992 INFO L290 TraceCheckUtils]: 11: Hoare triple {12296#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12296#true} is VALID [2022-02-20 17:55:29,992 INFO L272 TraceCheckUtils]: 12: Hoare triple {12296#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12343#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:29,992 INFO L290 TraceCheckUtils]: 13: Hoare triple {12343#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L290 TraceCheckUtils]: 14: Hoare triple {12296#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L290 TraceCheckUtils]: 15: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12296#true} {12296#true} #817#return; {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L290 TraceCheckUtils]: 17: Hoare triple {12296#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L272 TraceCheckUtils]: 18: Hoare triple {12296#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12342#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:29,993 INFO L290 TraceCheckUtils]: 19: Hoare triple {12342#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L290 TraceCheckUtils]: 20: Hoare triple {12296#true} assume !(1 == ~handle); {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L290 TraceCheckUtils]: 21: Hoare triple {12296#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L290 TraceCheckUtils]: 22: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12296#true} {12296#true} #819#return; {12296#true} is VALID [2022-02-20 17:55:29,993 INFO L290 TraceCheckUtils]: 24: Hoare triple {12296#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {12296#true} is VALID [2022-02-20 17:55:29,994 INFO L272 TraceCheckUtils]: 25: Hoare triple {12296#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12343#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:29,994 INFO L290 TraceCheckUtils]: 26: Hoare triple {12343#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,994 INFO L290 TraceCheckUtils]: 27: Hoare triple {12296#true} assume !(1 == ~handle); {12296#true} is VALID [2022-02-20 17:55:29,994 INFO L290 TraceCheckUtils]: 28: Hoare triple {12296#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,994 INFO L290 TraceCheckUtils]: 29: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,994 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {12296#true} {12296#true} #821#return; {12296#true} is VALID [2022-02-20 17:55:29,994 INFO L290 TraceCheckUtils]: 31: Hoare triple {12296#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12316#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:55:29,995 INFO L272 TraceCheckUtils]: 32: Hoare triple {12316#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12342#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:29,995 INFO L290 TraceCheckUtils]: 33: Hoare triple {12342#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12344#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,995 INFO L290 TraceCheckUtils]: 34: Hoare triple {12344#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12344#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,996 INFO L290 TraceCheckUtils]: 35: Hoare triple {12344#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12345#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,996 INFO L290 TraceCheckUtils]: 36: Hoare triple {12345#(= 2 |setClientId_#in~handle|)} assume true; {12345#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,996 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {12345#(= 2 |setClientId_#in~handle|)} {12316#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #823#return; {12297#false} is VALID [2022-02-20 17:55:29,996 INFO L290 TraceCheckUtils]: 38: Hoare triple {12297#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12297#false} is VALID [2022-02-20 17:55:29,996 INFO L272 TraceCheckUtils]: 39: Hoare triple {12297#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12343#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:29,996 INFO L290 TraceCheckUtils]: 40: Hoare triple {12343#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 41: Hoare triple {12296#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 42: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,997 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {12296#true} {12297#false} #825#return; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 44: Hoare triple {12297#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 45: Hoare triple {12297#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 46: Hoare triple {12297#false} assume !false; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 47: Hoare triple {12297#false} assume test_~splverifierCounter~0#1 < 4; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 48: Hoare triple {12297#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 49: Hoare triple {12297#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 50: Hoare triple {12297#false} assume !(0 != test_~tmp___9~0#1); {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 51: Hoare triple {12297#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 52: Hoare triple {12297#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 53: Hoare triple {12297#false} assume !false; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 54: Hoare triple {12297#false} assume !(test_~splverifierCounter~0#1 < 4); {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 55: Hoare triple {12297#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L272 TraceCheckUtils]: 56: Hoare triple {12297#false} call sendEmail(~bob~0, ~rjh~0); {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 57: Hoare triple {12297#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12297#false} is VALID [2022-02-20 17:55:29,997 INFO L272 TraceCheckUtils]: 58: Hoare triple {12297#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12346#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:29,997 INFO L290 TraceCheckUtils]: 59: Hoare triple {12346#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 60: Hoare triple {12296#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 61: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,998 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {12296#true} {12297#false} #811#return; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 63: Hoare triple {12297#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 64: Hoare triple {12297#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 65: Hoare triple {12297#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 66: Hoare triple {12297#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L272 TraceCheckUtils]: 67: Hoare triple {12297#false} call outgoing(~sender#1, ~email~0#1); {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 68: Hoare triple {12297#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L272 TraceCheckUtils]: 69: Hoare triple {12297#false} call #t~ret42#1 := getEmailTo(~msg#1); {12296#true} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 70: Hoare triple {12296#true} ~handle := #in~handle;havoc ~retValue_acc~28; {12296#true} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 71: Hoare triple {12296#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {12296#true} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 72: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,998 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {12296#true} {12297#false} #781#return; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 74: Hoare triple {12297#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 75: Hoare triple {12297#false} assume 1 == findPublicKey_~handle#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 76: Hoare triple {12297#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 77: Hoare triple {12297#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 78: Hoare triple {12297#false} assume !(0 != ~pubkey~0#1); {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 79: Hoare triple {12297#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {12297#false} is VALID [2022-02-20 17:55:29,998 INFO L290 TraceCheckUtils]: 80: Hoare triple {12297#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {12297#false} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 81: Hoare triple {12297#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {12297#false} is VALID [2022-02-20 17:55:29,999 INFO L272 TraceCheckUtils]: 82: Hoare triple {12297#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {12346#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 83: Hoare triple {12346#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12296#true} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 84: Hoare triple {12296#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12296#true} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 85: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,999 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {12296#true} {12297#false} #787#return; {12297#false} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 87: Hoare triple {12297#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {12297#false} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 88: Hoare triple {12297#false} assume !(-1 == ~mail_is_sensitive~0); {12297#false} is VALID [2022-02-20 17:55:29,999 INFO L272 TraceCheckUtils]: 89: Hoare triple {12297#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {12296#true} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 90: Hoare triple {12296#true} ~handle := #in~handle;havoc ~retValue_acc~31; {12296#true} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 91: Hoare triple {12296#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {12296#true} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 92: Hoare triple {12296#true} assume true; {12296#true} is VALID [2022-02-20 17:55:29,999 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {12296#true} {12297#false} #791#return; {12297#false} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 94: Hoare triple {12297#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {12297#false} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 95: Hoare triple {12297#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {12297#false} is VALID [2022-02-20 17:55:29,999 INFO L290 TraceCheckUtils]: 96: Hoare triple {12297#false} assume !false; {12297#false} is VALID [2022-02-20 17:55:29,999 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:30,000 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:30,000 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1136346178] [2022-02-20 17:55:30,000 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1136346178] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:30,000 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:30,000 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 17:55:30,000 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1125575063] [2022-02-20 17:55:30,000 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:30,001 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 97 [2022-02-20 17:55:30,001 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:30,001 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:30,051 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:30,051 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 17:55:30,051 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:30,052 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 17:55:30,052 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2022-02-20 17:55:30,052 INFO L87 Difference]: Start difference. First operand 304 states and 471 transitions. Second operand has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:33,201 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:33,201 INFO L93 Difference]: Finished difference Result 639 states and 998 transitions. [2022-02-20 17:55:33,201 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 17:55:33,201 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) Word has length 97 [2022-02-20 17:55:33,202 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:33,203 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:33,221 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 826 transitions. [2022-02-20 17:55:33,221 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:33,227 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 826 transitions. [2022-02-20 17:55:33,227 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 826 transitions. [2022-02-20 17:55:33,846 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 826 edges. 826 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:33,870 INFO L225 Difference]: With dead ends: 639 [2022-02-20 17:55:33,870 INFO L226 Difference]: Without dead ends: 358 [2022-02-20 17:55:33,871 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=132, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:55:33,872 INFO L933 BasicCegarLoop]: 415 mSDtfsCounter, 669 mSDsluCounter, 651 mSDsCounter, 0 mSdLazyCounter, 1177 mSolverCounterSat, 188 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 686 SdHoareTripleChecker+Valid, 1066 SdHoareTripleChecker+Invalid, 1365 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 188 IncrementalHoareTripleChecker+Valid, 1177 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:33,872 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [686 Valid, 1066 Invalid, 1365 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [188 Valid, 1177 Invalid, 0 Unknown, 0 Unchecked, 1.3s Time] [2022-02-20 17:55:33,873 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 358 states. [2022-02-20 17:55:33,941 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 358 to 306. [2022-02-20 17:55:33,941 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:33,942 INFO L82 GeneralOperation]: Start isEquivalent. First operand 358 states. Second operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) [2022-02-20 17:55:33,942 INFO L74 IsIncluded]: Start isIncluded. First operand 358 states. Second operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) [2022-02-20 17:55:33,943 INFO L87 Difference]: Start difference. First operand 358 states. Second operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) [2022-02-20 17:55:33,951 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:33,952 INFO L93 Difference]: Finished difference Result 358 states and 557 transitions. [2022-02-20 17:55:33,952 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 557 transitions. [2022-02-20 17:55:33,953 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:33,953 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:33,954 INFO L74 IsIncluded]: Start isIncluded. First operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) Second operand 358 states. [2022-02-20 17:55:33,954 INFO L87 Difference]: Start difference. First operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) Second operand 358 states. [2022-02-20 17:55:33,963 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:33,963 INFO L93 Difference]: Finished difference Result 358 states and 557 transitions. [2022-02-20 17:55:33,964 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 557 transitions. [2022-02-20 17:55:33,965 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:33,965 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:33,965 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:33,965 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:33,966 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (57), 49 states have call predecessors, (57), 49 states have call successors, (57) [2022-02-20 17:55:33,973 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 306 states to 306 states and 474 transitions. [2022-02-20 17:55:33,973 INFO L78 Accepts]: Start accepts. Automaton has 306 states and 474 transitions. Word has length 97 [2022-02-20 17:55:33,973 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:33,973 INFO L470 AbstractCegarLoop]: Abstraction has 306 states and 474 transitions. [2022-02-20 17:55:33,974 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 9.142857142857142) internal successors, (64), 5 states have internal predecessors, (64), 3 states have call successors, (12), 5 states have call predecessors, (12), 2 states have return successors, (10), 2 states have call predecessors, (10), 3 states have call successors, (10) [2022-02-20 17:55:33,974 INFO L276 IsEmpty]: Start isEmpty. Operand 306 states and 474 transitions. [2022-02-20 17:55:33,975 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-02-20 17:55:33,975 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:33,975 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:33,975 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:55:33,975 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:33,976 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:33,976 INFO L85 PathProgramCache]: Analyzing trace with hash 252552444, now seen corresponding path program 1 times [2022-02-20 17:55:33,976 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:33,976 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [896856869] [2022-02-20 17:55:33,976 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:33,976 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:33,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:34,017 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,019 INFO L290 TraceCheckUtils]: 0: Hoare triple {14464#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,019 INFO L290 TraceCheckUtils]: 1: Hoare triple {14416#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,019 INFO L290 TraceCheckUtils]: 2: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,019 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14416#true} {14416#true} #815#return; {14416#true} is VALID [2022-02-20 17:55:34,024 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:34,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {14465#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {14416#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,032 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14416#true} {14416#true} #817#return; {14416#true} is VALID [2022-02-20 17:55:34,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:34,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {14464#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {14416#true} assume !(1 == ~handle); {14416#true} is VALID [2022-02-20 17:55:34,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {14416#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,035 INFO L290 TraceCheckUtils]: 3: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,035 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14416#true} {14416#true} #819#return; {14416#true} is VALID [2022-02-20 17:55:34,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:34,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {14465#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {14416#true} assume !(1 == ~handle); {14416#true} is VALID [2022-02-20 17:55:34,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {14416#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,038 INFO L290 TraceCheckUtils]: 3: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,039 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14416#true} {14416#true} #821#return; {14416#true} is VALID [2022-02-20 17:55:34,039 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:34,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,052 INFO L290 TraceCheckUtils]: 0: Hoare triple {14464#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14466#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,052 INFO L290 TraceCheckUtils]: 1: Hoare triple {14466#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {14466#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,053 INFO L290 TraceCheckUtils]: 2: Hoare triple {14466#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {14466#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,053 INFO L290 TraceCheckUtils]: 3: Hoare triple {14466#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {14467#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,053 INFO L290 TraceCheckUtils]: 4: Hoare triple {14467#(= 3 |setClientId_#in~handle|)} assume true; {14467#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,054 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {14467#(= 3 |setClientId_#in~handle|)} {14436#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #823#return; {14443#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:55:34,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:55:34,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {14465#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14468#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:34,069 INFO L290 TraceCheckUtils]: 1: Hoare triple {14468#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14469#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:34,069 INFO L290 TraceCheckUtils]: 2: Hoare triple {14469#(= |setClientPrivateKey_#in~handle| 1)} assume true; {14469#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:34,069 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14469#(= |setClientPrivateKey_#in~handle| 1)} {14443#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #825#return; {14417#false} is VALID [2022-02-20 17:55:34,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:55:34,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {14470#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {14416#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,079 INFO L290 TraceCheckUtils]: 2: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,079 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14416#true} {14417#false} #811#return; {14417#false} is VALID [2022-02-20 17:55:34,079 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:55:34,080 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,096 INFO L290 TraceCheckUtils]: 0: Hoare triple {14416#true} ~handle := #in~handle;havoc ~retValue_acc~28; {14416#true} is VALID [2022-02-20 17:55:34,096 INFO L290 TraceCheckUtils]: 1: Hoare triple {14416#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {14416#true} is VALID [2022-02-20 17:55:34,096 INFO L290 TraceCheckUtils]: 2: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,096 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14416#true} {14417#false} #781#return; {14417#false} is VALID [2022-02-20 17:55:34,096 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:55:34,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,099 INFO L290 TraceCheckUtils]: 0: Hoare triple {14470#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,099 INFO L290 TraceCheckUtils]: 1: Hoare triple {14416#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,099 INFO L290 TraceCheckUtils]: 2: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,099 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14416#true} {14417#false} #787#return; {14417#false} is VALID [2022-02-20 17:55:34,100 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:55:34,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:34,102 INFO L290 TraceCheckUtils]: 0: Hoare triple {14416#true} ~handle := #in~handle;havoc ~retValue_acc~31; {14416#true} is VALID [2022-02-20 17:55:34,102 INFO L290 TraceCheckUtils]: 1: Hoare triple {14416#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {14416#true} is VALID [2022-02-20 17:55:34,103 INFO L290 TraceCheckUtils]: 2: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,103 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14416#true} {14417#false} #791#return; {14417#false} is VALID [2022-02-20 17:55:34,103 INFO L290 TraceCheckUtils]: 0: Hoare triple {14416#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {14416#true} is VALID [2022-02-20 17:55:34,103 INFO L290 TraceCheckUtils]: 1: Hoare triple {14416#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {14416#true} is VALID [2022-02-20 17:55:34,103 INFO L290 TraceCheckUtils]: 2: Hoare triple {14416#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14416#true} is VALID [2022-02-20 17:55:34,103 INFO L290 TraceCheckUtils]: 3: Hoare triple {14416#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {14416#true} is VALID [2022-02-20 17:55:34,103 INFO L290 TraceCheckUtils]: 4: Hoare triple {14416#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {14416#true} is VALID [2022-02-20 17:55:34,103 INFO L290 TraceCheckUtils]: 5: Hoare triple {14416#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14416#true} is VALID [2022-02-20 17:55:34,104 INFO L272 TraceCheckUtils]: 6: Hoare triple {14416#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14464#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:34,104 INFO L290 TraceCheckUtils]: 7: Hoare triple {14464#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,104 INFO L290 TraceCheckUtils]: 8: Hoare triple {14416#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,104 INFO L290 TraceCheckUtils]: 9: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,104 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14416#true} {14416#true} #815#return; {14416#true} is VALID [2022-02-20 17:55:34,105 INFO L290 TraceCheckUtils]: 11: Hoare triple {14416#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14416#true} is VALID [2022-02-20 17:55:34,105 INFO L272 TraceCheckUtils]: 12: Hoare triple {14416#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14465#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:34,105 INFO L290 TraceCheckUtils]: 13: Hoare triple {14465#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,105 INFO L290 TraceCheckUtils]: 14: Hoare triple {14416#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,106 INFO L290 TraceCheckUtils]: 15: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,106 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14416#true} {14416#true} #817#return; {14416#true} is VALID [2022-02-20 17:55:34,106 INFO L290 TraceCheckUtils]: 17: Hoare triple {14416#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14416#true} is VALID [2022-02-20 17:55:34,106 INFO L272 TraceCheckUtils]: 18: Hoare triple {14416#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14464#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:34,106 INFO L290 TraceCheckUtils]: 19: Hoare triple {14464#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,107 INFO L290 TraceCheckUtils]: 20: Hoare triple {14416#true} assume !(1 == ~handle); {14416#true} is VALID [2022-02-20 17:55:34,107 INFO L290 TraceCheckUtils]: 21: Hoare triple {14416#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,107 INFO L290 TraceCheckUtils]: 22: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,107 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14416#true} {14416#true} #819#return; {14416#true} is VALID [2022-02-20 17:55:34,107 INFO L290 TraceCheckUtils]: 24: Hoare triple {14416#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14416#true} is VALID [2022-02-20 17:55:34,108 INFO L272 TraceCheckUtils]: 25: Hoare triple {14416#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14465#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:34,108 INFO L290 TraceCheckUtils]: 26: Hoare triple {14465#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,108 INFO L290 TraceCheckUtils]: 27: Hoare triple {14416#true} assume !(1 == ~handle); {14416#true} is VALID [2022-02-20 17:55:34,108 INFO L290 TraceCheckUtils]: 28: Hoare triple {14416#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,108 INFO L290 TraceCheckUtils]: 29: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,108 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14416#true} {14416#true} #821#return; {14416#true} is VALID [2022-02-20 17:55:34,109 INFO L290 TraceCheckUtils]: 31: Hoare triple {14416#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14436#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:55:34,109 INFO L272 TraceCheckUtils]: 32: Hoare triple {14436#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14464#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:34,109 INFO L290 TraceCheckUtils]: 33: Hoare triple {14464#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14466#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,110 INFO L290 TraceCheckUtils]: 34: Hoare triple {14466#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {14466#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,110 INFO L290 TraceCheckUtils]: 35: Hoare triple {14466#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {14466#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,110 INFO L290 TraceCheckUtils]: 36: Hoare triple {14466#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {14467#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,110 INFO L290 TraceCheckUtils]: 37: Hoare triple {14467#(= 3 |setClientId_#in~handle|)} assume true; {14467#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:34,111 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {14467#(= 3 |setClientId_#in~handle|)} {14436#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #823#return; {14443#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:55:34,111 INFO L290 TraceCheckUtils]: 39: Hoare triple {14443#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {14443#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:55:34,112 INFO L272 TraceCheckUtils]: 40: Hoare triple {14443#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14465#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:34,112 INFO L290 TraceCheckUtils]: 41: Hoare triple {14465#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14468#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:34,112 INFO L290 TraceCheckUtils]: 42: Hoare triple {14468#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14469#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:34,112 INFO L290 TraceCheckUtils]: 43: Hoare triple {14469#(= |setClientPrivateKey_#in~handle| 1)} assume true; {14469#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:34,113 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {14469#(= |setClientPrivateKey_#in~handle| 1)} {14443#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #825#return; {14417#false} is VALID [2022-02-20 17:55:34,113 INFO L290 TraceCheckUtils]: 45: Hoare triple {14417#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {14417#false} is VALID [2022-02-20 17:55:34,113 INFO L290 TraceCheckUtils]: 46: Hoare triple {14417#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14417#false} is VALID [2022-02-20 17:55:34,113 INFO L290 TraceCheckUtils]: 47: Hoare triple {14417#false} assume !false; {14417#false} is VALID [2022-02-20 17:55:34,113 INFO L290 TraceCheckUtils]: 48: Hoare triple {14417#false} assume test_~splverifierCounter~0#1 < 4; {14417#false} is VALID [2022-02-20 17:55:34,113 INFO L290 TraceCheckUtils]: 49: Hoare triple {14417#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14417#false} is VALID [2022-02-20 17:55:34,113 INFO L290 TraceCheckUtils]: 50: Hoare triple {14417#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {14417#false} is VALID [2022-02-20 17:55:34,114 INFO L290 TraceCheckUtils]: 51: Hoare triple {14417#false} assume !(0 != test_~tmp___9~0#1); {14417#false} is VALID [2022-02-20 17:55:34,114 INFO L290 TraceCheckUtils]: 52: Hoare triple {14417#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {14417#false} is VALID [2022-02-20 17:55:34,114 INFO L290 TraceCheckUtils]: 53: Hoare triple {14417#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {14417#false} is VALID [2022-02-20 17:55:34,114 INFO L290 TraceCheckUtils]: 54: Hoare triple {14417#false} assume !false; {14417#false} is VALID [2022-02-20 17:55:34,114 INFO L290 TraceCheckUtils]: 55: Hoare triple {14417#false} assume !(test_~splverifierCounter~0#1 < 4); {14417#false} is VALID [2022-02-20 17:55:34,114 INFO L290 TraceCheckUtils]: 56: Hoare triple {14417#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {14417#false} is VALID [2022-02-20 17:55:34,114 INFO L272 TraceCheckUtils]: 57: Hoare triple {14417#false} call sendEmail(~bob~0, ~rjh~0); {14417#false} is VALID [2022-02-20 17:55:34,114 INFO L290 TraceCheckUtils]: 58: Hoare triple {14417#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14417#false} is VALID [2022-02-20 17:55:34,114 INFO L272 TraceCheckUtils]: 59: Hoare triple {14417#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14470#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:34,114 INFO L290 TraceCheckUtils]: 60: Hoare triple {14470#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,115 INFO L290 TraceCheckUtils]: 61: Hoare triple {14416#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,115 INFO L290 TraceCheckUtils]: 62: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,115 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {14416#true} {14417#false} #811#return; {14417#false} is VALID [2022-02-20 17:55:34,115 INFO L290 TraceCheckUtils]: 64: Hoare triple {14417#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {14417#false} is VALID [2022-02-20 17:55:34,115 INFO L290 TraceCheckUtils]: 65: Hoare triple {14417#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {14417#false} is VALID [2022-02-20 17:55:34,115 INFO L290 TraceCheckUtils]: 66: Hoare triple {14417#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {14417#false} is VALID [2022-02-20 17:55:34,115 INFO L290 TraceCheckUtils]: 67: Hoare triple {14417#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {14417#false} is VALID [2022-02-20 17:55:34,115 INFO L272 TraceCheckUtils]: 68: Hoare triple {14417#false} call outgoing(~sender#1, ~email~0#1); {14417#false} is VALID [2022-02-20 17:55:34,115 INFO L290 TraceCheckUtils]: 69: Hoare triple {14417#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {14417#false} is VALID [2022-02-20 17:55:34,116 INFO L272 TraceCheckUtils]: 70: Hoare triple {14417#false} call #t~ret42#1 := getEmailTo(~msg#1); {14416#true} is VALID [2022-02-20 17:55:34,116 INFO L290 TraceCheckUtils]: 71: Hoare triple {14416#true} ~handle := #in~handle;havoc ~retValue_acc~28; {14416#true} is VALID [2022-02-20 17:55:34,116 INFO L290 TraceCheckUtils]: 72: Hoare triple {14416#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {14416#true} is VALID [2022-02-20 17:55:34,116 INFO L290 TraceCheckUtils]: 73: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,116 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {14416#true} {14417#false} #781#return; {14417#false} is VALID [2022-02-20 17:55:34,116 INFO L290 TraceCheckUtils]: 75: Hoare triple {14417#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {14417#false} is VALID [2022-02-20 17:55:34,116 INFO L290 TraceCheckUtils]: 76: Hoare triple {14417#false} assume 1 == findPublicKey_~handle#1; {14417#false} is VALID [2022-02-20 17:55:34,116 INFO L290 TraceCheckUtils]: 77: Hoare triple {14417#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {14417#false} is VALID [2022-02-20 17:55:34,116 INFO L290 TraceCheckUtils]: 78: Hoare triple {14417#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {14417#false} is VALID [2022-02-20 17:55:34,116 INFO L290 TraceCheckUtils]: 79: Hoare triple {14417#false} assume !(0 != ~pubkey~0#1); {14417#false} is VALID [2022-02-20 17:55:34,117 INFO L290 TraceCheckUtils]: 80: Hoare triple {14417#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {14417#false} is VALID [2022-02-20 17:55:34,117 INFO L290 TraceCheckUtils]: 81: Hoare triple {14417#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {14417#false} is VALID [2022-02-20 17:55:34,117 INFO L290 TraceCheckUtils]: 82: Hoare triple {14417#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {14417#false} is VALID [2022-02-20 17:55:34,117 INFO L272 TraceCheckUtils]: 83: Hoare triple {14417#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {14470#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:34,117 INFO L290 TraceCheckUtils]: 84: Hoare triple {14470#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14416#true} is VALID [2022-02-20 17:55:34,117 INFO L290 TraceCheckUtils]: 85: Hoare triple {14416#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14416#true} is VALID [2022-02-20 17:55:34,117 INFO L290 TraceCheckUtils]: 86: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,117 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {14416#true} {14417#false} #787#return; {14417#false} is VALID [2022-02-20 17:55:34,117 INFO L290 TraceCheckUtils]: 88: Hoare triple {14417#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {14417#false} is VALID [2022-02-20 17:55:34,118 INFO L290 TraceCheckUtils]: 89: Hoare triple {14417#false} assume !(-1 == ~mail_is_sensitive~0); {14417#false} is VALID [2022-02-20 17:55:34,118 INFO L272 TraceCheckUtils]: 90: Hoare triple {14417#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {14416#true} is VALID [2022-02-20 17:55:34,118 INFO L290 TraceCheckUtils]: 91: Hoare triple {14416#true} ~handle := #in~handle;havoc ~retValue_acc~31; {14416#true} is VALID [2022-02-20 17:55:34,118 INFO L290 TraceCheckUtils]: 92: Hoare triple {14416#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {14416#true} is VALID [2022-02-20 17:55:34,118 INFO L290 TraceCheckUtils]: 93: Hoare triple {14416#true} assume true; {14416#true} is VALID [2022-02-20 17:55:34,118 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {14416#true} {14417#false} #791#return; {14417#false} is VALID [2022-02-20 17:55:34,118 INFO L290 TraceCheckUtils]: 95: Hoare triple {14417#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {14417#false} is VALID [2022-02-20 17:55:34,118 INFO L290 TraceCheckUtils]: 96: Hoare triple {14417#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {14417#false} is VALID [2022-02-20 17:55:34,118 INFO L290 TraceCheckUtils]: 97: Hoare triple {14417#false} assume !false; {14417#false} is VALID [2022-02-20 17:55:34,119 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:55:34,119 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:34,119 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [896856869] [2022-02-20 17:55:34,119 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [896856869] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:34,119 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:34,119 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 17:55:34,119 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1932610101] [2022-02-20 17:55:34,119 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:34,120 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 98 [2022-02-20 17:55:34,120 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:34,120 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:34,172 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 90 edges. 90 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:34,172 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 17:55:34,173 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:34,173 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 17:55:34,173 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:55:34,174 INFO L87 Difference]: Start difference. First operand 306 states and 474 transitions. Second operand has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:39,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:39,142 INFO L93 Difference]: Finished difference Result 637 states and 993 transitions. [2022-02-20 17:55:39,142 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 17:55:39,143 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 98 [2022-02-20 17:55:39,143 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:39,143 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:39,149 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 827 transitions. [2022-02-20 17:55:39,149 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:39,153 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 827 transitions. [2022-02-20 17:55:39,154 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 827 transitions. [2022-02-20 17:55:39,769 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 827 edges. 827 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:39,777 INFO L225 Difference]: With dead ends: 637 [2022-02-20 17:55:39,777 INFO L226 Difference]: Without dead ends: 358 [2022-02-20 17:55:39,778 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 17:55:39,778 INFO L933 BasicCegarLoop]: 401 mSDtfsCounter, 775 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2160 mSolverCounterSat, 236 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 775 SdHoareTripleChecker+Valid, 1353 SdHoareTripleChecker+Invalid, 2396 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 236 IncrementalHoareTripleChecker+Valid, 2160 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.2s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:39,779 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [775 Valid, 1353 Invalid, 2396 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [236 Valid, 2160 Invalid, 0 Unknown, 0 Unchecked, 2.2s Time] [2022-02-20 17:55:39,779 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 358 states. [2022-02-20 17:55:39,875 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 358 to 306. [2022-02-20 17:55:39,875 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:39,876 INFO L82 GeneralOperation]: Start isEquivalent. First operand 358 states. Second operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 17:55:39,877 INFO L74 IsIncluded]: Start isIncluded. First operand 358 states. Second operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 17:55:39,877 INFO L87 Difference]: Start difference. First operand 358 states. Second operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 17:55:39,885 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:39,885 INFO L93 Difference]: Finished difference Result 358 states and 556 transitions. [2022-02-20 17:55:39,885 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 556 transitions. [2022-02-20 17:55:39,887 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:39,887 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:39,889 INFO L74 IsIncluded]: Start isIncluded. First operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) Second operand 358 states. [2022-02-20 17:55:39,889 INFO L87 Difference]: Start difference. First operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) Second operand 358 states. [2022-02-20 17:55:39,898 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:39,898 INFO L93 Difference]: Finished difference Result 358 states and 556 transitions. [2022-02-20 17:55:39,899 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 556 transitions. [2022-02-20 17:55:39,900 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:39,900 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:39,900 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:39,900 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:39,903 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 306 states, 237 states have (on average 1.5485232067510548) internal successors, (367), 243 states have internal predecessors, (367), 50 states have call successors, (50), 15 states have call predecessors, (50), 18 states have return successors, (56), 49 states have call predecessors, (56), 49 states have call successors, (56) [2022-02-20 17:55:39,910 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 306 states to 306 states and 473 transitions. [2022-02-20 17:55:39,911 INFO L78 Accepts]: Start accepts. Automaton has 306 states and 473 transitions. Word has length 98 [2022-02-20 17:55:39,911 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:39,911 INFO L470 AbstractCegarLoop]: Abstraction has 306 states and 473 transitions. [2022-02-20 17:55:39,911 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 6.8) internal successors, (68), 8 states have internal predecessors, (68), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:39,911 INFO L276 IsEmpty]: Start isEmpty. Operand 306 states and 473 transitions. [2022-02-20 17:55:39,912 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2022-02-20 17:55:39,912 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:39,912 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:39,913 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:55:39,913 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:39,913 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:39,913 INFO L85 PathProgramCache]: Analyzing trace with hash -320628967, now seen corresponding path program 2 times [2022-02-20 17:55:39,913 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:39,913 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [7787138] [2022-02-20 17:55:39,913 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:39,914 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:39,935 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:39,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {16594#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:39,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {16545#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:39,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:39,967 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16545#true} {16545#true} #815#return; {16545#true} is VALID [2022-02-20 17:55:39,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:39,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {16595#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:39,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {16545#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:39,976 INFO L290 TraceCheckUtils]: 2: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:39,976 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16545#true} {16545#true} #817#return; {16545#true} is VALID [2022-02-20 17:55:39,976 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:39,977 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,978 INFO L290 TraceCheckUtils]: 0: Hoare triple {16594#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:39,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {16545#true} assume !(1 == ~handle); {16545#true} is VALID [2022-02-20 17:55:39,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {16545#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:39,979 INFO L290 TraceCheckUtils]: 3: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:39,979 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16545#true} {16545#true} #819#return; {16545#true} is VALID [2022-02-20 17:55:39,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:39,981 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {16595#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:39,985 INFO L290 TraceCheckUtils]: 1: Hoare triple {16545#true} assume !(1 == ~handle); {16545#true} is VALID [2022-02-20 17:55:39,985 INFO L290 TraceCheckUtils]: 2: Hoare triple {16545#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:39,985 INFO L290 TraceCheckUtils]: 3: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:39,986 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16545#true} {16545#true} #821#return; {16545#true} is VALID [2022-02-20 17:55:39,986 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:39,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,000 INFO L290 TraceCheckUtils]: 0: Hoare triple {16594#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16596#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,000 INFO L290 TraceCheckUtils]: 1: Hoare triple {16596#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16596#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,000 INFO L290 TraceCheckUtils]: 2: Hoare triple {16596#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {16596#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,001 INFO L290 TraceCheckUtils]: 3: Hoare triple {16596#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {16597#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,001 INFO L290 TraceCheckUtils]: 4: Hoare triple {16597#(= 3 |setClientId_#in~handle|)} assume true; {16597#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,001 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {16597#(= 3 |setClientId_#in~handle|)} {16565#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #823#return; {16572#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:55:40,002 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:55:40,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {16595#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16598#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:40,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {16598#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {16598#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:40,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {16598#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16599#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:40,017 INFO L290 TraceCheckUtils]: 3: Hoare triple {16599#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {16599#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:40,018 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16599#(= 2 |setClientPrivateKey_#in~handle|)} {16572#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #825#return; {16546#false} is VALID [2022-02-20 17:55:40,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:55:40,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,028 INFO L290 TraceCheckUtils]: 0: Hoare triple {16600#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:40,028 INFO L290 TraceCheckUtils]: 1: Hoare triple {16545#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:40,028 INFO L290 TraceCheckUtils]: 2: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,028 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16545#true} {16546#false} #811#return; {16546#false} is VALID [2022-02-20 17:55:40,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:55:40,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {16545#true} ~handle := #in~handle;havoc ~retValue_acc~28; {16545#true} is VALID [2022-02-20 17:55:40,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {16545#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {16545#true} is VALID [2022-02-20 17:55:40,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,031 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16545#true} {16546#false} #781#return; {16546#false} is VALID [2022-02-20 17:55:40,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:55:40,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {16600#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:40,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {16545#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:40,034 INFO L290 TraceCheckUtils]: 2: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,034 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16545#true} {16546#false} #787#return; {16546#false} is VALID [2022-02-20 17:55:40,034 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:55:40,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,037 INFO L290 TraceCheckUtils]: 0: Hoare triple {16545#true} ~handle := #in~handle;havoc ~retValue_acc~31; {16545#true} is VALID [2022-02-20 17:55:40,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {16545#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {16545#true} is VALID [2022-02-20 17:55:40,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,038 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16545#true} {16546#false} #791#return; {16546#false} is VALID [2022-02-20 17:55:40,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {16545#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {16545#true} is VALID [2022-02-20 17:55:40,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {16545#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {16545#true} is VALID [2022-02-20 17:55:40,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {16545#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16545#true} is VALID [2022-02-20 17:55:40,039 INFO L290 TraceCheckUtils]: 3: Hoare triple {16545#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {16545#true} is VALID [2022-02-20 17:55:40,039 INFO L290 TraceCheckUtils]: 4: Hoare triple {16545#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {16545#true} is VALID [2022-02-20 17:55:40,043 INFO L290 TraceCheckUtils]: 5: Hoare triple {16545#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {16545#true} is VALID [2022-02-20 17:55:40,044 INFO L272 TraceCheckUtils]: 6: Hoare triple {16545#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16594#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:40,044 INFO L290 TraceCheckUtils]: 7: Hoare triple {16594#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:40,044 INFO L290 TraceCheckUtils]: 8: Hoare triple {16545#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:40,045 INFO L290 TraceCheckUtils]: 9: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,045 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {16545#true} {16545#true} #815#return; {16545#true} is VALID [2022-02-20 17:55:40,045 INFO L290 TraceCheckUtils]: 11: Hoare triple {16545#true} assume { :end_inline_setup_bob__wrappee__Base } true; {16545#true} is VALID [2022-02-20 17:55:40,045 INFO L272 TraceCheckUtils]: 12: Hoare triple {16545#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16595#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:40,045 INFO L290 TraceCheckUtils]: 13: Hoare triple {16595#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:40,045 INFO L290 TraceCheckUtils]: 14: Hoare triple {16545#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:40,046 INFO L290 TraceCheckUtils]: 15: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,046 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16545#true} {16545#true} #817#return; {16545#true} is VALID [2022-02-20 17:55:40,046 INFO L290 TraceCheckUtils]: 17: Hoare triple {16545#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {16545#true} is VALID [2022-02-20 17:55:40,046 INFO L272 TraceCheckUtils]: 18: Hoare triple {16545#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16594#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:40,046 INFO L290 TraceCheckUtils]: 19: Hoare triple {16594#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:40,047 INFO L290 TraceCheckUtils]: 20: Hoare triple {16545#true} assume !(1 == ~handle); {16545#true} is VALID [2022-02-20 17:55:40,047 INFO L290 TraceCheckUtils]: 21: Hoare triple {16545#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:40,047 INFO L290 TraceCheckUtils]: 22: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,047 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {16545#true} {16545#true} #819#return; {16545#true} is VALID [2022-02-20 17:55:40,047 INFO L290 TraceCheckUtils]: 24: Hoare triple {16545#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {16545#true} is VALID [2022-02-20 17:55:40,047 INFO L272 TraceCheckUtils]: 25: Hoare triple {16545#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16595#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:40,048 INFO L290 TraceCheckUtils]: 26: Hoare triple {16595#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:40,048 INFO L290 TraceCheckUtils]: 27: Hoare triple {16545#true} assume !(1 == ~handle); {16545#true} is VALID [2022-02-20 17:55:40,048 INFO L290 TraceCheckUtils]: 28: Hoare triple {16545#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:40,048 INFO L290 TraceCheckUtils]: 29: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,048 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16545#true} {16545#true} #821#return; {16545#true} is VALID [2022-02-20 17:55:40,048 INFO L290 TraceCheckUtils]: 31: Hoare triple {16545#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {16565#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:55:40,049 INFO L272 TraceCheckUtils]: 32: Hoare triple {16565#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16594#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:40,049 INFO L290 TraceCheckUtils]: 33: Hoare triple {16594#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16596#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,049 INFO L290 TraceCheckUtils]: 34: Hoare triple {16596#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16596#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,050 INFO L290 TraceCheckUtils]: 35: Hoare triple {16596#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {16596#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,050 INFO L290 TraceCheckUtils]: 36: Hoare triple {16596#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {16597#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,050 INFO L290 TraceCheckUtils]: 37: Hoare triple {16597#(= 3 |setClientId_#in~handle|)} assume true; {16597#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,051 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {16597#(= 3 |setClientId_#in~handle|)} {16565#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #823#return; {16572#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:55:40,051 INFO L290 TraceCheckUtils]: 39: Hoare triple {16572#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {16572#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:55:40,052 INFO L272 TraceCheckUtils]: 40: Hoare triple {16572#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16595#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:40,052 INFO L290 TraceCheckUtils]: 41: Hoare triple {16595#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16598#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:40,052 INFO L290 TraceCheckUtils]: 42: Hoare triple {16598#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {16598#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:40,052 INFO L290 TraceCheckUtils]: 43: Hoare triple {16598#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16599#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:40,053 INFO L290 TraceCheckUtils]: 44: Hoare triple {16599#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {16599#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:40,053 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {16599#(= 2 |setClientPrivateKey_#in~handle|)} {16572#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #825#return; {16546#false} is VALID [2022-02-20 17:55:40,053 INFO L290 TraceCheckUtils]: 46: Hoare triple {16546#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {16546#false} is VALID [2022-02-20 17:55:40,053 INFO L290 TraceCheckUtils]: 47: Hoare triple {16546#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16546#false} is VALID [2022-02-20 17:55:40,053 INFO L290 TraceCheckUtils]: 48: Hoare triple {16546#false} assume !false; {16546#false} is VALID [2022-02-20 17:55:40,054 INFO L290 TraceCheckUtils]: 49: Hoare triple {16546#false} assume test_~splverifierCounter~0#1 < 4; {16546#false} is VALID [2022-02-20 17:55:40,054 INFO L290 TraceCheckUtils]: 50: Hoare triple {16546#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16546#false} is VALID [2022-02-20 17:55:40,054 INFO L290 TraceCheckUtils]: 51: Hoare triple {16546#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {16546#false} is VALID [2022-02-20 17:55:40,054 INFO L290 TraceCheckUtils]: 52: Hoare triple {16546#false} assume !(0 != test_~tmp___9~0#1); {16546#false} is VALID [2022-02-20 17:55:40,054 INFO L290 TraceCheckUtils]: 53: Hoare triple {16546#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {16546#false} is VALID [2022-02-20 17:55:40,054 INFO L290 TraceCheckUtils]: 54: Hoare triple {16546#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {16546#false} is VALID [2022-02-20 17:55:40,054 INFO L290 TraceCheckUtils]: 55: Hoare triple {16546#false} assume !false; {16546#false} is VALID [2022-02-20 17:55:40,054 INFO L290 TraceCheckUtils]: 56: Hoare triple {16546#false} assume !(test_~splverifierCounter~0#1 < 4); {16546#false} is VALID [2022-02-20 17:55:40,054 INFO L290 TraceCheckUtils]: 57: Hoare triple {16546#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {16546#false} is VALID [2022-02-20 17:55:40,055 INFO L272 TraceCheckUtils]: 58: Hoare triple {16546#false} call sendEmail(~bob~0, ~rjh~0); {16546#false} is VALID [2022-02-20 17:55:40,055 INFO L290 TraceCheckUtils]: 59: Hoare triple {16546#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16546#false} is VALID [2022-02-20 17:55:40,055 INFO L272 TraceCheckUtils]: 60: Hoare triple {16546#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16600#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:40,055 INFO L290 TraceCheckUtils]: 61: Hoare triple {16600#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:40,055 INFO L290 TraceCheckUtils]: 62: Hoare triple {16545#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:40,055 INFO L290 TraceCheckUtils]: 63: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,055 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {16545#true} {16546#false} #811#return; {16546#false} is VALID [2022-02-20 17:55:40,055 INFO L290 TraceCheckUtils]: 65: Hoare triple {16546#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {16546#false} is VALID [2022-02-20 17:55:40,055 INFO L290 TraceCheckUtils]: 66: Hoare triple {16546#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {16546#false} is VALID [2022-02-20 17:55:40,056 INFO L290 TraceCheckUtils]: 67: Hoare triple {16546#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {16546#false} is VALID [2022-02-20 17:55:40,056 INFO L290 TraceCheckUtils]: 68: Hoare triple {16546#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {16546#false} is VALID [2022-02-20 17:55:40,056 INFO L272 TraceCheckUtils]: 69: Hoare triple {16546#false} call outgoing(~sender#1, ~email~0#1); {16546#false} is VALID [2022-02-20 17:55:40,056 INFO L290 TraceCheckUtils]: 70: Hoare triple {16546#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {16546#false} is VALID [2022-02-20 17:55:40,056 INFO L272 TraceCheckUtils]: 71: Hoare triple {16546#false} call #t~ret42#1 := getEmailTo(~msg#1); {16545#true} is VALID [2022-02-20 17:55:40,056 INFO L290 TraceCheckUtils]: 72: Hoare triple {16545#true} ~handle := #in~handle;havoc ~retValue_acc~28; {16545#true} is VALID [2022-02-20 17:55:40,056 INFO L290 TraceCheckUtils]: 73: Hoare triple {16545#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {16545#true} is VALID [2022-02-20 17:55:40,056 INFO L290 TraceCheckUtils]: 74: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,056 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {16545#true} {16546#false} #781#return; {16546#false} is VALID [2022-02-20 17:55:40,056 INFO L290 TraceCheckUtils]: 76: Hoare triple {16546#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {16546#false} is VALID [2022-02-20 17:55:40,057 INFO L290 TraceCheckUtils]: 77: Hoare triple {16546#false} assume 1 == findPublicKey_~handle#1; {16546#false} is VALID [2022-02-20 17:55:40,057 INFO L290 TraceCheckUtils]: 78: Hoare triple {16546#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {16546#false} is VALID [2022-02-20 17:55:40,057 INFO L290 TraceCheckUtils]: 79: Hoare triple {16546#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {16546#false} is VALID [2022-02-20 17:55:40,057 INFO L290 TraceCheckUtils]: 80: Hoare triple {16546#false} assume !(0 != ~pubkey~0#1); {16546#false} is VALID [2022-02-20 17:55:40,057 INFO L290 TraceCheckUtils]: 81: Hoare triple {16546#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {16546#false} is VALID [2022-02-20 17:55:40,057 INFO L290 TraceCheckUtils]: 82: Hoare triple {16546#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {16546#false} is VALID [2022-02-20 17:55:40,057 INFO L290 TraceCheckUtils]: 83: Hoare triple {16546#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {16546#false} is VALID [2022-02-20 17:55:40,057 INFO L272 TraceCheckUtils]: 84: Hoare triple {16546#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {16600#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:40,057 INFO L290 TraceCheckUtils]: 85: Hoare triple {16600#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16545#true} is VALID [2022-02-20 17:55:40,058 INFO L290 TraceCheckUtils]: 86: Hoare triple {16545#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16545#true} is VALID [2022-02-20 17:55:40,058 INFO L290 TraceCheckUtils]: 87: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,058 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {16545#true} {16546#false} #787#return; {16546#false} is VALID [2022-02-20 17:55:40,058 INFO L290 TraceCheckUtils]: 89: Hoare triple {16546#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {16546#false} is VALID [2022-02-20 17:55:40,058 INFO L290 TraceCheckUtils]: 90: Hoare triple {16546#false} assume !(-1 == ~mail_is_sensitive~0); {16546#false} is VALID [2022-02-20 17:55:40,058 INFO L272 TraceCheckUtils]: 91: Hoare triple {16546#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {16545#true} is VALID [2022-02-20 17:55:40,058 INFO L290 TraceCheckUtils]: 92: Hoare triple {16545#true} ~handle := #in~handle;havoc ~retValue_acc~31; {16545#true} is VALID [2022-02-20 17:55:40,058 INFO L290 TraceCheckUtils]: 93: Hoare triple {16545#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {16545#true} is VALID [2022-02-20 17:55:40,058 INFO L290 TraceCheckUtils]: 94: Hoare triple {16545#true} assume true; {16545#true} is VALID [2022-02-20 17:55:40,058 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {16545#true} {16546#false} #791#return; {16546#false} is VALID [2022-02-20 17:55:40,059 INFO L290 TraceCheckUtils]: 96: Hoare triple {16546#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {16546#false} is VALID [2022-02-20 17:55:40,059 INFO L290 TraceCheckUtils]: 97: Hoare triple {16546#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {16546#false} is VALID [2022-02-20 17:55:40,059 INFO L290 TraceCheckUtils]: 98: Hoare triple {16546#false} assume !false; {16546#false} is VALID [2022-02-20 17:55:40,059 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:55:40,059 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:40,059 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [7787138] [2022-02-20 17:55:40,059 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [7787138] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:40,060 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:40,060 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [11] imperfect sequences [] total 11 [2022-02-20 17:55:40,060 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1833791832] [2022-02-20 17:55:40,060 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:40,060 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 99 [2022-02-20 17:55:40,061 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:40,061 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:40,113 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 91 edges. 91 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:40,113 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 17:55:40,113 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:40,113 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 17:55:40,114 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=19, Invalid=91, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:55:40,114 INFO L87 Difference]: Start difference. First operand 306 states and 473 transitions. Second operand has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:45,065 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:45,066 INFO L93 Difference]: Finished difference Result 639 states and 999 transitions. [2022-02-20 17:55:45,066 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 17:55:45,066 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 99 [2022-02-20 17:55:45,067 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:45,067 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:45,072 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 828 transitions. [2022-02-20 17:55:45,073 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:45,077 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 828 transitions. [2022-02-20 17:55:45,077 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 828 transitions. [2022-02-20 17:55:45,705 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 828 edges. 828 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:45,713 INFO L225 Difference]: With dead ends: 639 [2022-02-20 17:55:45,713 INFO L226 Difference]: Without dead ends: 360 [2022-02-20 17:55:45,714 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 19 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 46 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=84, Invalid=336, Unknown=0, NotChecked=0, Total=420 [2022-02-20 17:55:45,714 INFO L933 BasicCegarLoop]: 402 mSDtfsCounter, 771 mSDsluCounter, 952 mSDsCounter, 0 mSdLazyCounter, 2191 mSolverCounterSat, 232 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 771 SdHoareTripleChecker+Valid, 1354 SdHoareTripleChecker+Invalid, 2423 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 232 IncrementalHoareTripleChecker+Valid, 2191 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.2s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:45,714 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [771 Valid, 1354 Invalid, 2423 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [232 Valid, 2191 Invalid, 0 Unknown, 0 Unchecked, 2.2s Time] [2022-02-20 17:55:45,715 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 360 states. [2022-02-20 17:55:45,799 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 360 to 308. [2022-02-20 17:55:45,799 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:45,800 INFO L82 GeneralOperation]: Start isEquivalent. First operand 360 states. Second operand has 308 states, 238 states have (on average 1.546218487394958) internal successors, (368), 245 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) [2022-02-20 17:55:45,800 INFO L74 IsIncluded]: Start isIncluded. First operand 360 states. Second operand has 308 states, 238 states have (on average 1.546218487394958) internal successors, (368), 245 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) [2022-02-20 17:55:45,801 INFO L87 Difference]: Start difference. First operand 360 states. Second operand has 308 states, 238 states have (on average 1.546218487394958) internal successors, (368), 245 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) [2022-02-20 17:55:45,809 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:45,809 INFO L93 Difference]: Finished difference Result 360 states and 562 transitions. [2022-02-20 17:55:45,809 INFO L276 IsEmpty]: Start isEmpty. Operand 360 states and 562 transitions. [2022-02-20 17:55:45,811 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:45,811 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:45,811 INFO L74 IsIncluded]: Start isIncluded. First operand has 308 states, 238 states have (on average 1.546218487394958) internal successors, (368), 245 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) Second operand 360 states. [2022-02-20 17:55:45,812 INFO L87 Difference]: Start difference. First operand has 308 states, 238 states have (on average 1.546218487394958) internal successors, (368), 245 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) Second operand 360 states. [2022-02-20 17:55:45,819 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:45,819 INFO L93 Difference]: Finished difference Result 360 states and 562 transitions. [2022-02-20 17:55:45,819 INFO L276 IsEmpty]: Start isEmpty. Operand 360 states and 562 transitions. [2022-02-20 17:55:45,820 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:45,820 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:45,821 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:45,821 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:45,821 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 308 states, 238 states have (on average 1.546218487394958) internal successors, (368), 245 states have internal predecessors, (368), 50 states have call successors, (50), 15 states have call predecessors, (50), 19 states have return successors, (61), 49 states have call predecessors, (61), 49 states have call successors, (61) [2022-02-20 17:55:45,829 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 308 states to 308 states and 479 transitions. [2022-02-20 17:55:45,829 INFO L78 Accepts]: Start accepts. Automaton has 308 states and 479 transitions. Word has length 99 [2022-02-20 17:55:45,829 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:45,830 INFO L470 AbstractCegarLoop]: Abstraction has 308 states and 479 transitions. [2022-02-20 17:55:45,830 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 10 states have (on average 6.9) internal successors, (69), 8 states have internal predecessors, (69), 4 states have call successors, (12), 5 states have call predecessors, (12), 3 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2022-02-20 17:55:45,830 INFO L276 IsEmpty]: Start isEmpty. Operand 308 states and 479 transitions. [2022-02-20 17:55:45,831 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 101 [2022-02-20 17:55:45,832 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:45,832 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:45,832 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 17:55:45,832 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:45,832 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:45,833 INFO L85 PathProgramCache]: Analyzing trace with hash -807696649, now seen corresponding path program 1 times [2022-02-20 17:55:45,833 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:45,833 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1158842168] [2022-02-20 17:55:45,833 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:45,833 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:45,855 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,877 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:45,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,880 INFO L290 TraceCheckUtils]: 0: Hoare triple {18733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,880 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,880 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,880 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18683#true} {18683#true} #815#return; {18683#true} is VALID [2022-02-20 17:55:45,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:45,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,889 INFO L290 TraceCheckUtils]: 0: Hoare triple {18734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,890 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,890 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18683#true} {18683#true} #817#return; {18683#true} is VALID [2022-02-20 17:55:45,890 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:45,891 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,893 INFO L290 TraceCheckUtils]: 0: Hoare triple {18733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,893 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,893 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,893 INFO L290 TraceCheckUtils]: 3: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,893 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18683#true} {18683#true} #819#return; {18683#true} is VALID [2022-02-20 17:55:45,894 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:45,895 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,897 INFO L290 TraceCheckUtils]: 0: Hoare triple {18734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,897 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,897 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,897 INFO L290 TraceCheckUtils]: 3: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,897 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18683#true} {18683#true} #821#return; {18683#true} is VALID [2022-02-20 17:55:45,898 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:45,899 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,901 INFO L290 TraceCheckUtils]: 0: Hoare triple {18733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,901 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,901 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume !(2 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,901 INFO L290 TraceCheckUtils]: 3: Hoare triple {18683#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,901 INFO L290 TraceCheckUtils]: 4: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,901 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {18683#true} {18683#true} #823#return; {18683#true} is VALID [2022-02-20 17:55:45,901 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:55:45,902 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,904 INFO L290 TraceCheckUtils]: 0: Hoare triple {18734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,904 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,904 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume !(2 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,904 INFO L290 TraceCheckUtils]: 3: Hoare triple {18683#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,904 INFO L290 TraceCheckUtils]: 4: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,904 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {18683#true} {18683#true} #825#return; {18683#true} is VALID [2022-02-20 17:55:45,909 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:55:45,910 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {18735#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,911 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18683#true} {18684#false} #811#return; {18684#false} is VALID [2022-02-20 17:55:45,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:55:45,912 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {18683#true} ~handle := #in~handle;havoc ~retValue_acc~28; {18683#true} is VALID [2022-02-20 17:55:45,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {18683#true} is VALID [2022-02-20 17:55:45,914 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,914 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18683#true} {18684#false} #781#return; {18684#false} is VALID [2022-02-20 17:55:45,914 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:55:45,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,916 INFO L290 TraceCheckUtils]: 0: Hoare triple {18735#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,916 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,916 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,916 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18683#true} {18684#false} #787#return; {18684#false} is VALID [2022-02-20 17:55:45,917 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:55:45,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,919 INFO L290 TraceCheckUtils]: 0: Hoare triple {18683#true} ~handle := #in~handle;havoc ~retValue_acc~31; {18683#true} is VALID [2022-02-20 17:55:45,919 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {18683#true} is VALID [2022-02-20 17:55:45,919 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,919 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18683#true} {18684#false} #791#return; {18684#false} is VALID [2022-02-20 17:55:45,919 INFO L290 TraceCheckUtils]: 0: Hoare triple {18683#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {18683#true} is VALID [2022-02-20 17:55:45,919 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {18683#true} is VALID [2022-02-20 17:55:45,919 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18683#true} is VALID [2022-02-20 17:55:45,919 INFO L290 TraceCheckUtils]: 3: Hoare triple {18683#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {18683#true} is VALID [2022-02-20 17:55:45,920 INFO L290 TraceCheckUtils]: 4: Hoare triple {18683#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {18683#true} is VALID [2022-02-20 17:55:45,920 INFO L290 TraceCheckUtils]: 5: Hoare triple {18683#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18683#true} is VALID [2022-02-20 17:55:45,920 INFO L272 TraceCheckUtils]: 6: Hoare triple {18683#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:45,920 INFO L290 TraceCheckUtils]: 7: Hoare triple {18733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,920 INFO L290 TraceCheckUtils]: 8: Hoare triple {18683#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,921 INFO L290 TraceCheckUtils]: 9: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,921 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18683#true} {18683#true} #815#return; {18683#true} is VALID [2022-02-20 17:55:45,921 INFO L290 TraceCheckUtils]: 11: Hoare triple {18683#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18683#true} is VALID [2022-02-20 17:55:45,921 INFO L272 TraceCheckUtils]: 12: Hoare triple {18683#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:45,921 INFO L290 TraceCheckUtils]: 13: Hoare triple {18734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,922 INFO L290 TraceCheckUtils]: 14: Hoare triple {18683#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,922 INFO L290 TraceCheckUtils]: 15: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,922 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18683#true} {18683#true} #817#return; {18683#true} is VALID [2022-02-20 17:55:45,922 INFO L290 TraceCheckUtils]: 17: Hoare triple {18683#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18683#true} is VALID [2022-02-20 17:55:45,934 INFO L272 TraceCheckUtils]: 18: Hoare triple {18683#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:45,935 INFO L290 TraceCheckUtils]: 19: Hoare triple {18733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,935 INFO L290 TraceCheckUtils]: 20: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,935 INFO L290 TraceCheckUtils]: 21: Hoare triple {18683#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,935 INFO L290 TraceCheckUtils]: 22: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,935 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18683#true} {18683#true} #819#return; {18683#true} is VALID [2022-02-20 17:55:45,935 INFO L290 TraceCheckUtils]: 24: Hoare triple {18683#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18683#true} is VALID [2022-02-20 17:55:45,936 INFO L272 TraceCheckUtils]: 25: Hoare triple {18683#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:45,936 INFO L290 TraceCheckUtils]: 26: Hoare triple {18734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,936 INFO L290 TraceCheckUtils]: 27: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,936 INFO L290 TraceCheckUtils]: 28: Hoare triple {18683#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,936 INFO L290 TraceCheckUtils]: 29: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,936 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18683#true} {18683#true} #821#return; {18683#true} is VALID [2022-02-20 17:55:45,937 INFO L290 TraceCheckUtils]: 31: Hoare triple {18683#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18683#true} is VALID [2022-02-20 17:55:45,937 INFO L272 TraceCheckUtils]: 32: Hoare triple {18683#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:45,937 INFO L290 TraceCheckUtils]: 33: Hoare triple {18733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,937 INFO L290 TraceCheckUtils]: 34: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,937 INFO L290 TraceCheckUtils]: 35: Hoare triple {18683#true} assume !(2 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,938 INFO L290 TraceCheckUtils]: 36: Hoare triple {18683#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,938 INFO L290 TraceCheckUtils]: 37: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,938 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {18683#true} {18683#true} #823#return; {18683#true} is VALID [2022-02-20 17:55:45,938 INFO L290 TraceCheckUtils]: 39: Hoare triple {18683#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {18683#true} is VALID [2022-02-20 17:55:45,938 INFO L272 TraceCheckUtils]: 40: Hoare triple {18683#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:45,938 INFO L290 TraceCheckUtils]: 41: Hoare triple {18734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,939 INFO L290 TraceCheckUtils]: 42: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,939 INFO L290 TraceCheckUtils]: 43: Hoare triple {18683#true} assume !(2 == ~handle); {18683#true} is VALID [2022-02-20 17:55:45,939 INFO L290 TraceCheckUtils]: 44: Hoare triple {18683#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,939 INFO L290 TraceCheckUtils]: 45: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,939 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {18683#true} {18683#true} #825#return; {18683#true} is VALID [2022-02-20 17:55:45,939 INFO L290 TraceCheckUtils]: 47: Hoare triple {18683#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {18683#true} is VALID [2022-02-20 17:55:45,939 INFO L290 TraceCheckUtils]: 48: Hoare triple {18683#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18715#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:45,940 INFO L290 TraceCheckUtils]: 49: Hoare triple {18715#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {18715#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:45,940 INFO L290 TraceCheckUtils]: 50: Hoare triple {18715#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {18715#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:45,940 INFO L290 TraceCheckUtils]: 51: Hoare triple {18715#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:45,940 INFO L290 TraceCheckUtils]: 52: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:45,941 INFO L290 TraceCheckUtils]: 53: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:45,941 INFO L290 TraceCheckUtils]: 54: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:45,941 INFO L290 TraceCheckUtils]: 55: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:45,942 INFO L290 TraceCheckUtils]: 56: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:45,942 INFO L290 TraceCheckUtils]: 57: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {18684#false} is VALID [2022-02-20 17:55:45,942 INFO L290 TraceCheckUtils]: 58: Hoare triple {18684#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {18684#false} is VALID [2022-02-20 17:55:45,942 INFO L272 TraceCheckUtils]: 59: Hoare triple {18684#false} call sendEmail(~bob~0, ~rjh~0); {18684#false} is VALID [2022-02-20 17:55:45,942 INFO L290 TraceCheckUtils]: 60: Hoare triple {18684#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18684#false} is VALID [2022-02-20 17:55:45,942 INFO L272 TraceCheckUtils]: 61: Hoare triple {18684#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18735#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:45,942 INFO L290 TraceCheckUtils]: 62: Hoare triple {18735#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,942 INFO L290 TraceCheckUtils]: 63: Hoare triple {18683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,943 INFO L290 TraceCheckUtils]: 64: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,943 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18683#true} {18684#false} #811#return; {18684#false} is VALID [2022-02-20 17:55:45,943 INFO L290 TraceCheckUtils]: 66: Hoare triple {18684#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {18684#false} is VALID [2022-02-20 17:55:45,943 INFO L290 TraceCheckUtils]: 67: Hoare triple {18684#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {18684#false} is VALID [2022-02-20 17:55:45,943 INFO L290 TraceCheckUtils]: 68: Hoare triple {18684#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {18684#false} is VALID [2022-02-20 17:55:45,943 INFO L290 TraceCheckUtils]: 69: Hoare triple {18684#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {18684#false} is VALID [2022-02-20 17:55:45,943 INFO L272 TraceCheckUtils]: 70: Hoare triple {18684#false} call outgoing(~sender#1, ~email~0#1); {18684#false} is VALID [2022-02-20 17:55:45,943 INFO L290 TraceCheckUtils]: 71: Hoare triple {18684#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {18684#false} is VALID [2022-02-20 17:55:45,943 INFO L272 TraceCheckUtils]: 72: Hoare triple {18684#false} call #t~ret42#1 := getEmailTo(~msg#1); {18683#true} is VALID [2022-02-20 17:55:45,944 INFO L290 TraceCheckUtils]: 73: Hoare triple {18683#true} ~handle := #in~handle;havoc ~retValue_acc~28; {18683#true} is VALID [2022-02-20 17:55:45,944 INFO L290 TraceCheckUtils]: 74: Hoare triple {18683#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {18683#true} is VALID [2022-02-20 17:55:45,944 INFO L290 TraceCheckUtils]: 75: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,944 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18683#true} {18684#false} #781#return; {18684#false} is VALID [2022-02-20 17:55:45,944 INFO L290 TraceCheckUtils]: 77: Hoare triple {18684#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {18684#false} is VALID [2022-02-20 17:55:45,944 INFO L290 TraceCheckUtils]: 78: Hoare triple {18684#false} assume 1 == findPublicKey_~handle#1; {18684#false} is VALID [2022-02-20 17:55:45,944 INFO L290 TraceCheckUtils]: 79: Hoare triple {18684#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {18684#false} is VALID [2022-02-20 17:55:45,944 INFO L290 TraceCheckUtils]: 80: Hoare triple {18684#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {18684#false} is VALID [2022-02-20 17:55:45,944 INFO L290 TraceCheckUtils]: 81: Hoare triple {18684#false} assume !(0 != ~pubkey~0#1); {18684#false} is VALID [2022-02-20 17:55:45,945 INFO L290 TraceCheckUtils]: 82: Hoare triple {18684#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {18684#false} is VALID [2022-02-20 17:55:45,945 INFO L290 TraceCheckUtils]: 83: Hoare triple {18684#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {18684#false} is VALID [2022-02-20 17:55:45,945 INFO L290 TraceCheckUtils]: 84: Hoare triple {18684#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {18684#false} is VALID [2022-02-20 17:55:45,945 INFO L272 TraceCheckUtils]: 85: Hoare triple {18684#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {18735#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:45,945 INFO L290 TraceCheckUtils]: 86: Hoare triple {18735#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:45,945 INFO L290 TraceCheckUtils]: 87: Hoare triple {18683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:45,945 INFO L290 TraceCheckUtils]: 88: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,945 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {18683#true} {18684#false} #787#return; {18684#false} is VALID [2022-02-20 17:55:45,945 INFO L290 TraceCheckUtils]: 90: Hoare triple {18684#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {18684#false} is VALID [2022-02-20 17:55:45,946 INFO L290 TraceCheckUtils]: 91: Hoare triple {18684#false} assume !(-1 == ~mail_is_sensitive~0); {18684#false} is VALID [2022-02-20 17:55:45,946 INFO L272 TraceCheckUtils]: 92: Hoare triple {18684#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {18683#true} is VALID [2022-02-20 17:55:45,946 INFO L290 TraceCheckUtils]: 93: Hoare triple {18683#true} ~handle := #in~handle;havoc ~retValue_acc~31; {18683#true} is VALID [2022-02-20 17:55:45,946 INFO L290 TraceCheckUtils]: 94: Hoare triple {18683#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {18683#true} is VALID [2022-02-20 17:55:45,946 INFO L290 TraceCheckUtils]: 95: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:45,946 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {18683#true} {18684#false} #791#return; {18684#false} is VALID [2022-02-20 17:55:45,946 INFO L290 TraceCheckUtils]: 97: Hoare triple {18684#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {18684#false} is VALID [2022-02-20 17:55:45,946 INFO L290 TraceCheckUtils]: 98: Hoare triple {18684#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {18684#false} is VALID [2022-02-20 17:55:45,947 INFO L290 TraceCheckUtils]: 99: Hoare triple {18684#false} assume !false; {18684#false} is VALID [2022-02-20 17:55:45,947 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:55:45,947 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:45,947 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1158842168] [2022-02-20 17:55:45,947 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1158842168] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:45,948 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1826727208] [2022-02-20 17:55:45,948 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:45,948 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:45,948 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:45,952 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:45,956 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 17:55:46,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:46,123 INFO L263 TraceCheckSpWp]: Trace formula consists of 930 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:55:46,159 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:46,160 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:46,343 INFO L290 TraceCheckUtils]: 0: Hoare triple {18683#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {18683#true} is VALID [2022-02-20 17:55:46,343 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {18683#true} is VALID [2022-02-20 17:55:46,343 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18683#true} is VALID [2022-02-20 17:55:46,343 INFO L290 TraceCheckUtils]: 3: Hoare triple {18683#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {18683#true} is VALID [2022-02-20 17:55:46,344 INFO L290 TraceCheckUtils]: 4: Hoare triple {18683#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {18683#true} is VALID [2022-02-20 17:55:46,344 INFO L290 TraceCheckUtils]: 5: Hoare triple {18683#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18683#true} is VALID [2022-02-20 17:55:46,344 INFO L272 TraceCheckUtils]: 6: Hoare triple {18683#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18683#true} is VALID [2022-02-20 17:55:46,344 INFO L290 TraceCheckUtils]: 7: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,344 INFO L290 TraceCheckUtils]: 8: Hoare triple {18683#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,344 INFO L290 TraceCheckUtils]: 9: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,344 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18683#true} {18683#true} #815#return; {18683#true} is VALID [2022-02-20 17:55:46,344 INFO L290 TraceCheckUtils]: 11: Hoare triple {18683#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18683#true} is VALID [2022-02-20 17:55:46,344 INFO L272 TraceCheckUtils]: 12: Hoare triple {18683#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L290 TraceCheckUtils]: 13: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L290 TraceCheckUtils]: 14: Hoare triple {18683#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L290 TraceCheckUtils]: 15: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18683#true} {18683#true} #817#return; {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L290 TraceCheckUtils]: 17: Hoare triple {18683#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L272 TraceCheckUtils]: 18: Hoare triple {18683#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L290 TraceCheckUtils]: 19: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L290 TraceCheckUtils]: 20: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L290 TraceCheckUtils]: 21: Hoare triple {18683#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,345 INFO L290 TraceCheckUtils]: 22: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,346 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18683#true} {18683#true} #819#return; {18683#true} is VALID [2022-02-20 17:55:46,346 INFO L290 TraceCheckUtils]: 24: Hoare triple {18683#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18683#true} is VALID [2022-02-20 17:55:46,346 INFO L272 TraceCheckUtils]: 25: Hoare triple {18683#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18683#true} is VALID [2022-02-20 17:55:46,346 INFO L290 TraceCheckUtils]: 26: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,346 INFO L290 TraceCheckUtils]: 27: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,346 INFO L290 TraceCheckUtils]: 28: Hoare triple {18683#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,346 INFO L290 TraceCheckUtils]: 29: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,346 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18683#true} {18683#true} #821#return; {18683#true} is VALID [2022-02-20 17:55:46,347 INFO L290 TraceCheckUtils]: 31: Hoare triple {18683#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18683#true} is VALID [2022-02-20 17:55:46,347 INFO L272 TraceCheckUtils]: 32: Hoare triple {18683#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18683#true} is VALID [2022-02-20 17:55:46,347 INFO L290 TraceCheckUtils]: 33: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,347 INFO L290 TraceCheckUtils]: 34: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,347 INFO L290 TraceCheckUtils]: 35: Hoare triple {18683#true} assume !(2 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,347 INFO L290 TraceCheckUtils]: 36: Hoare triple {18683#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,347 INFO L290 TraceCheckUtils]: 37: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,348 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {18683#true} {18683#true} #823#return; {18683#true} is VALID [2022-02-20 17:55:46,348 INFO L290 TraceCheckUtils]: 39: Hoare triple {18683#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {18683#true} is VALID [2022-02-20 17:55:46,348 INFO L272 TraceCheckUtils]: 40: Hoare triple {18683#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18683#true} is VALID [2022-02-20 17:55:46,348 INFO L290 TraceCheckUtils]: 41: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,348 INFO L290 TraceCheckUtils]: 42: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,348 INFO L290 TraceCheckUtils]: 43: Hoare triple {18683#true} assume !(2 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,348 INFO L290 TraceCheckUtils]: 44: Hoare triple {18683#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,348 INFO L290 TraceCheckUtils]: 45: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,348 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {18683#true} {18683#true} #825#return; {18683#true} is VALID [2022-02-20 17:55:46,349 INFO L290 TraceCheckUtils]: 47: Hoare triple {18683#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {18683#true} is VALID [2022-02-20 17:55:46,359 INFO L290 TraceCheckUtils]: 48: Hoare triple {18683#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18883#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:46,360 INFO L290 TraceCheckUtils]: 49: Hoare triple {18883#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {18883#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:46,360 INFO L290 TraceCheckUtils]: 50: Hoare triple {18883#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {18883#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:46,360 INFO L290 TraceCheckUtils]: 51: Hoare triple {18883#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:46,361 INFO L290 TraceCheckUtils]: 52: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:46,361 INFO L290 TraceCheckUtils]: 53: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:46,361 INFO L290 TraceCheckUtils]: 54: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:46,361 INFO L290 TraceCheckUtils]: 55: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:46,362 INFO L290 TraceCheckUtils]: 56: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:55:46,362 INFO L290 TraceCheckUtils]: 57: Hoare triple {18716#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {18684#false} is VALID [2022-02-20 17:55:46,362 INFO L290 TraceCheckUtils]: 58: Hoare triple {18684#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {18684#false} is VALID [2022-02-20 17:55:46,362 INFO L272 TraceCheckUtils]: 59: Hoare triple {18684#false} call sendEmail(~bob~0, ~rjh~0); {18684#false} is VALID [2022-02-20 17:55:46,362 INFO L290 TraceCheckUtils]: 60: Hoare triple {18684#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18684#false} is VALID [2022-02-20 17:55:46,362 INFO L272 TraceCheckUtils]: 61: Hoare triple {18684#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18684#false} is VALID [2022-02-20 17:55:46,362 INFO L290 TraceCheckUtils]: 62: Hoare triple {18684#false} ~handle := #in~handle;~value := #in~value; {18684#false} is VALID [2022-02-20 17:55:46,363 INFO L290 TraceCheckUtils]: 63: Hoare triple {18684#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18684#false} is VALID [2022-02-20 17:55:46,363 INFO L290 TraceCheckUtils]: 64: Hoare triple {18684#false} assume true; {18684#false} is VALID [2022-02-20 17:55:46,363 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18684#false} {18684#false} #811#return; {18684#false} is VALID [2022-02-20 17:55:46,363 INFO L290 TraceCheckUtils]: 66: Hoare triple {18684#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {18684#false} is VALID [2022-02-20 17:55:46,363 INFO L290 TraceCheckUtils]: 67: Hoare triple {18684#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {18684#false} is VALID [2022-02-20 17:55:46,363 INFO L290 TraceCheckUtils]: 68: Hoare triple {18684#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {18684#false} is VALID [2022-02-20 17:55:46,363 INFO L290 TraceCheckUtils]: 69: Hoare triple {18684#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {18684#false} is VALID [2022-02-20 17:55:46,363 INFO L272 TraceCheckUtils]: 70: Hoare triple {18684#false} call outgoing(~sender#1, ~email~0#1); {18684#false} is VALID [2022-02-20 17:55:46,364 INFO L290 TraceCheckUtils]: 71: Hoare triple {18684#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {18684#false} is VALID [2022-02-20 17:55:46,364 INFO L272 TraceCheckUtils]: 72: Hoare triple {18684#false} call #t~ret42#1 := getEmailTo(~msg#1); {18684#false} is VALID [2022-02-20 17:55:46,364 INFO L290 TraceCheckUtils]: 73: Hoare triple {18684#false} ~handle := #in~handle;havoc ~retValue_acc~28; {18684#false} is VALID [2022-02-20 17:55:46,364 INFO L290 TraceCheckUtils]: 74: Hoare triple {18684#false} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {18684#false} is VALID [2022-02-20 17:55:46,364 INFO L290 TraceCheckUtils]: 75: Hoare triple {18684#false} assume true; {18684#false} is VALID [2022-02-20 17:55:46,364 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18684#false} {18684#false} #781#return; {18684#false} is VALID [2022-02-20 17:55:46,364 INFO L290 TraceCheckUtils]: 77: Hoare triple {18684#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {18684#false} is VALID [2022-02-20 17:55:46,364 INFO L290 TraceCheckUtils]: 78: Hoare triple {18684#false} assume 1 == findPublicKey_~handle#1; {18684#false} is VALID [2022-02-20 17:55:46,365 INFO L290 TraceCheckUtils]: 79: Hoare triple {18684#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {18684#false} is VALID [2022-02-20 17:55:46,365 INFO L290 TraceCheckUtils]: 80: Hoare triple {18684#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {18684#false} is VALID [2022-02-20 17:55:46,365 INFO L290 TraceCheckUtils]: 81: Hoare triple {18684#false} assume !(0 != ~pubkey~0#1); {18684#false} is VALID [2022-02-20 17:55:46,365 INFO L290 TraceCheckUtils]: 82: Hoare triple {18684#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {18684#false} is VALID [2022-02-20 17:55:46,365 INFO L290 TraceCheckUtils]: 83: Hoare triple {18684#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {18684#false} is VALID [2022-02-20 17:55:46,365 INFO L290 TraceCheckUtils]: 84: Hoare triple {18684#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {18684#false} is VALID [2022-02-20 17:55:46,365 INFO L272 TraceCheckUtils]: 85: Hoare triple {18684#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {18684#false} is VALID [2022-02-20 17:55:46,365 INFO L290 TraceCheckUtils]: 86: Hoare triple {18684#false} ~handle := #in~handle;~value := #in~value; {18684#false} is VALID [2022-02-20 17:55:46,366 INFO L290 TraceCheckUtils]: 87: Hoare triple {18684#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18684#false} is VALID [2022-02-20 17:55:46,366 INFO L290 TraceCheckUtils]: 88: Hoare triple {18684#false} assume true; {18684#false} is VALID [2022-02-20 17:55:46,366 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {18684#false} {18684#false} #787#return; {18684#false} is VALID [2022-02-20 17:55:46,366 INFO L290 TraceCheckUtils]: 90: Hoare triple {18684#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {18684#false} is VALID [2022-02-20 17:55:46,366 INFO L290 TraceCheckUtils]: 91: Hoare triple {18684#false} assume !(-1 == ~mail_is_sensitive~0); {18684#false} is VALID [2022-02-20 17:55:46,366 INFO L272 TraceCheckUtils]: 92: Hoare triple {18684#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {18684#false} is VALID [2022-02-20 17:55:46,366 INFO L290 TraceCheckUtils]: 93: Hoare triple {18684#false} ~handle := #in~handle;havoc ~retValue_acc~31; {18684#false} is VALID [2022-02-20 17:55:46,366 INFO L290 TraceCheckUtils]: 94: Hoare triple {18684#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {18684#false} is VALID [2022-02-20 17:55:46,366 INFO L290 TraceCheckUtils]: 95: Hoare triple {18684#false} assume true; {18684#false} is VALID [2022-02-20 17:55:46,367 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {18684#false} {18684#false} #791#return; {18684#false} is VALID [2022-02-20 17:55:46,367 INFO L290 TraceCheckUtils]: 97: Hoare triple {18684#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {18684#false} is VALID [2022-02-20 17:55:46,367 INFO L290 TraceCheckUtils]: 98: Hoare triple {18684#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {18684#false} is VALID [2022-02-20 17:55:46,367 INFO L290 TraceCheckUtils]: 99: Hoare triple {18684#false} assume !false; {18684#false} is VALID [2022-02-20 17:55:46,367 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:55:46,367 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 99: Hoare triple {18684#false} assume !false; {18684#false} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 98: Hoare triple {18684#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {18684#false} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 97: Hoare triple {18684#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {18684#false} is VALID [2022-02-20 17:55:46,626 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {18683#true} {18684#false} #791#return; {18684#false} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 95: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 94: Hoare triple {18683#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {18683#true} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 93: Hoare triple {18683#true} ~handle := #in~handle;havoc ~retValue_acc~31; {18683#true} is VALID [2022-02-20 17:55:46,626 INFO L272 TraceCheckUtils]: 92: Hoare triple {18684#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {18683#true} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 91: Hoare triple {18684#false} assume !(-1 == ~mail_is_sensitive~0); {18684#false} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 90: Hoare triple {18684#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {18684#false} is VALID [2022-02-20 17:55:46,626 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {18683#true} {18684#false} #787#return; {18684#false} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 88: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 87: Hoare triple {18683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 86: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,626 INFO L272 TraceCheckUtils]: 85: Hoare triple {18684#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {18683#true} is VALID [2022-02-20 17:55:46,626 INFO L290 TraceCheckUtils]: 84: Hoare triple {18684#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 83: Hoare triple {18684#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 82: Hoare triple {18684#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 81: Hoare triple {18684#false} assume !(0 != ~pubkey~0#1); {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 80: Hoare triple {18684#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 79: Hoare triple {18684#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 78: Hoare triple {18684#false} assume 1 == findPublicKey_~handle#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 77: Hoare triple {18684#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18683#true} {18684#false} #781#return; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 75: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 74: Hoare triple {18683#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {18683#true} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 73: Hoare triple {18683#true} ~handle := #in~handle;havoc ~retValue_acc~28; {18683#true} is VALID [2022-02-20 17:55:46,627 INFO L272 TraceCheckUtils]: 72: Hoare triple {18684#false} call #t~ret42#1 := getEmailTo(~msg#1); {18683#true} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 71: Hoare triple {18684#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L272 TraceCheckUtils]: 70: Hoare triple {18684#false} call outgoing(~sender#1, ~email~0#1); {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 69: Hoare triple {18684#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 68: Hoare triple {18684#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 67: Hoare triple {18684#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 66: Hoare triple {18684#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18683#true} {18684#false} #811#return; {18684#false} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 64: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,627 INFO L290 TraceCheckUtils]: 63: Hoare triple {18683#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,628 INFO L290 TraceCheckUtils]: 62: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,628 INFO L272 TraceCheckUtils]: 61: Hoare triple {18684#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18683#true} is VALID [2022-02-20 17:55:46,628 INFO L290 TraceCheckUtils]: 60: Hoare triple {18684#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18684#false} is VALID [2022-02-20 17:55:46,628 INFO L272 TraceCheckUtils]: 59: Hoare triple {18684#false} call sendEmail(~bob~0, ~rjh~0); {18684#false} is VALID [2022-02-20 17:55:46,628 INFO L290 TraceCheckUtils]: 58: Hoare triple {18684#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {18684#false} is VALID [2022-02-20 17:55:46,628 INFO L290 TraceCheckUtils]: 57: Hoare triple {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {18684#false} is VALID [2022-02-20 17:55:46,628 INFO L290 TraceCheckUtils]: 56: Hoare triple {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:46,629 INFO L290 TraceCheckUtils]: 55: Hoare triple {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:46,629 INFO L290 TraceCheckUtils]: 54: Hoare triple {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:46,629 INFO L290 TraceCheckUtils]: 53: Hoare triple {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:46,630 INFO L290 TraceCheckUtils]: 52: Hoare triple {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:46,630 INFO L290 TraceCheckUtils]: 51: Hoare triple {19182#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19163#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:55:46,630 INFO L290 TraceCheckUtils]: 50: Hoare triple {19182#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {19182#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:55:46,631 INFO L290 TraceCheckUtils]: 49: Hoare triple {19182#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {19182#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:55:46,631 INFO L290 TraceCheckUtils]: 48: Hoare triple {18683#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19182#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:55:46,631 INFO L290 TraceCheckUtils]: 47: Hoare triple {18683#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {18683#true} is VALID [2022-02-20 17:55:46,631 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {18683#true} {18683#true} #825#return; {18683#true} is VALID [2022-02-20 17:55:46,631 INFO L290 TraceCheckUtils]: 45: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,631 INFO L290 TraceCheckUtils]: 44: Hoare triple {18683#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,631 INFO L290 TraceCheckUtils]: 43: Hoare triple {18683#true} assume !(2 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,631 INFO L290 TraceCheckUtils]: 42: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,632 INFO L290 TraceCheckUtils]: 41: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,632 INFO L272 TraceCheckUtils]: 40: Hoare triple {18683#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18683#true} is VALID [2022-02-20 17:55:46,632 INFO L290 TraceCheckUtils]: 39: Hoare triple {18683#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {18683#true} is VALID [2022-02-20 17:55:46,632 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {18683#true} {18683#true} #823#return; {18683#true} is VALID [2022-02-20 17:55:46,632 INFO L290 TraceCheckUtils]: 37: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,632 INFO L290 TraceCheckUtils]: 36: Hoare triple {18683#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,632 INFO L290 TraceCheckUtils]: 35: Hoare triple {18683#true} assume !(2 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,632 INFO L290 TraceCheckUtils]: 34: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,632 INFO L290 TraceCheckUtils]: 33: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L272 TraceCheckUtils]: 32: Hoare triple {18683#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L290 TraceCheckUtils]: 31: Hoare triple {18683#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18683#true} {18683#true} #821#return; {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L290 TraceCheckUtils]: 29: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L290 TraceCheckUtils]: 28: Hoare triple {18683#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L290 TraceCheckUtils]: 27: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L290 TraceCheckUtils]: 26: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L272 TraceCheckUtils]: 25: Hoare triple {18683#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L290 TraceCheckUtils]: 24: Hoare triple {18683#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18683#true} is VALID [2022-02-20 17:55:46,633 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18683#true} {18683#true} #819#return; {18683#true} is VALID [2022-02-20 17:55:46,634 INFO L290 TraceCheckUtils]: 22: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,634 INFO L290 TraceCheckUtils]: 21: Hoare triple {18683#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,634 INFO L290 TraceCheckUtils]: 20: Hoare triple {18683#true} assume !(1 == ~handle); {18683#true} is VALID [2022-02-20 17:55:46,634 INFO L290 TraceCheckUtils]: 19: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,634 INFO L272 TraceCheckUtils]: 18: Hoare triple {18683#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18683#true} is VALID [2022-02-20 17:55:46,634 INFO L290 TraceCheckUtils]: 17: Hoare triple {18683#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18683#true} is VALID [2022-02-20 17:55:46,634 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18683#true} {18683#true} #817#return; {18683#true} is VALID [2022-02-20 17:55:46,634 INFO L290 TraceCheckUtils]: 15: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,634 INFO L290 TraceCheckUtils]: 14: Hoare triple {18683#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,635 INFO L290 TraceCheckUtils]: 13: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,635 INFO L272 TraceCheckUtils]: 12: Hoare triple {18683#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18683#true} is VALID [2022-02-20 17:55:46,635 INFO L290 TraceCheckUtils]: 11: Hoare triple {18683#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18683#true} is VALID [2022-02-20 17:55:46,635 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18683#true} {18683#true} #815#return; {18683#true} is VALID [2022-02-20 17:55:46,635 INFO L290 TraceCheckUtils]: 9: Hoare triple {18683#true} assume true; {18683#true} is VALID [2022-02-20 17:55:46,635 INFO L290 TraceCheckUtils]: 8: Hoare triple {18683#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18683#true} is VALID [2022-02-20 17:55:46,635 INFO L290 TraceCheckUtils]: 7: Hoare triple {18683#true} ~handle := #in~handle;~value := #in~value; {18683#true} is VALID [2022-02-20 17:55:46,635 INFO L272 TraceCheckUtils]: 6: Hoare triple {18683#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18683#true} is VALID [2022-02-20 17:55:46,635 INFO L290 TraceCheckUtils]: 5: Hoare triple {18683#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18683#true} is VALID [2022-02-20 17:55:46,636 INFO L290 TraceCheckUtils]: 4: Hoare triple {18683#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {18683#true} is VALID [2022-02-20 17:55:46,636 INFO L290 TraceCheckUtils]: 3: Hoare triple {18683#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {18683#true} is VALID [2022-02-20 17:55:46,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {18683#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18683#true} is VALID [2022-02-20 17:55:46,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {18683#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {18683#true} is VALID [2022-02-20 17:55:46,636 INFO L290 TraceCheckUtils]: 0: Hoare triple {18683#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {18683#true} is VALID [2022-02-20 17:55:46,636 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:55:46,637 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1826727208] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 17:55:46,637 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 17:55:46,637 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 4, 4] total 10 [2022-02-20 17:55:46,639 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [125026398] [2022-02-20 17:55:46,639 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 17:55:46,639 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 100 [2022-02-20 17:55:46,706 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:46,707 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:46,776 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 129 edges. 129 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:46,776 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 17:55:46,776 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:46,777 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 17:55:46,777 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=63, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:46,777 INFO L87 Difference]: Start difference. First operand 308 states and 479 transitions. Second operand has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:51,340 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:51,340 INFO L93 Difference]: Finished difference Result 793 states and 1297 transitions. [2022-02-20 17:55:51,341 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 17:55:51,341 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 100 [2022-02-20 17:55:51,341 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:51,341 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:51,352 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1031 transitions. [2022-02-20 17:55:51,366 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:51,379 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 1031 transitions. [2022-02-20 17:55:51,380 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 1031 transitions. [2022-02-20 17:55:52,145 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1031 edges. 1031 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:52,172 INFO L225 Difference]: With dead ends: 793 [2022-02-20 17:55:52,172 INFO L226 Difference]: Without dead ends: 687 [2022-02-20 17:55:52,173 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 229 GetRequests, 217 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 21 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=47, Invalid=135, Unknown=0, NotChecked=0, Total=182 [2022-02-20 17:55:52,173 INFO L933 BasicCegarLoop]: 498 mSDtfsCounter, 953 mSDsluCounter, 1058 mSDsCounter, 0 mSdLazyCounter, 1488 mSolverCounterSat, 308 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 998 SdHoareTripleChecker+Valid, 1556 SdHoareTripleChecker+Invalid, 1796 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 308 IncrementalHoareTripleChecker+Valid, 1488 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:52,173 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [998 Valid, 1556 Invalid, 1796 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [308 Valid, 1488 Invalid, 0 Unknown, 0 Unchecked, 1.8s Time] [2022-02-20 17:55:52,174 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 687 states. [2022-02-20 17:55:52,486 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 687 to 611. [2022-02-20 17:55:52,486 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:52,487 INFO L82 GeneralOperation]: Start isEquivalent. First operand 687 states. Second operand has 611 states, 477 states have (on average 1.6058700209643606) internal successors, (766), 484 states have internal predecessors, (766), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) [2022-02-20 17:55:52,488 INFO L74 IsIncluded]: Start isIncluded. First operand 687 states. Second operand has 611 states, 477 states have (on average 1.6058700209643606) internal successors, (766), 484 states have internal predecessors, (766), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) [2022-02-20 17:55:52,489 INFO L87 Difference]: Start difference. First operand 687 states. Second operand has 611 states, 477 states have (on average 1.6058700209643606) internal successors, (766), 484 states have internal predecessors, (766), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) [2022-02-20 17:55:52,513 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:52,513 INFO L93 Difference]: Finished difference Result 687 states and 1143 transitions. [2022-02-20 17:55:52,513 INFO L276 IsEmpty]: Start isEmpty. Operand 687 states and 1143 transitions. [2022-02-20 17:55:52,516 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:52,516 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:52,517 INFO L74 IsIncluded]: Start isIncluded. First operand has 611 states, 477 states have (on average 1.6058700209643606) internal successors, (766), 484 states have internal predecessors, (766), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) Second operand 687 states. [2022-02-20 17:55:52,518 INFO L87 Difference]: Start difference. First operand has 611 states, 477 states have (on average 1.6058700209643606) internal successors, (766), 484 states have internal predecessors, (766), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) Second operand 687 states. [2022-02-20 17:55:52,546 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:52,546 INFO L93 Difference]: Finished difference Result 687 states and 1143 transitions. [2022-02-20 17:55:52,546 INFO L276 IsEmpty]: Start isEmpty. Operand 687 states and 1143 transitions. [2022-02-20 17:55:52,549 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:52,549 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:52,549 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:52,550 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:52,551 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 611 states, 477 states have (on average 1.6058700209643606) internal successors, (766), 484 states have internal predecessors, (766), 114 states have call successors, (114), 15 states have call predecessors, (114), 19 states have return successors, (135), 113 states have call predecessors, (135), 113 states have call successors, (135) [2022-02-20 17:55:52,574 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 611 states to 611 states and 1015 transitions. [2022-02-20 17:55:52,574 INFO L78 Accepts]: Start accepts. Automaton has 611 states and 1015 transitions. Word has length 100 [2022-02-20 17:55:52,574 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:52,574 INFO L470 AbstractCegarLoop]: Abstraction has 611 states and 1015 transitions. [2022-02-20 17:55:52,575 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 9.1) internal successors, (91), 7 states have internal predecessors, (91), 2 states have call successors, (24), 5 states have call predecessors, (24), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:52,575 INFO L276 IsEmpty]: Start isEmpty. Operand 611 states and 1015 transitions. [2022-02-20 17:55:52,577 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 107 [2022-02-20 17:55:52,577 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:52,577 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:52,609 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:52,795 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:52,795 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:52,796 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:52,796 INFO L85 PathProgramCache]: Analyzing trace with hash -699793798, now seen corresponding path program 1 times [2022-02-20 17:55:52,796 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:52,796 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [268220103] [2022-02-20 17:55:52,796 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:52,796 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:52,820 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,841 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:52,842 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,844 INFO L290 TraceCheckUtils]: 0: Hoare triple {22812#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,844 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,844 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,844 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22763#true} {22763#true} #815#return; {22763#true} is VALID [2022-02-20 17:55:52,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:52,849 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {22813#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,851 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,851 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22763#true} {22763#true} #817#return; {22763#true} is VALID [2022-02-20 17:55:52,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:52,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,854 INFO L290 TraceCheckUtils]: 0: Hoare triple {22812#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,854 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume !(1 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,854 INFO L290 TraceCheckUtils]: 3: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,855 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22763#true} {22763#true} #819#return; {22763#true} is VALID [2022-02-20 17:55:52,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:52,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,858 INFO L290 TraceCheckUtils]: 0: Hoare triple {22813#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,858 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume !(1 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,858 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,859 INFO L290 TraceCheckUtils]: 3: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,859 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22763#true} {22763#true} #821#return; {22763#true} is VALID [2022-02-20 17:55:52,859 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:52,870 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,872 INFO L290 TraceCheckUtils]: 0: Hoare triple {22812#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,873 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume !(1 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,884 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume !(2 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,885 INFO L290 TraceCheckUtils]: 3: Hoare triple {22763#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,885 INFO L290 TraceCheckUtils]: 4: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,885 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22763#true} {22763#true} #823#return; {22763#true} is VALID [2022-02-20 17:55:52,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:55:52,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,889 INFO L290 TraceCheckUtils]: 0: Hoare triple {22813#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume !(1 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,889 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume !(2 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,889 INFO L290 TraceCheckUtils]: 3: Hoare triple {22763#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,889 INFO L290 TraceCheckUtils]: 4: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,889 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22763#true} {22763#true} #825#return; {22763#true} is VALID [2022-02-20 17:55:52,893 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:55:52,894 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,896 INFO L290 TraceCheckUtils]: 0: Hoare triple {22814#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,896 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,896 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,896 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22763#true} {22764#false} #811#return; {22764#false} is VALID [2022-02-20 17:55:52,897 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:55:52,897 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,898 INFO L290 TraceCheckUtils]: 0: Hoare triple {22763#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22763#true} is VALID [2022-02-20 17:55:52,899 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {22763#true} is VALID [2022-02-20 17:55:52,899 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,899 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22763#true} {22764#false} #781#return; {22764#false} is VALID [2022-02-20 17:55:52,899 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:55:52,900 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,901 INFO L290 TraceCheckUtils]: 0: Hoare triple {22814#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,901 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,901 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,901 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22763#true} {22764#false} #787#return; {22764#false} is VALID [2022-02-20 17:55:52,902 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:55:52,902 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,903 INFO L290 TraceCheckUtils]: 0: Hoare triple {22763#true} ~handle := #in~handle;havoc ~retValue_acc~31; {22763#true} is VALID [2022-02-20 17:55:52,904 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {22763#true} is VALID [2022-02-20 17:55:52,904 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,904 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22763#true} {22764#false} #791#return; {22764#false} is VALID [2022-02-20 17:55:52,904 INFO L290 TraceCheckUtils]: 0: Hoare triple {22763#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {22763#true} is VALID [2022-02-20 17:55:52,904 INFO L290 TraceCheckUtils]: 1: Hoare triple {22763#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {22763#true} is VALID [2022-02-20 17:55:52,904 INFO L290 TraceCheckUtils]: 2: Hoare triple {22763#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22763#true} is VALID [2022-02-20 17:55:52,904 INFO L290 TraceCheckUtils]: 3: Hoare triple {22763#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {22763#true} is VALID [2022-02-20 17:55:52,904 INFO L290 TraceCheckUtils]: 4: Hoare triple {22763#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {22763#true} is VALID [2022-02-20 17:55:52,905 INFO L290 TraceCheckUtils]: 5: Hoare triple {22763#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22763#true} is VALID [2022-02-20 17:55:52,905 INFO L272 TraceCheckUtils]: 6: Hoare triple {22763#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22812#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:52,905 INFO L290 TraceCheckUtils]: 7: Hoare triple {22812#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,905 INFO L290 TraceCheckUtils]: 8: Hoare triple {22763#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,905 INFO L290 TraceCheckUtils]: 9: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,906 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22763#true} {22763#true} #815#return; {22763#true} is VALID [2022-02-20 17:55:52,906 INFO L290 TraceCheckUtils]: 11: Hoare triple {22763#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22763#true} is VALID [2022-02-20 17:55:52,906 INFO L272 TraceCheckUtils]: 12: Hoare triple {22763#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22813#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:52,906 INFO L290 TraceCheckUtils]: 13: Hoare triple {22813#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,907 INFO L290 TraceCheckUtils]: 14: Hoare triple {22763#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,907 INFO L290 TraceCheckUtils]: 15: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,907 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22763#true} {22763#true} #817#return; {22763#true} is VALID [2022-02-20 17:55:52,907 INFO L290 TraceCheckUtils]: 17: Hoare triple {22763#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22763#true} is VALID [2022-02-20 17:55:52,907 INFO L272 TraceCheckUtils]: 18: Hoare triple {22763#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22812#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:52,908 INFO L290 TraceCheckUtils]: 19: Hoare triple {22812#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,908 INFO L290 TraceCheckUtils]: 20: Hoare triple {22763#true} assume !(1 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,908 INFO L290 TraceCheckUtils]: 21: Hoare triple {22763#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,908 INFO L290 TraceCheckUtils]: 22: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,908 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22763#true} {22763#true} #819#return; {22763#true} is VALID [2022-02-20 17:55:52,908 INFO L290 TraceCheckUtils]: 24: Hoare triple {22763#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22763#true} is VALID [2022-02-20 17:55:52,909 INFO L272 TraceCheckUtils]: 25: Hoare triple {22763#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22813#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:52,909 INFO L290 TraceCheckUtils]: 26: Hoare triple {22813#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,909 INFO L290 TraceCheckUtils]: 27: Hoare triple {22763#true} assume !(1 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,909 INFO L290 TraceCheckUtils]: 28: Hoare triple {22763#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,909 INFO L290 TraceCheckUtils]: 29: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,909 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22763#true} {22763#true} #821#return; {22763#true} is VALID [2022-02-20 17:55:52,909 INFO L290 TraceCheckUtils]: 31: Hoare triple {22763#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22763#true} is VALID [2022-02-20 17:55:52,910 INFO L272 TraceCheckUtils]: 32: Hoare triple {22763#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22812#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:52,910 INFO L290 TraceCheckUtils]: 33: Hoare triple {22812#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,910 INFO L290 TraceCheckUtils]: 34: Hoare triple {22763#true} assume !(1 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,910 INFO L290 TraceCheckUtils]: 35: Hoare triple {22763#true} assume !(2 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,910 INFO L290 TraceCheckUtils]: 36: Hoare triple {22763#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,910 INFO L290 TraceCheckUtils]: 37: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,910 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22763#true} {22763#true} #823#return; {22763#true} is VALID [2022-02-20 17:55:52,910 INFO L290 TraceCheckUtils]: 39: Hoare triple {22763#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {22763#true} is VALID [2022-02-20 17:55:52,911 INFO L272 TraceCheckUtils]: 40: Hoare triple {22763#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22813#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:52,911 INFO L290 TraceCheckUtils]: 41: Hoare triple {22813#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,911 INFO L290 TraceCheckUtils]: 42: Hoare triple {22763#true} assume !(1 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,911 INFO L290 TraceCheckUtils]: 43: Hoare triple {22763#true} assume !(2 == ~handle); {22763#true} is VALID [2022-02-20 17:55:52,911 INFO L290 TraceCheckUtils]: 44: Hoare triple {22763#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,911 INFO L290 TraceCheckUtils]: 45: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,912 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {22763#true} {22763#true} #825#return; {22763#true} is VALID [2022-02-20 17:55:52,912 INFO L290 TraceCheckUtils]: 47: Hoare triple {22763#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {22763#true} is VALID [2022-02-20 17:55:52,912 INFO L290 TraceCheckUtils]: 48: Hoare triple {22763#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:55:52,912 INFO L290 TraceCheckUtils]: 49: Hoare triple {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !false; {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:55:52,912 INFO L290 TraceCheckUtils]: 50: Hoare triple {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:55:52,913 INFO L290 TraceCheckUtils]: 51: Hoare triple {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:55:52,913 INFO L290 TraceCheckUtils]: 52: Hoare triple {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:55:52,913 INFO L290 TraceCheckUtils]: 53: Hoare triple {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 54: Hoare triple {22795#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 == test_~op2~0#1); {22764#false} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 55: Hoare triple {22764#false} assume !(0 == test_~op3~0#1); {22764#false} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 56: Hoare triple {22764#false} assume !(0 == test_~op4~0#1); {22764#false} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 57: Hoare triple {22764#false} assume !(0 == test_~op5~0#1); {22764#false} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 58: Hoare triple {22764#false} assume !(0 == test_~op6~0#1); {22764#false} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 59: Hoare triple {22764#false} assume !(0 == test_~op7~0#1); {22764#false} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 60: Hoare triple {22764#false} assume !(0 == test_~op8~0#1); {22764#false} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 61: Hoare triple {22764#false} assume !(0 == test_~op9~0#1); {22764#false} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 62: Hoare triple {22764#false} assume !(0 == test_~op10~0#1); {22764#false} is VALID [2022-02-20 17:55:52,914 INFO L290 TraceCheckUtils]: 63: Hoare triple {22764#false} assume !(0 == test_~op11~0#1); {22764#false} is VALID [2022-02-20 17:55:52,915 INFO L290 TraceCheckUtils]: 64: Hoare triple {22764#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {22764#false} is VALID [2022-02-20 17:55:52,915 INFO L272 TraceCheckUtils]: 65: Hoare triple {22764#false} call sendEmail(~bob~0, ~rjh~0); {22764#false} is VALID [2022-02-20 17:55:52,915 INFO L290 TraceCheckUtils]: 66: Hoare triple {22764#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22764#false} is VALID [2022-02-20 17:55:52,915 INFO L272 TraceCheckUtils]: 67: Hoare triple {22764#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22814#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:52,915 INFO L290 TraceCheckUtils]: 68: Hoare triple {22814#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,915 INFO L290 TraceCheckUtils]: 69: Hoare triple {22763#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,915 INFO L290 TraceCheckUtils]: 70: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,915 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {22763#true} {22764#false} #811#return; {22764#false} is VALID [2022-02-20 17:55:52,915 INFO L290 TraceCheckUtils]: 72: Hoare triple {22764#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {22764#false} is VALID [2022-02-20 17:55:52,916 INFO L290 TraceCheckUtils]: 73: Hoare triple {22764#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {22764#false} is VALID [2022-02-20 17:55:52,916 INFO L290 TraceCheckUtils]: 74: Hoare triple {22764#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {22764#false} is VALID [2022-02-20 17:55:52,916 INFO L290 TraceCheckUtils]: 75: Hoare triple {22764#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {22764#false} is VALID [2022-02-20 17:55:52,916 INFO L272 TraceCheckUtils]: 76: Hoare triple {22764#false} call outgoing(~sender#1, ~email~0#1); {22764#false} is VALID [2022-02-20 17:55:52,916 INFO L290 TraceCheckUtils]: 77: Hoare triple {22764#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {22764#false} is VALID [2022-02-20 17:55:52,916 INFO L272 TraceCheckUtils]: 78: Hoare triple {22764#false} call #t~ret42#1 := getEmailTo(~msg#1); {22763#true} is VALID [2022-02-20 17:55:52,916 INFO L290 TraceCheckUtils]: 79: Hoare triple {22763#true} ~handle := #in~handle;havoc ~retValue_acc~28; {22763#true} is VALID [2022-02-20 17:55:52,917 INFO L290 TraceCheckUtils]: 80: Hoare triple {22763#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {22763#true} is VALID [2022-02-20 17:55:52,917 INFO L290 TraceCheckUtils]: 81: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,917 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {22763#true} {22764#false} #781#return; {22764#false} is VALID [2022-02-20 17:55:52,918 INFO L290 TraceCheckUtils]: 83: Hoare triple {22764#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {22764#false} is VALID [2022-02-20 17:55:52,918 INFO L290 TraceCheckUtils]: 84: Hoare triple {22764#false} assume 1 == findPublicKey_~handle#1; {22764#false} is VALID [2022-02-20 17:55:52,918 INFO L290 TraceCheckUtils]: 85: Hoare triple {22764#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {22764#false} is VALID [2022-02-20 17:55:52,918 INFO L290 TraceCheckUtils]: 86: Hoare triple {22764#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {22764#false} is VALID [2022-02-20 17:55:52,918 INFO L290 TraceCheckUtils]: 87: Hoare triple {22764#false} assume !(0 != ~pubkey~0#1); {22764#false} is VALID [2022-02-20 17:55:52,918 INFO L290 TraceCheckUtils]: 88: Hoare triple {22764#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {22764#false} is VALID [2022-02-20 17:55:52,918 INFO L290 TraceCheckUtils]: 89: Hoare triple {22764#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {22764#false} is VALID [2022-02-20 17:55:52,918 INFO L290 TraceCheckUtils]: 90: Hoare triple {22764#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {22764#false} is VALID [2022-02-20 17:55:52,918 INFO L272 TraceCheckUtils]: 91: Hoare triple {22764#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {22814#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:52,919 INFO L290 TraceCheckUtils]: 92: Hoare triple {22814#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22763#true} is VALID [2022-02-20 17:55:52,919 INFO L290 TraceCheckUtils]: 93: Hoare triple {22763#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22763#true} is VALID [2022-02-20 17:55:52,919 INFO L290 TraceCheckUtils]: 94: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,919 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {22763#true} {22764#false} #787#return; {22764#false} is VALID [2022-02-20 17:55:52,919 INFO L290 TraceCheckUtils]: 96: Hoare triple {22764#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {22764#false} is VALID [2022-02-20 17:55:52,919 INFO L290 TraceCheckUtils]: 97: Hoare triple {22764#false} assume !(-1 == ~mail_is_sensitive~0); {22764#false} is VALID [2022-02-20 17:55:52,919 INFO L272 TraceCheckUtils]: 98: Hoare triple {22764#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {22763#true} is VALID [2022-02-20 17:55:52,919 INFO L290 TraceCheckUtils]: 99: Hoare triple {22763#true} ~handle := #in~handle;havoc ~retValue_acc~31; {22763#true} is VALID [2022-02-20 17:55:52,919 INFO L290 TraceCheckUtils]: 100: Hoare triple {22763#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {22763#true} is VALID [2022-02-20 17:55:52,920 INFO L290 TraceCheckUtils]: 101: Hoare triple {22763#true} assume true; {22763#true} is VALID [2022-02-20 17:55:52,920 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {22763#true} {22764#false} #791#return; {22764#false} is VALID [2022-02-20 17:55:52,920 INFO L290 TraceCheckUtils]: 103: Hoare triple {22764#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {22764#false} is VALID [2022-02-20 17:55:52,920 INFO L290 TraceCheckUtils]: 104: Hoare triple {22764#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {22764#false} is VALID [2022-02-20 17:55:52,920 INFO L290 TraceCheckUtils]: 105: Hoare triple {22764#false} assume !false; {22764#false} is VALID [2022-02-20 17:55:52,921 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:55:52,921 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:52,921 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [268220103] [2022-02-20 17:55:52,921 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [268220103] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:52,922 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:52,922 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:55:52,922 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [126421915] [2022-02-20 17:55:52,922 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:52,922 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 106 [2022-02-20 17:55:52,923 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:52,923 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:52,980 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:52,980 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:55:52,980 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:52,980 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:55:52,981 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:55:52,981 INFO L87 Difference]: Start difference. First operand 611 states and 1015 transitions. Second operand has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:55,667 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:55,667 INFO L93 Difference]: Finished difference Result 1514 states and 2576 transitions. [2022-02-20 17:55:55,667 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 17:55:55,667 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 106 [2022-02-20 17:55:55,667 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:55,667 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:55,673 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 954 transitions. [2022-02-20 17:55:55,673 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:55,679 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 954 transitions. [2022-02-20 17:55:55,679 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 954 transitions. [2022-02-20 17:55:56,380 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 954 edges. 954 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:56,427 INFO L225 Difference]: With dead ends: 1514 [2022-02-20 17:55:56,427 INFO L226 Difference]: Without dead ends: 971 [2022-02-20 17:55:56,429 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:56,429 INFO L933 BasicCegarLoop]: 453 mSDtfsCounter, 662 mSDsluCounter, 504 mSDsCounter, 0 mSdLazyCounter, 592 mSolverCounterSat, 226 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 677 SdHoareTripleChecker+Valid, 957 SdHoareTripleChecker+Invalid, 818 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 226 IncrementalHoareTripleChecker+Valid, 592 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:56,429 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [677 Valid, 957 Invalid, 818 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [226 Valid, 592 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2022-02-20 17:55:56,431 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 971 states. [2022-02-20 17:55:56,883 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 971 to 911. [2022-02-20 17:55:56,883 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:56,885 INFO L82 GeneralOperation]: Start isEquivalent. First operand 971 states. Second operand has 911 states, 713 states have (on average 1.614305750350631) internal successors, (1151), 720 states have internal predecessors, (1151), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) [2022-02-20 17:55:56,886 INFO L74 IsIncluded]: Start isIncluded. First operand 971 states. Second operand has 911 states, 713 states have (on average 1.614305750350631) internal successors, (1151), 720 states have internal predecessors, (1151), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) [2022-02-20 17:55:56,887 INFO L87 Difference]: Start difference. First operand 971 states. Second operand has 911 states, 713 states have (on average 1.614305750350631) internal successors, (1151), 720 states have internal predecessors, (1151), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) [2022-02-20 17:55:56,926 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:56,926 INFO L93 Difference]: Finished difference Result 971 states and 1661 transitions. [2022-02-20 17:55:56,927 INFO L276 IsEmpty]: Start isEmpty. Operand 971 states and 1661 transitions. [2022-02-20 17:55:56,930 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:56,930 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:56,931 INFO L74 IsIncluded]: Start isIncluded. First operand has 911 states, 713 states have (on average 1.614305750350631) internal successors, (1151), 720 states have internal predecessors, (1151), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) Second operand 971 states. [2022-02-20 17:55:56,932 INFO L87 Difference]: Start difference. First operand has 911 states, 713 states have (on average 1.614305750350631) internal successors, (1151), 720 states have internal predecessors, (1151), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) Second operand 971 states. [2022-02-20 17:55:56,970 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:56,971 INFO L93 Difference]: Finished difference Result 971 states and 1661 transitions. [2022-02-20 17:55:56,971 INFO L276 IsEmpty]: Start isEmpty. Operand 971 states and 1661 transitions. [2022-02-20 17:55:56,974 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:56,974 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:56,974 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:56,974 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:56,976 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 911 states, 713 states have (on average 1.614305750350631) internal successors, (1151), 720 states have internal predecessors, (1151), 178 states have call successors, (178), 15 states have call predecessors, (178), 19 states have return successors, (209), 177 states have call predecessors, (209), 177 states have call successors, (209) [2022-02-20 17:55:57,020 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 911 states to 911 states and 1538 transitions. [2022-02-20 17:55:57,020 INFO L78 Accepts]: Start accepts. Automaton has 911 states and 1538 transitions. Word has length 106 [2022-02-20 17:55:57,021 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:57,021 INFO L470 AbstractCegarLoop]: Abstraction has 911 states and 1538 transitions. [2022-02-20 17:55:57,021 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 11.833333333333334) internal successors, (71), 3 states have internal predecessors, (71), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:57,021 INFO L276 IsEmpty]: Start isEmpty. Operand 911 states and 1538 transitions. [2022-02-20 17:55:57,024 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 108 [2022-02-20 17:55:57,024 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:57,024 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:57,024 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-20 17:55:57,025 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:57,025 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:57,025 INFO L85 PathProgramCache]: Analyzing trace with hash 1925218256, now seen corresponding path program 1 times [2022-02-20 17:55:57,025 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:57,025 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [475085486] [2022-02-20 17:55:57,025 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:57,025 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:57,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,064 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:57,065 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,068 INFO L290 TraceCheckUtils]: 0: Hoare triple {28397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,068 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,068 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,068 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28348#true} {28348#true} #815#return; {28348#true} is VALID [2022-02-20 17:55:57,077 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:57,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {28398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,081 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28348#true} {28348#true} #817#return; {28348#true} is VALID [2022-02-20 17:55:57,081 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:57,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {28397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,085 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume !(1 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,085 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,085 INFO L290 TraceCheckUtils]: 3: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,085 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28348#true} {28348#true} #819#return; {28348#true} is VALID [2022-02-20 17:55:57,085 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:57,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,088 INFO L290 TraceCheckUtils]: 0: Hoare triple {28398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,089 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume !(1 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,089 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,089 INFO L290 TraceCheckUtils]: 3: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,089 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28348#true} {28348#true} #821#return; {28348#true} is VALID [2022-02-20 17:55:57,089 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:57,090 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,092 INFO L290 TraceCheckUtils]: 0: Hoare triple {28397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,092 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume !(1 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,092 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume !(2 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,092 INFO L290 TraceCheckUtils]: 3: Hoare triple {28348#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,092 INFO L290 TraceCheckUtils]: 4: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,093 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28348#true} {28348#true} #823#return; {28348#true} is VALID [2022-02-20 17:55:57,093 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:55:57,094 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,096 INFO L290 TraceCheckUtils]: 0: Hoare triple {28398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,096 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume !(1 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,097 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume !(2 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,097 INFO L290 TraceCheckUtils]: 3: Hoare triple {28348#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,097 INFO L290 TraceCheckUtils]: 4: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,097 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {28348#true} {28348#true} #825#return; {28348#true} is VALID [2022-02-20 17:55:57,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:55:57,102 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,104 INFO L290 TraceCheckUtils]: 0: Hoare triple {28399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,104 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,104 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,104 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28348#true} {28349#false} #811#return; {28349#false} is VALID [2022-02-20 17:55:57,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:55:57,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {28348#true} ~handle := #in~handle;havoc ~retValue_acc~28; {28348#true} is VALID [2022-02-20 17:55:57,107 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {28348#true} is VALID [2022-02-20 17:55:57,107 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,107 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28348#true} {28349#false} #781#return; {28349#false} is VALID [2022-02-20 17:55:57,107 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:55:57,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,109 INFO L290 TraceCheckUtils]: 0: Hoare triple {28399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,109 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,109 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,109 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28348#true} {28349#false} #787#return; {28349#false} is VALID [2022-02-20 17:55:57,110 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:55:57,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,111 INFO L290 TraceCheckUtils]: 0: Hoare triple {28348#true} ~handle := #in~handle;havoc ~retValue_acc~31; {28348#true} is VALID [2022-02-20 17:55:57,112 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {28348#true} is VALID [2022-02-20 17:55:57,112 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,112 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {28348#true} {28349#false} #791#return; {28349#false} is VALID [2022-02-20 17:55:57,112 INFO L290 TraceCheckUtils]: 0: Hoare triple {28348#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {28348#true} is VALID [2022-02-20 17:55:57,112 INFO L290 TraceCheckUtils]: 1: Hoare triple {28348#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {28348#true} is VALID [2022-02-20 17:55:57,112 INFO L290 TraceCheckUtils]: 2: Hoare triple {28348#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {28348#true} is VALID [2022-02-20 17:55:57,112 INFO L290 TraceCheckUtils]: 3: Hoare triple {28348#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {28348#true} is VALID [2022-02-20 17:55:57,112 INFO L290 TraceCheckUtils]: 4: Hoare triple {28348#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {28348#true} is VALID [2022-02-20 17:55:57,112 INFO L290 TraceCheckUtils]: 5: Hoare triple {28348#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {28348#true} is VALID [2022-02-20 17:55:57,113 INFO L272 TraceCheckUtils]: 6: Hoare triple {28348#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {28397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:57,113 INFO L290 TraceCheckUtils]: 7: Hoare triple {28397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,113 INFO L290 TraceCheckUtils]: 8: Hoare triple {28348#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,113 INFO L290 TraceCheckUtils]: 9: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,113 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {28348#true} {28348#true} #815#return; {28348#true} is VALID [2022-02-20 17:55:57,114 INFO L290 TraceCheckUtils]: 11: Hoare triple {28348#true} assume { :end_inline_setup_bob__wrappee__Base } true; {28348#true} is VALID [2022-02-20 17:55:57,114 INFO L272 TraceCheckUtils]: 12: Hoare triple {28348#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {28398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:57,114 INFO L290 TraceCheckUtils]: 13: Hoare triple {28398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,114 INFO L290 TraceCheckUtils]: 14: Hoare triple {28348#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,114 INFO L290 TraceCheckUtils]: 15: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,114 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {28348#true} {28348#true} #817#return; {28348#true} is VALID [2022-02-20 17:55:57,115 INFO L290 TraceCheckUtils]: 17: Hoare triple {28348#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {28348#true} is VALID [2022-02-20 17:55:57,115 INFO L272 TraceCheckUtils]: 18: Hoare triple {28348#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {28397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:57,115 INFO L290 TraceCheckUtils]: 19: Hoare triple {28397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,115 INFO L290 TraceCheckUtils]: 20: Hoare triple {28348#true} assume !(1 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,115 INFO L290 TraceCheckUtils]: 21: Hoare triple {28348#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,115 INFO L290 TraceCheckUtils]: 22: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,116 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {28348#true} {28348#true} #819#return; {28348#true} is VALID [2022-02-20 17:55:57,116 INFO L290 TraceCheckUtils]: 24: Hoare triple {28348#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {28348#true} is VALID [2022-02-20 17:55:57,116 INFO L272 TraceCheckUtils]: 25: Hoare triple {28348#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {28398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:57,116 INFO L290 TraceCheckUtils]: 26: Hoare triple {28398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,116 INFO L290 TraceCheckUtils]: 27: Hoare triple {28348#true} assume !(1 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,116 INFO L290 TraceCheckUtils]: 28: Hoare triple {28348#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,117 INFO L290 TraceCheckUtils]: 29: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,117 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {28348#true} {28348#true} #821#return; {28348#true} is VALID [2022-02-20 17:55:57,117 INFO L290 TraceCheckUtils]: 31: Hoare triple {28348#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {28348#true} is VALID [2022-02-20 17:55:57,117 INFO L272 TraceCheckUtils]: 32: Hoare triple {28348#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {28397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:57,117 INFO L290 TraceCheckUtils]: 33: Hoare triple {28397#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,117 INFO L290 TraceCheckUtils]: 34: Hoare triple {28348#true} assume !(1 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,118 INFO L290 TraceCheckUtils]: 35: Hoare triple {28348#true} assume !(2 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,118 INFO L290 TraceCheckUtils]: 36: Hoare triple {28348#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,118 INFO L290 TraceCheckUtils]: 37: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,118 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {28348#true} {28348#true} #823#return; {28348#true} is VALID [2022-02-20 17:55:57,118 INFO L290 TraceCheckUtils]: 39: Hoare triple {28348#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {28348#true} is VALID [2022-02-20 17:55:57,118 INFO L272 TraceCheckUtils]: 40: Hoare triple {28348#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {28398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:57,119 INFO L290 TraceCheckUtils]: 41: Hoare triple {28398#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,119 INFO L290 TraceCheckUtils]: 42: Hoare triple {28348#true} assume !(1 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,119 INFO L290 TraceCheckUtils]: 43: Hoare triple {28348#true} assume !(2 == ~handle); {28348#true} is VALID [2022-02-20 17:55:57,119 INFO L290 TraceCheckUtils]: 44: Hoare triple {28348#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,119 INFO L290 TraceCheckUtils]: 45: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,119 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {28348#true} {28348#true} #825#return; {28348#true} is VALID [2022-02-20 17:55:57,119 INFO L290 TraceCheckUtils]: 47: Hoare triple {28348#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {28348#true} is VALID [2022-02-20 17:55:57,120 INFO L290 TraceCheckUtils]: 48: Hoare triple {28348#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:55:57,120 INFO L290 TraceCheckUtils]: 49: Hoare triple {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !false; {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:55:57,120 INFO L290 TraceCheckUtils]: 50: Hoare triple {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:55:57,120 INFO L290 TraceCheckUtils]: 51: Hoare triple {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:55:57,121 INFO L290 TraceCheckUtils]: 52: Hoare triple {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:55:57,121 INFO L290 TraceCheckUtils]: 53: Hoare triple {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:55:57,121 INFO L290 TraceCheckUtils]: 54: Hoare triple {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:55:57,121 INFO L290 TraceCheckUtils]: 55: Hoare triple {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} is VALID [2022-02-20 17:55:57,122 INFO L290 TraceCheckUtils]: 56: Hoare triple {28380#(= |ULTIMATE.start_test_~op3~0#1| 0)} assume !(0 == test_~op3~0#1); {28349#false} is VALID [2022-02-20 17:55:57,122 INFO L290 TraceCheckUtils]: 57: Hoare triple {28349#false} assume !(0 == test_~op4~0#1); {28349#false} is VALID [2022-02-20 17:55:57,122 INFO L290 TraceCheckUtils]: 58: Hoare triple {28349#false} assume !(0 == test_~op5~0#1); {28349#false} is VALID [2022-02-20 17:55:57,122 INFO L290 TraceCheckUtils]: 59: Hoare triple {28349#false} assume !(0 == test_~op6~0#1); {28349#false} is VALID [2022-02-20 17:55:57,122 INFO L290 TraceCheckUtils]: 60: Hoare triple {28349#false} assume !(0 == test_~op7~0#1); {28349#false} is VALID [2022-02-20 17:55:57,122 INFO L290 TraceCheckUtils]: 61: Hoare triple {28349#false} assume !(0 == test_~op8~0#1); {28349#false} is VALID [2022-02-20 17:55:57,122 INFO L290 TraceCheckUtils]: 62: Hoare triple {28349#false} assume !(0 == test_~op9~0#1); {28349#false} is VALID [2022-02-20 17:55:57,123 INFO L290 TraceCheckUtils]: 63: Hoare triple {28349#false} assume !(0 == test_~op10~0#1); {28349#false} is VALID [2022-02-20 17:55:57,123 INFO L290 TraceCheckUtils]: 64: Hoare triple {28349#false} assume !(0 == test_~op11~0#1); {28349#false} is VALID [2022-02-20 17:55:57,123 INFO L290 TraceCheckUtils]: 65: Hoare triple {28349#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {28349#false} is VALID [2022-02-20 17:55:57,123 INFO L272 TraceCheckUtils]: 66: Hoare triple {28349#false} call sendEmail(~bob~0, ~rjh~0); {28349#false} is VALID [2022-02-20 17:55:57,123 INFO L290 TraceCheckUtils]: 67: Hoare triple {28349#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {28349#false} is VALID [2022-02-20 17:55:57,123 INFO L272 TraceCheckUtils]: 68: Hoare triple {28349#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {28399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:57,123 INFO L290 TraceCheckUtils]: 69: Hoare triple {28399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,123 INFO L290 TraceCheckUtils]: 70: Hoare triple {28348#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,123 INFO L290 TraceCheckUtils]: 71: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,124 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {28348#true} {28349#false} #811#return; {28349#false} is VALID [2022-02-20 17:55:57,124 INFO L290 TraceCheckUtils]: 73: Hoare triple {28349#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {28349#false} is VALID [2022-02-20 17:55:57,124 INFO L290 TraceCheckUtils]: 74: Hoare triple {28349#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {28349#false} is VALID [2022-02-20 17:55:57,124 INFO L290 TraceCheckUtils]: 75: Hoare triple {28349#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {28349#false} is VALID [2022-02-20 17:55:57,124 INFO L290 TraceCheckUtils]: 76: Hoare triple {28349#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {28349#false} is VALID [2022-02-20 17:55:57,124 INFO L272 TraceCheckUtils]: 77: Hoare triple {28349#false} call outgoing(~sender#1, ~email~0#1); {28349#false} is VALID [2022-02-20 17:55:57,124 INFO L290 TraceCheckUtils]: 78: Hoare triple {28349#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {28349#false} is VALID [2022-02-20 17:55:57,124 INFO L272 TraceCheckUtils]: 79: Hoare triple {28349#false} call #t~ret42#1 := getEmailTo(~msg#1); {28348#true} is VALID [2022-02-20 17:55:57,125 INFO L290 TraceCheckUtils]: 80: Hoare triple {28348#true} ~handle := #in~handle;havoc ~retValue_acc~28; {28348#true} is VALID [2022-02-20 17:55:57,125 INFO L290 TraceCheckUtils]: 81: Hoare triple {28348#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {28348#true} is VALID [2022-02-20 17:55:57,125 INFO L290 TraceCheckUtils]: 82: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,125 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {28348#true} {28349#false} #781#return; {28349#false} is VALID [2022-02-20 17:55:57,125 INFO L290 TraceCheckUtils]: 84: Hoare triple {28349#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {28349#false} is VALID [2022-02-20 17:55:57,125 INFO L290 TraceCheckUtils]: 85: Hoare triple {28349#false} assume 1 == findPublicKey_~handle#1; {28349#false} is VALID [2022-02-20 17:55:57,125 INFO L290 TraceCheckUtils]: 86: Hoare triple {28349#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {28349#false} is VALID [2022-02-20 17:55:57,125 INFO L290 TraceCheckUtils]: 87: Hoare triple {28349#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {28349#false} is VALID [2022-02-20 17:55:57,125 INFO L290 TraceCheckUtils]: 88: Hoare triple {28349#false} assume !(0 != ~pubkey~0#1); {28349#false} is VALID [2022-02-20 17:55:57,125 INFO L290 TraceCheckUtils]: 89: Hoare triple {28349#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {28349#false} is VALID [2022-02-20 17:55:57,126 INFO L290 TraceCheckUtils]: 90: Hoare triple {28349#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {28349#false} is VALID [2022-02-20 17:55:57,126 INFO L290 TraceCheckUtils]: 91: Hoare triple {28349#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {28349#false} is VALID [2022-02-20 17:55:57,126 INFO L272 TraceCheckUtils]: 92: Hoare triple {28349#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {28399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:57,126 INFO L290 TraceCheckUtils]: 93: Hoare triple {28399#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {28348#true} is VALID [2022-02-20 17:55:57,126 INFO L290 TraceCheckUtils]: 94: Hoare triple {28348#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {28348#true} is VALID [2022-02-20 17:55:57,126 INFO L290 TraceCheckUtils]: 95: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,126 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {28348#true} {28349#false} #787#return; {28349#false} is VALID [2022-02-20 17:55:57,126 INFO L290 TraceCheckUtils]: 97: Hoare triple {28349#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {28349#false} is VALID [2022-02-20 17:55:57,126 INFO L290 TraceCheckUtils]: 98: Hoare triple {28349#false} assume !(-1 == ~mail_is_sensitive~0); {28349#false} is VALID [2022-02-20 17:55:57,126 INFO L272 TraceCheckUtils]: 99: Hoare triple {28349#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {28348#true} is VALID [2022-02-20 17:55:57,127 INFO L290 TraceCheckUtils]: 100: Hoare triple {28348#true} ~handle := #in~handle;havoc ~retValue_acc~31; {28348#true} is VALID [2022-02-20 17:55:57,127 INFO L290 TraceCheckUtils]: 101: Hoare triple {28348#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {28348#true} is VALID [2022-02-20 17:55:57,127 INFO L290 TraceCheckUtils]: 102: Hoare triple {28348#true} assume true; {28348#true} is VALID [2022-02-20 17:55:57,127 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {28348#true} {28349#false} #791#return; {28349#false} is VALID [2022-02-20 17:55:57,127 INFO L290 TraceCheckUtils]: 104: Hoare triple {28349#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {28349#false} is VALID [2022-02-20 17:55:57,127 INFO L290 TraceCheckUtils]: 105: Hoare triple {28349#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {28349#false} is VALID [2022-02-20 17:55:57,127 INFO L290 TraceCheckUtils]: 106: Hoare triple {28349#false} assume !false; {28349#false} is VALID [2022-02-20 17:55:57,128 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:55:57,128 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:57,128 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [475085486] [2022-02-20 17:55:57,128 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [475085486] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:57,128 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:57,128 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:55:57,128 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [667158866] [2022-02-20 17:55:57,128 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:57,129 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 107 [2022-02-20 17:55:57,129 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:57,129 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:55:57,181 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 94 edges. 94 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:57,182 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:55:57,182 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:57,182 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:55:57,182 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:55:57,183 INFO L87 Difference]: Start difference. First operand 911 states and 1538 transitions. Second operand has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:00,170 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:00,170 INFO L93 Difference]: Finished difference Result 2229 states and 3821 transitions. [2022-02-20 17:56:00,170 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 17:56:00,170 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 107 [2022-02-20 17:56:00,170 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:00,171 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:00,176 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 950 transitions. [2022-02-20 17:56:00,176 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:00,182 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 950 transitions. [2022-02-20 17:56:00,182 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 950 transitions. [2022-02-20 17:56:00,836 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 950 edges. 950 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:00,938 INFO L225 Difference]: With dead ends: 2229 [2022-02-20 17:56:00,938 INFO L226 Difference]: Without dead ends: 1439 [2022-02-20 17:56:00,940 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:56:00,941 INFO L933 BasicCegarLoop]: 440 mSDtfsCounter, 660 mSDsluCounter, 478 mSDsCounter, 0 mSdLazyCounter, 576 mSolverCounterSat, 226 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 675 SdHoareTripleChecker+Valid, 918 SdHoareTripleChecker+Invalid, 802 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 226 IncrementalHoareTripleChecker+Valid, 576 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:00,941 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [675 Valid, 918 Invalid, 802 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [226 Valid, 576 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2022-02-20 17:56:00,942 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1439 states. [2022-02-20 17:56:01,698 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1439 to 1379. [2022-02-20 17:56:01,698 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:01,700 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1439 states. Second operand has 1379 states, 1086 states have (on average 1.6187845303867403) internal successors, (1758), 1093 states have internal predecessors, (1758), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) [2022-02-20 17:56:01,701 INFO L74 IsIncluded]: Start isIncluded. First operand 1439 states. Second operand has 1379 states, 1086 states have (on average 1.6187845303867403) internal successors, (1758), 1093 states have internal predecessors, (1758), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) [2022-02-20 17:56:01,703 INFO L87 Difference]: Start difference. First operand 1439 states. Second operand has 1379 states, 1086 states have (on average 1.6187845303867403) internal successors, (1758), 1093 states have internal predecessors, (1758), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) [2022-02-20 17:56:01,782 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:01,783 INFO L93 Difference]: Finished difference Result 1439 states and 2474 transitions. [2022-02-20 17:56:01,783 INFO L276 IsEmpty]: Start isEmpty. Operand 1439 states and 2474 transitions. [2022-02-20 17:56:01,787 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:01,787 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:01,789 INFO L74 IsIncluded]: Start isIncluded. First operand has 1379 states, 1086 states have (on average 1.6187845303867403) internal successors, (1758), 1093 states have internal predecessors, (1758), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) Second operand 1439 states. [2022-02-20 17:56:01,791 INFO L87 Difference]: Start difference. First operand has 1379 states, 1086 states have (on average 1.6187845303867403) internal successors, (1758), 1093 states have internal predecessors, (1758), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) Second operand 1439 states. [2022-02-20 17:56:01,870 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:01,871 INFO L93 Difference]: Finished difference Result 1439 states and 2474 transitions. [2022-02-20 17:56:01,871 INFO L276 IsEmpty]: Start isEmpty. Operand 1439 states and 2474 transitions. [2022-02-20 17:56:01,875 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:01,875 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:01,875 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:01,875 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:01,877 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1379 states, 1086 states have (on average 1.6187845303867403) internal successors, (1758), 1093 states have internal predecessors, (1758), 273 states have call successors, (273), 15 states have call predecessors, (273), 19 states have return successors, (304), 272 states have call predecessors, (304), 272 states have call successors, (304) [2022-02-20 17:56:01,982 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1379 states to 1379 states and 2335 transitions. [2022-02-20 17:56:01,982 INFO L78 Accepts]: Start accepts. Automaton has 1379 states and 2335 transitions. Word has length 107 [2022-02-20 17:56:01,982 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:01,982 INFO L470 AbstractCegarLoop]: Abstraction has 1379 states and 2335 transitions. [2022-02-20 17:56:01,982 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 12.0) internal successors, (72), 3 states have internal predecessors, (72), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:01,983 INFO L276 IsEmpty]: Start isEmpty. Operand 1379 states and 2335 transitions. [2022-02-20 17:56:01,986 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 17:56:01,987 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:01,987 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:01,987 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2022-02-20 17:56:01,987 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:01,987 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:01,987 INFO L85 PathProgramCache]: Analyzing trace with hash 1161467032, now seen corresponding path program 1 times [2022-02-20 17:56:01,988 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:01,988 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [452962797] [2022-02-20 17:56:01,988 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:01,988 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:02,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,037 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:02,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {36702#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,041 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36653#true} {36653#true} #815#return; {36653#true} is VALID [2022-02-20 17:56:02,045 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:02,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,048 INFO L290 TraceCheckUtils]: 0: Hoare triple {36703#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,048 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,048 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,049 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36653#true} {36653#true} #817#return; {36653#true} is VALID [2022-02-20 17:56:02,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:02,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {36702#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,051 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume !(1 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,051 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,051 INFO L290 TraceCheckUtils]: 3: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,051 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {36653#true} {36653#true} #819#return; {36653#true} is VALID [2022-02-20 17:56:02,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:02,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,055 INFO L290 TraceCheckUtils]: 0: Hoare triple {36703#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,055 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume !(1 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,055 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,055 INFO L290 TraceCheckUtils]: 3: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,055 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {36653#true} {36653#true} #821#return; {36653#true} is VALID [2022-02-20 17:56:02,055 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:02,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {36702#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,058 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume !(1 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume !(2 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,058 INFO L290 TraceCheckUtils]: 3: Hoare triple {36653#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,058 INFO L290 TraceCheckUtils]: 4: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,058 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {36653#true} {36653#true} #823#return; {36653#true} is VALID [2022-02-20 17:56:02,059 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:02,060 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,062 INFO L290 TraceCheckUtils]: 0: Hoare triple {36703#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,062 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume !(1 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,062 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume !(2 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,062 INFO L290 TraceCheckUtils]: 3: Hoare triple {36653#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,062 INFO L290 TraceCheckUtils]: 4: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,063 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {36653#true} {36653#true} #825#return; {36653#true} is VALID [2022-02-20 17:56:02,068 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:56:02,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,071 INFO L290 TraceCheckUtils]: 0: Hoare triple {36704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,071 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,071 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,071 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36653#true} {36654#false} #811#return; {36654#false} is VALID [2022-02-20 17:56:02,071 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:56:02,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,073 INFO L290 TraceCheckUtils]: 0: Hoare triple {36653#true} ~handle := #in~handle;havoc ~retValue_acc~28; {36653#true} is VALID [2022-02-20 17:56:02,074 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {36653#true} is VALID [2022-02-20 17:56:02,074 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,074 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36653#true} {36654#false} #781#return; {36654#false} is VALID [2022-02-20 17:56:02,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:56:02,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {36704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,076 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,076 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36653#true} {36654#false} #787#return; {36654#false} is VALID [2022-02-20 17:56:02,077 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:56:02,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,078 INFO L290 TraceCheckUtils]: 0: Hoare triple {36653#true} ~handle := #in~handle;havoc ~retValue_acc~31; {36653#true} is VALID [2022-02-20 17:56:02,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {36653#true} is VALID [2022-02-20 17:56:02,079 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,079 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {36653#true} {36654#false} #791#return; {36654#false} is VALID [2022-02-20 17:56:02,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {36653#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {36653#true} is VALID [2022-02-20 17:56:02,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {36653#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {36653#true} is VALID [2022-02-20 17:56:02,079 INFO L290 TraceCheckUtils]: 2: Hoare triple {36653#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {36653#true} is VALID [2022-02-20 17:56:02,079 INFO L290 TraceCheckUtils]: 3: Hoare triple {36653#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {36653#true} is VALID [2022-02-20 17:56:02,079 INFO L290 TraceCheckUtils]: 4: Hoare triple {36653#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {36653#true} is VALID [2022-02-20 17:56:02,080 INFO L290 TraceCheckUtils]: 5: Hoare triple {36653#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {36653#true} is VALID [2022-02-20 17:56:02,080 INFO L272 TraceCheckUtils]: 6: Hoare triple {36653#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {36702#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:02,080 INFO L290 TraceCheckUtils]: 7: Hoare triple {36702#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,080 INFO L290 TraceCheckUtils]: 8: Hoare triple {36653#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,080 INFO L290 TraceCheckUtils]: 9: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,081 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {36653#true} {36653#true} #815#return; {36653#true} is VALID [2022-02-20 17:56:02,081 INFO L290 TraceCheckUtils]: 11: Hoare triple {36653#true} assume { :end_inline_setup_bob__wrappee__Base } true; {36653#true} is VALID [2022-02-20 17:56:02,081 INFO L272 TraceCheckUtils]: 12: Hoare triple {36653#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {36703#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:02,081 INFO L290 TraceCheckUtils]: 13: Hoare triple {36703#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,081 INFO L290 TraceCheckUtils]: 14: Hoare triple {36653#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,082 INFO L290 TraceCheckUtils]: 15: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,082 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {36653#true} {36653#true} #817#return; {36653#true} is VALID [2022-02-20 17:56:02,082 INFO L290 TraceCheckUtils]: 17: Hoare triple {36653#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {36653#true} is VALID [2022-02-20 17:56:02,082 INFO L272 TraceCheckUtils]: 18: Hoare triple {36653#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {36702#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:02,082 INFO L290 TraceCheckUtils]: 19: Hoare triple {36702#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,082 INFO L290 TraceCheckUtils]: 20: Hoare triple {36653#true} assume !(1 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,083 INFO L290 TraceCheckUtils]: 21: Hoare triple {36653#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,083 INFO L290 TraceCheckUtils]: 22: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,083 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {36653#true} {36653#true} #819#return; {36653#true} is VALID [2022-02-20 17:56:02,083 INFO L290 TraceCheckUtils]: 24: Hoare triple {36653#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {36653#true} is VALID [2022-02-20 17:56:02,083 INFO L272 TraceCheckUtils]: 25: Hoare triple {36653#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {36703#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:02,084 INFO L290 TraceCheckUtils]: 26: Hoare triple {36703#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,084 INFO L290 TraceCheckUtils]: 27: Hoare triple {36653#true} assume !(1 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,084 INFO L290 TraceCheckUtils]: 28: Hoare triple {36653#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,084 INFO L290 TraceCheckUtils]: 29: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,084 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {36653#true} {36653#true} #821#return; {36653#true} is VALID [2022-02-20 17:56:02,084 INFO L290 TraceCheckUtils]: 31: Hoare triple {36653#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {36653#true} is VALID [2022-02-20 17:56:02,085 INFO L272 TraceCheckUtils]: 32: Hoare triple {36653#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {36702#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:02,085 INFO L290 TraceCheckUtils]: 33: Hoare triple {36702#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,085 INFO L290 TraceCheckUtils]: 34: Hoare triple {36653#true} assume !(1 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,085 INFO L290 TraceCheckUtils]: 35: Hoare triple {36653#true} assume !(2 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,085 INFO L290 TraceCheckUtils]: 36: Hoare triple {36653#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,085 INFO L290 TraceCheckUtils]: 37: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,085 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {36653#true} {36653#true} #823#return; {36653#true} is VALID [2022-02-20 17:56:02,085 INFO L290 TraceCheckUtils]: 39: Hoare triple {36653#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {36653#true} is VALID [2022-02-20 17:56:02,086 INFO L272 TraceCheckUtils]: 40: Hoare triple {36653#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {36703#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:02,086 INFO L290 TraceCheckUtils]: 41: Hoare triple {36703#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,093 INFO L290 TraceCheckUtils]: 42: Hoare triple {36653#true} assume !(1 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,093 INFO L290 TraceCheckUtils]: 43: Hoare triple {36653#true} assume !(2 == ~handle); {36653#true} is VALID [2022-02-20 17:56:02,093 INFO L290 TraceCheckUtils]: 44: Hoare triple {36653#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,094 INFO L290 TraceCheckUtils]: 45: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,094 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {36653#true} {36653#true} #825#return; {36653#true} is VALID [2022-02-20 17:56:02,094 INFO L290 TraceCheckUtils]: 47: Hoare triple {36653#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {36653#true} is VALID [2022-02-20 17:56:02,094 INFO L290 TraceCheckUtils]: 48: Hoare triple {36653#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,094 INFO L290 TraceCheckUtils]: 49: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !false; {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,095 INFO L290 TraceCheckUtils]: 50: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,095 INFO L290 TraceCheckUtils]: 51: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,095 INFO L290 TraceCheckUtils]: 52: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,096 INFO L290 TraceCheckUtils]: 53: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,096 INFO L290 TraceCheckUtils]: 54: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,096 INFO L290 TraceCheckUtils]: 55: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,096 INFO L290 TraceCheckUtils]: 56: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,097 INFO L290 TraceCheckUtils]: 57: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} is VALID [2022-02-20 17:56:02,097 INFO L290 TraceCheckUtils]: 58: Hoare triple {36685#(= |ULTIMATE.start_test_~op4~0#1| 0)} assume !(0 == test_~op4~0#1); {36654#false} is VALID [2022-02-20 17:56:02,097 INFO L290 TraceCheckUtils]: 59: Hoare triple {36654#false} assume !(0 == test_~op5~0#1); {36654#false} is VALID [2022-02-20 17:56:02,097 INFO L290 TraceCheckUtils]: 60: Hoare triple {36654#false} assume !(0 == test_~op6~0#1); {36654#false} is VALID [2022-02-20 17:56:02,097 INFO L290 TraceCheckUtils]: 61: Hoare triple {36654#false} assume !(0 == test_~op7~0#1); {36654#false} is VALID [2022-02-20 17:56:02,097 INFO L290 TraceCheckUtils]: 62: Hoare triple {36654#false} assume !(0 == test_~op8~0#1); {36654#false} is VALID [2022-02-20 17:56:02,097 INFO L290 TraceCheckUtils]: 63: Hoare triple {36654#false} assume !(0 == test_~op9~0#1); {36654#false} is VALID [2022-02-20 17:56:02,097 INFO L290 TraceCheckUtils]: 64: Hoare triple {36654#false} assume !(0 == test_~op10~0#1); {36654#false} is VALID [2022-02-20 17:56:02,098 INFO L290 TraceCheckUtils]: 65: Hoare triple {36654#false} assume !(0 == test_~op11~0#1); {36654#false} is VALID [2022-02-20 17:56:02,098 INFO L290 TraceCheckUtils]: 66: Hoare triple {36654#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {36654#false} is VALID [2022-02-20 17:56:02,098 INFO L272 TraceCheckUtils]: 67: Hoare triple {36654#false} call sendEmail(~bob~0, ~rjh~0); {36654#false} is VALID [2022-02-20 17:56:02,098 INFO L290 TraceCheckUtils]: 68: Hoare triple {36654#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {36654#false} is VALID [2022-02-20 17:56:02,098 INFO L272 TraceCheckUtils]: 69: Hoare triple {36654#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {36704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:02,098 INFO L290 TraceCheckUtils]: 70: Hoare triple {36704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,098 INFO L290 TraceCheckUtils]: 71: Hoare triple {36653#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,098 INFO L290 TraceCheckUtils]: 72: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,098 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {36653#true} {36654#false} #811#return; {36654#false} is VALID [2022-02-20 17:56:02,099 INFO L290 TraceCheckUtils]: 74: Hoare triple {36654#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {36654#false} is VALID [2022-02-20 17:56:02,099 INFO L290 TraceCheckUtils]: 75: Hoare triple {36654#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {36654#false} is VALID [2022-02-20 17:56:02,099 INFO L290 TraceCheckUtils]: 76: Hoare triple {36654#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {36654#false} is VALID [2022-02-20 17:56:02,099 INFO L290 TraceCheckUtils]: 77: Hoare triple {36654#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {36654#false} is VALID [2022-02-20 17:56:02,099 INFO L272 TraceCheckUtils]: 78: Hoare triple {36654#false} call outgoing(~sender#1, ~email~0#1); {36654#false} is VALID [2022-02-20 17:56:02,099 INFO L290 TraceCheckUtils]: 79: Hoare triple {36654#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {36654#false} is VALID [2022-02-20 17:56:02,099 INFO L272 TraceCheckUtils]: 80: Hoare triple {36654#false} call #t~ret42#1 := getEmailTo(~msg#1); {36653#true} is VALID [2022-02-20 17:56:02,099 INFO L290 TraceCheckUtils]: 81: Hoare triple {36653#true} ~handle := #in~handle;havoc ~retValue_acc~28; {36653#true} is VALID [2022-02-20 17:56:02,100 INFO L290 TraceCheckUtils]: 82: Hoare triple {36653#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {36653#true} is VALID [2022-02-20 17:56:02,100 INFO L290 TraceCheckUtils]: 83: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,100 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {36653#true} {36654#false} #781#return; {36654#false} is VALID [2022-02-20 17:56:02,100 INFO L290 TraceCheckUtils]: 85: Hoare triple {36654#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {36654#false} is VALID [2022-02-20 17:56:02,100 INFO L290 TraceCheckUtils]: 86: Hoare triple {36654#false} assume 1 == findPublicKey_~handle#1; {36654#false} is VALID [2022-02-20 17:56:02,100 INFO L290 TraceCheckUtils]: 87: Hoare triple {36654#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {36654#false} is VALID [2022-02-20 17:56:02,100 INFO L290 TraceCheckUtils]: 88: Hoare triple {36654#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {36654#false} is VALID [2022-02-20 17:56:02,100 INFO L290 TraceCheckUtils]: 89: Hoare triple {36654#false} assume !(0 != ~pubkey~0#1); {36654#false} is VALID [2022-02-20 17:56:02,100 INFO L290 TraceCheckUtils]: 90: Hoare triple {36654#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {36654#false} is VALID [2022-02-20 17:56:02,101 INFO L290 TraceCheckUtils]: 91: Hoare triple {36654#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {36654#false} is VALID [2022-02-20 17:56:02,101 INFO L290 TraceCheckUtils]: 92: Hoare triple {36654#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {36654#false} is VALID [2022-02-20 17:56:02,101 INFO L272 TraceCheckUtils]: 93: Hoare triple {36654#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {36704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:02,101 INFO L290 TraceCheckUtils]: 94: Hoare triple {36704#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {36653#true} is VALID [2022-02-20 17:56:02,101 INFO L290 TraceCheckUtils]: 95: Hoare triple {36653#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {36653#true} is VALID [2022-02-20 17:56:02,101 INFO L290 TraceCheckUtils]: 96: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,101 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {36653#true} {36654#false} #787#return; {36654#false} is VALID [2022-02-20 17:56:02,101 INFO L290 TraceCheckUtils]: 98: Hoare triple {36654#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {36654#false} is VALID [2022-02-20 17:56:02,101 INFO L290 TraceCheckUtils]: 99: Hoare triple {36654#false} assume !(-1 == ~mail_is_sensitive~0); {36654#false} is VALID [2022-02-20 17:56:02,102 INFO L272 TraceCheckUtils]: 100: Hoare triple {36654#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {36653#true} is VALID [2022-02-20 17:56:02,102 INFO L290 TraceCheckUtils]: 101: Hoare triple {36653#true} ~handle := #in~handle;havoc ~retValue_acc~31; {36653#true} is VALID [2022-02-20 17:56:02,102 INFO L290 TraceCheckUtils]: 102: Hoare triple {36653#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {36653#true} is VALID [2022-02-20 17:56:02,102 INFO L290 TraceCheckUtils]: 103: Hoare triple {36653#true} assume true; {36653#true} is VALID [2022-02-20 17:56:02,102 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {36653#true} {36654#false} #791#return; {36654#false} is VALID [2022-02-20 17:56:02,102 INFO L290 TraceCheckUtils]: 105: Hoare triple {36654#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {36654#false} is VALID [2022-02-20 17:56:02,102 INFO L290 TraceCheckUtils]: 106: Hoare triple {36654#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {36654#false} is VALID [2022-02-20 17:56:02,102 INFO L290 TraceCheckUtils]: 107: Hoare triple {36654#false} assume !false; {36654#false} is VALID [2022-02-20 17:56:02,103 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:56:02,103 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:02,103 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [452962797] [2022-02-20 17:56:02,103 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [452962797] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:02,103 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:02,103 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:56:02,103 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [407077794] [2022-02-20 17:56:02,103 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:02,104 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 108 [2022-02-20 17:56:02,104 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:02,105 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:02,163 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:02,163 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:56:02,163 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:02,164 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:56:02,164 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:56:02,164 INFO L87 Difference]: Start difference. First operand 1379 states and 2335 transitions. Second operand has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:05,846 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:05,846 INFO L93 Difference]: Finished difference Result 3276 states and 5662 transitions. [2022-02-20 17:56:05,846 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 17:56:05,846 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 108 [2022-02-20 17:56:05,847 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:05,847 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:05,860 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 946 transitions. [2022-02-20 17:56:05,861 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:05,865 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 946 transitions. [2022-02-20 17:56:05,866 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 946 transitions. [2022-02-20 17:56:06,527 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 946 edges. 946 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:06,749 INFO L225 Difference]: With dead ends: 3276 [2022-02-20 17:56:06,750 INFO L226 Difference]: Without dead ends: 2143 [2022-02-20 17:56:06,752 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=29, Invalid=61, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:56:06,753 INFO L933 BasicCegarLoop]: 441 mSDtfsCounter, 658 mSDsluCounter, 477 mSDsCounter, 0 mSdLazyCounter, 582 mSolverCounterSat, 218 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 673 SdHoareTripleChecker+Valid, 918 SdHoareTripleChecker+Invalid, 800 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 218 IncrementalHoareTripleChecker+Valid, 582 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:06,753 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [673 Valid, 918 Invalid, 800 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [218 Valid, 582 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2022-02-20 17:56:06,754 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 2143 states. [2022-02-20 17:56:07,860 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 2143 to 2083. [2022-02-20 17:56:07,860 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:07,863 INFO L82 GeneralOperation]: Start isEquivalent. First operand 2143 states. Second operand has 2083 states, 1667 states have (on average 1.6226754649070185) internal successors, (2705), 1674 states have internal predecessors, (2705), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) [2022-02-20 17:56:07,865 INFO L74 IsIncluded]: Start isIncluded. First operand 2143 states. Second operand has 2083 states, 1667 states have (on average 1.6226754649070185) internal successors, (2705), 1674 states have internal predecessors, (2705), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) [2022-02-20 17:56:07,867 INFO L87 Difference]: Start difference. First operand 2143 states. Second operand has 2083 states, 1667 states have (on average 1.6226754649070185) internal successors, (2705), 1674 states have internal predecessors, (2705), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) [2022-02-20 17:56:08,051 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:08,051 INFO L93 Difference]: Finished difference Result 2143 states and 3717 transitions. [2022-02-20 17:56:08,051 INFO L276 IsEmpty]: Start isEmpty. Operand 2143 states and 3717 transitions. [2022-02-20 17:56:08,058 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:08,058 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:08,061 INFO L74 IsIncluded]: Start isIncluded. First operand has 2083 states, 1667 states have (on average 1.6226754649070185) internal successors, (2705), 1674 states have internal predecessors, (2705), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) Second operand 2143 states. [2022-02-20 17:56:08,063 INFO L87 Difference]: Start difference. First operand has 2083 states, 1667 states have (on average 1.6226754649070185) internal successors, (2705), 1674 states have internal predecessors, (2705), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) Second operand 2143 states. [2022-02-20 17:56:08,250 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:08,250 INFO L93 Difference]: Finished difference Result 2143 states and 3717 transitions. [2022-02-20 17:56:08,251 INFO L276 IsEmpty]: Start isEmpty. Operand 2143 states and 3717 transitions. [2022-02-20 17:56:08,257 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:08,258 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:08,258 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:08,258 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:08,261 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2083 states, 1667 states have (on average 1.6226754649070185) internal successors, (2705), 1674 states have internal predecessors, (2705), 396 states have call successors, (396), 15 states have call predecessors, (396), 19 states have return successors, (443), 395 states have call predecessors, (443), 395 states have call successors, (443) [2022-02-20 17:56:08,506 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2083 states to 2083 states and 3544 transitions. [2022-02-20 17:56:08,506 INFO L78 Accepts]: Start accepts. Automaton has 2083 states and 3544 transitions. Word has length 108 [2022-02-20 17:56:08,507 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:08,507 INFO L470 AbstractCegarLoop]: Abstraction has 2083 states and 3544 transitions. [2022-02-20 17:56:08,507 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 12.166666666666666) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:08,507 INFO L276 IsEmpty]: Start isEmpty. Operand 2083 states and 3544 transitions. [2022-02-20 17:56:08,511 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 17:56:08,512 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:08,512 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:08,512 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12 [2022-02-20 17:56:08,512 INFO L402 AbstractCegarLoop]: === Iteration 14 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:08,512 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:08,512 INFO L85 PathProgramCache]: Analyzing trace with hash -1105028913, now seen corresponding path program 1 times [2022-02-20 17:56:08,513 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:08,513 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [631924768] [2022-02-20 17:56:08,513 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:08,513 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:08,560 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,578 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:08,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,581 INFO L290 TraceCheckUtils]: 0: Hoare triple {49031#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,581 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,581 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,582 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {48982#true} {48982#true} #815#return; {48982#true} is VALID [2022-02-20 17:56:08,586 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:08,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,589 INFO L290 TraceCheckUtils]: 0: Hoare triple {49032#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,590 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,590 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,590 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {48982#true} {48982#true} #817#return; {48982#true} is VALID [2022-02-20 17:56:08,590 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:08,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {49031#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume !(1 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,593 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,594 INFO L290 TraceCheckUtils]: 3: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,594 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {48982#true} {48982#true} #819#return; {48982#true} is VALID [2022-02-20 17:56:08,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:08,596 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,599 INFO L290 TraceCheckUtils]: 0: Hoare triple {49032#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume !(1 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,600 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,600 INFO L290 TraceCheckUtils]: 3: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,600 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {48982#true} {48982#true} #821#return; {48982#true} is VALID [2022-02-20 17:56:08,600 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:08,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,603 INFO L290 TraceCheckUtils]: 0: Hoare triple {49031#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,603 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume !(1 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,603 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume !(2 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,603 INFO L290 TraceCheckUtils]: 3: Hoare triple {48982#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,603 INFO L290 TraceCheckUtils]: 4: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,603 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {48982#true} {48982#true} #823#return; {48982#true} is VALID [2022-02-20 17:56:08,603 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:08,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,606 INFO L290 TraceCheckUtils]: 0: Hoare triple {49032#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,606 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume !(1 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,607 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume !(2 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,607 INFO L290 TraceCheckUtils]: 3: Hoare triple {48982#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,607 INFO L290 TraceCheckUtils]: 4: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,607 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {48982#true} {48982#true} #825#return; {48982#true} is VALID [2022-02-20 17:56:08,611 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:56:08,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,613 INFO L290 TraceCheckUtils]: 0: Hoare triple {49033#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,613 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,614 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,614 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {48982#true} {48983#false} #811#return; {48983#false} is VALID [2022-02-20 17:56:08,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:56:08,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,615 INFO L290 TraceCheckUtils]: 0: Hoare triple {48982#true} ~handle := #in~handle;havoc ~retValue_acc~28; {48982#true} is VALID [2022-02-20 17:56:08,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {48982#true} is VALID [2022-02-20 17:56:08,616 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,616 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {48982#true} {48983#false} #781#return; {48983#false} is VALID [2022-02-20 17:56:08,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:56:08,616 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {49033#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,618 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,618 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,618 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {48982#true} {48983#false} #787#return; {48983#false} is VALID [2022-02-20 17:56:08,618 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:56:08,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:08,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {48982#true} ~handle := #in~handle;havoc ~retValue_acc~31; {48982#true} is VALID [2022-02-20 17:56:08,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {48982#true} is VALID [2022-02-20 17:56:08,620 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,620 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {48982#true} {48983#false} #791#return; {48983#false} is VALID [2022-02-20 17:56:08,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {48982#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(16, 13);call #Ultimate.allocInit(20, 14);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(115, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(25, 27);call #Ultimate.allocInit(10, 28);call #Ultimate.allocInit(12, 29);call #Ultimate.allocInit(10, 30);call #Ultimate.allocInit(18, 31);call #Ultimate.allocInit(16, 32);call #Ultimate.allocInit(21, 33);call #Ultimate.allocInit(13, 34);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~mail_is_sensitive~0 := -1; {48982#true} is VALID [2022-02-20 17:56:08,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {48982#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet24#1, main_#t~ret25#1, main_~retValue_acc~2#1, main_~tmp~2#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~retValue_acc~2#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {48982#true} is VALID [2022-02-20 17:56:08,621 INFO L290 TraceCheckUtils]: 2: Hoare triple {48982#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {48982#true} is VALID [2022-02-20 17:56:08,621 INFO L290 TraceCheckUtils]: 3: Hoare triple {48982#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {48982#true} is VALID [2022-02-20 17:56:08,621 INFO L290 TraceCheckUtils]: 4: Hoare triple {48982#true} main_#t~ret25#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret25#1 && main_#t~ret25#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret25#1;havoc main_#t~ret25#1; {48982#true} is VALID [2022-02-20 17:56:08,621 INFO L290 TraceCheckUtils]: 5: Hoare triple {48982#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet21#1, setup_#t~nondet22#1, setup_#t~nondet23#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {48982#true} is VALID [2022-02-20 17:56:08,621 INFO L272 TraceCheckUtils]: 6: Hoare triple {48982#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {49031#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:08,622 INFO L290 TraceCheckUtils]: 7: Hoare triple {49031#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,622 INFO L290 TraceCheckUtils]: 8: Hoare triple {48982#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,622 INFO L290 TraceCheckUtils]: 9: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,622 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {48982#true} {48982#true} #815#return; {48982#true} is VALID [2022-02-20 17:56:08,622 INFO L290 TraceCheckUtils]: 11: Hoare triple {48982#true} assume { :end_inline_setup_bob__wrappee__Base } true; {48982#true} is VALID [2022-02-20 17:56:08,622 INFO L272 TraceCheckUtils]: 12: Hoare triple {48982#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {49032#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:08,623 INFO L290 TraceCheckUtils]: 13: Hoare triple {49032#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,623 INFO L290 TraceCheckUtils]: 14: Hoare triple {48982#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,623 INFO L290 TraceCheckUtils]: 15: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,623 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {48982#true} {48982#true} #817#return; {48982#true} is VALID [2022-02-20 17:56:08,623 INFO L290 TraceCheckUtils]: 17: Hoare triple {48982#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet21#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {48982#true} is VALID [2022-02-20 17:56:08,623 INFO L272 TraceCheckUtils]: 18: Hoare triple {48982#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {49031#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:08,624 INFO L290 TraceCheckUtils]: 19: Hoare triple {49031#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,624 INFO L290 TraceCheckUtils]: 20: Hoare triple {48982#true} assume !(1 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,624 INFO L290 TraceCheckUtils]: 21: Hoare triple {48982#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,624 INFO L290 TraceCheckUtils]: 22: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,624 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {48982#true} {48982#true} #819#return; {48982#true} is VALID [2022-02-20 17:56:08,624 INFO L290 TraceCheckUtils]: 24: Hoare triple {48982#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {48982#true} is VALID [2022-02-20 17:56:08,625 INFO L272 TraceCheckUtils]: 25: Hoare triple {48982#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {49032#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:08,625 INFO L290 TraceCheckUtils]: 26: Hoare triple {49032#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,625 INFO L290 TraceCheckUtils]: 27: Hoare triple {48982#true} assume !(1 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,625 INFO L290 TraceCheckUtils]: 28: Hoare triple {48982#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,625 INFO L290 TraceCheckUtils]: 29: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,625 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {48982#true} {48982#true} #821#return; {48982#true} is VALID [2022-02-20 17:56:08,625 INFO L290 TraceCheckUtils]: 31: Hoare triple {48982#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet22#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {48982#true} is VALID [2022-02-20 17:56:08,626 INFO L272 TraceCheckUtils]: 32: Hoare triple {48982#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {49031#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:08,626 INFO L290 TraceCheckUtils]: 33: Hoare triple {49031#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,626 INFO L290 TraceCheckUtils]: 34: Hoare triple {48982#true} assume !(1 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,626 INFO L290 TraceCheckUtils]: 35: Hoare triple {48982#true} assume !(2 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,626 INFO L290 TraceCheckUtils]: 36: Hoare triple {48982#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,626 INFO L290 TraceCheckUtils]: 37: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,626 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {48982#true} {48982#true} #823#return; {48982#true} is VALID [2022-02-20 17:56:08,627 INFO L290 TraceCheckUtils]: 39: Hoare triple {48982#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {48982#true} is VALID [2022-02-20 17:56:08,627 INFO L272 TraceCheckUtils]: 40: Hoare triple {48982#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {49032#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:08,627 INFO L290 TraceCheckUtils]: 41: Hoare triple {49032#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,627 INFO L290 TraceCheckUtils]: 42: Hoare triple {48982#true} assume !(1 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,627 INFO L290 TraceCheckUtils]: 43: Hoare triple {48982#true} assume !(2 == ~handle); {48982#true} is VALID [2022-02-20 17:56:08,628 INFO L290 TraceCheckUtils]: 44: Hoare triple {48982#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,628 INFO L290 TraceCheckUtils]: 45: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,628 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {48982#true} {48982#true} #825#return; {48982#true} is VALID [2022-02-20 17:56:08,628 INFO L290 TraceCheckUtils]: 47: Hoare triple {48982#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet23#1; {48982#true} is VALID [2022-02-20 17:56:08,628 INFO L290 TraceCheckUtils]: 48: Hoare triple {48982#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,628 INFO L290 TraceCheckUtils]: 49: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !false; {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,629 INFO L290 TraceCheckUtils]: 50: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,629 INFO L290 TraceCheckUtils]: 51: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,629 INFO L290 TraceCheckUtils]: 52: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,629 INFO L290 TraceCheckUtils]: 53: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,630 INFO L290 TraceCheckUtils]: 54: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,630 INFO L290 TraceCheckUtils]: 55: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___8~0#1); {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,630 INFO L290 TraceCheckUtils]: 56: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op3~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___7~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,630 INFO L290 TraceCheckUtils]: 57: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___7~0#1); {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,631 INFO L290 TraceCheckUtils]: 58: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume 0 == test_~op4~0#1;assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___6~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,631 INFO L290 TraceCheckUtils]: 59: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 != test_~tmp___6~0#1); {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} is VALID [2022-02-20 17:56:08,631 INFO L290 TraceCheckUtils]: 60: Hoare triple {49014#(= |ULTIMATE.start_test_~op5~0#1| 0)} assume !(0 == test_~op5~0#1); {48983#false} is VALID [2022-02-20 17:56:08,631 INFO L290 TraceCheckUtils]: 61: Hoare triple {48983#false} assume !(0 == test_~op6~0#1); {48983#false} is VALID [2022-02-20 17:56:08,631 INFO L290 TraceCheckUtils]: 62: Hoare triple {48983#false} assume !(0 == test_~op7~0#1); {48983#false} is VALID [2022-02-20 17:56:08,632 INFO L290 TraceCheckUtils]: 63: Hoare triple {48983#false} assume !(0 == test_~op8~0#1); {48983#false} is VALID [2022-02-20 17:56:08,632 INFO L290 TraceCheckUtils]: 64: Hoare triple {48983#false} assume !(0 == test_~op9~0#1); {48983#false} is VALID [2022-02-20 17:56:08,632 INFO L290 TraceCheckUtils]: 65: Hoare triple {48983#false} assume !(0 == test_~op10~0#1); {48983#false} is VALID [2022-02-20 17:56:08,632 INFO L290 TraceCheckUtils]: 66: Hoare triple {48983#false} assume !(0 == test_~op11~0#1); {48983#false} is VALID [2022-02-20 17:56:08,632 INFO L290 TraceCheckUtils]: 67: Hoare triple {48983#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret16#1, bobToRjh_#t~ret17#1, bobToRjh_#t~ret18#1, bobToRjh_#t~ret19#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret16#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret16#1 && bobToRjh_#t~ret16#1 <= 2147483647;havoc bobToRjh_#t~ret16#1; {48983#false} is VALID [2022-02-20 17:56:08,632 INFO L272 TraceCheckUtils]: 68: Hoare triple {48983#false} call sendEmail(~bob~0, ~rjh~0); {48983#false} is VALID [2022-02-20 17:56:08,632 INFO L290 TraceCheckUtils]: 69: Hoare triple {48983#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~11#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~43#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~43#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {48983#false} is VALID [2022-02-20 17:56:08,632 INFO L272 TraceCheckUtils]: 70: Hoare triple {48983#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {49033#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:08,632 INFO L290 TraceCheckUtils]: 71: Hoare triple {49033#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,632 INFO L290 TraceCheckUtils]: 72: Hoare triple {48982#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,633 INFO L290 TraceCheckUtils]: 73: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,633 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {48982#true} {48983#false} #811#return; {48983#false} is VALID [2022-02-20 17:56:08,633 INFO L290 TraceCheckUtils]: 75: Hoare triple {48983#false} assume { :begin_inline_setEmailTo } true;setEmailTo_#in~handle#1, setEmailTo_#in~value#1 := createEmail_~msg~0#1, createEmail_~to#1;havoc setEmailTo_~handle#1, setEmailTo_~value#1;setEmailTo_~handle#1 := setEmailTo_#in~handle#1;setEmailTo_~value#1 := setEmailTo_#in~value#1; {48983#false} is VALID [2022-02-20 17:56:08,633 INFO L290 TraceCheckUtils]: 76: Hoare triple {48983#false} assume 1 == setEmailTo_~handle#1;~__ste_email_to0~0 := setEmailTo_~value#1; {48983#false} is VALID [2022-02-20 17:56:08,633 INFO L290 TraceCheckUtils]: 77: Hoare triple {48983#false} assume { :end_inline_setEmailTo } true;createEmail_~retValue_acc~43#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~43#1; {48983#false} is VALID [2022-02-20 17:56:08,633 INFO L290 TraceCheckUtils]: 78: Hoare triple {48983#false} #t~ret50#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret50#1 && #t~ret50#1 <= 2147483647;~tmp~11#1 := #t~ret50#1;havoc #t~ret50#1;~email~0#1 := ~tmp~11#1; {48983#false} is VALID [2022-02-20 17:56:08,633 INFO L272 TraceCheckUtils]: 79: Hoare triple {48983#false} call outgoing(~sender#1, ~email~0#1); {48983#false} is VALID [2022-02-20 17:56:08,633 INFO L290 TraceCheckUtils]: 80: Hoare triple {48983#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~3#1; {48983#false} is VALID [2022-02-20 17:56:08,633 INFO L272 TraceCheckUtils]: 81: Hoare triple {48983#false} call #t~ret42#1 := getEmailTo(~msg#1); {48982#true} is VALID [2022-02-20 17:56:08,633 INFO L290 TraceCheckUtils]: 82: Hoare triple {48982#true} ~handle := #in~handle;havoc ~retValue_acc~28; {48982#true} is VALID [2022-02-20 17:56:08,634 INFO L290 TraceCheckUtils]: 83: Hoare triple {48982#true} assume 1 == ~handle;~retValue_acc~28 := ~__ste_email_to0~0;#res := ~retValue_acc~28; {48982#true} is VALID [2022-02-20 17:56:08,634 INFO L290 TraceCheckUtils]: 84: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,634 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {48982#true} {48983#false} #781#return; {48983#false} is VALID [2022-02-20 17:56:08,634 INFO L290 TraceCheckUtils]: 86: Hoare triple {48983#false} assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp~8#1 := #t~ret42#1;havoc #t~ret42#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~17#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~17#1; {48983#false} is VALID [2022-02-20 17:56:08,634 INFO L290 TraceCheckUtils]: 87: Hoare triple {48983#false} assume 1 == findPublicKey_~handle#1; {48983#false} is VALID [2022-02-20 17:56:08,634 INFO L290 TraceCheckUtils]: 88: Hoare triple {48983#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~17#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~17#1; {48983#false} is VALID [2022-02-20 17:56:08,634 INFO L290 TraceCheckUtils]: 89: Hoare triple {48983#false} #t~ret43#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp___0~3#1 := #t~ret43#1;havoc #t~ret43#1;~pubkey~0#1 := ~tmp___0~3#1; {48983#false} is VALID [2022-02-20 17:56:08,634 INFO L290 TraceCheckUtils]: 90: Hoare triple {48983#false} assume !(0 != ~pubkey~0#1); {48983#false} is VALID [2022-02-20 17:56:08,634 INFO L290 TraceCheckUtils]: 91: Hoare triple {48983#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret41#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {48983#false} is VALID [2022-02-20 17:56:08,635 INFO L290 TraceCheckUtils]: 92: Hoare triple {48983#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {48983#false} is VALID [2022-02-20 17:56:08,635 INFO L290 TraceCheckUtils]: 93: Hoare triple {48983#false} outgoing__wrappee__Keys_#t~ret41#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret41#1 && outgoing__wrappee__Keys_#t~ret41#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret41#1;havoc outgoing__wrappee__Keys_#t~ret41#1; {48983#false} is VALID [2022-02-20 17:56:08,635 INFO L272 TraceCheckUtils]: 94: Hoare triple {48983#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {49033#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:08,635 INFO L290 TraceCheckUtils]: 95: Hoare triple {49033#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {48982#true} is VALID [2022-02-20 17:56:08,635 INFO L290 TraceCheckUtils]: 96: Hoare triple {48982#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {48982#true} is VALID [2022-02-20 17:56:08,635 INFO L290 TraceCheckUtils]: 97: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,635 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {48982#true} {48983#false} #787#return; {48983#false} is VALID [2022-02-20 17:56:08,635 INFO L290 TraceCheckUtils]: 99: Hoare triple {48983#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret39#1, mail_#t~ret40#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret91#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 := puts(34, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret90#1; {48983#false} is VALID [2022-02-20 17:56:08,635 INFO L290 TraceCheckUtils]: 100: Hoare triple {48983#false} assume !(-1 == ~mail_is_sensitive~0); {48983#false} is VALID [2022-02-20 17:56:08,636 INFO L272 TraceCheckUtils]: 101: Hoare triple {48983#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {48982#true} is VALID [2022-02-20 17:56:08,636 INFO L290 TraceCheckUtils]: 102: Hoare triple {48982#true} ~handle := #in~handle;havoc ~retValue_acc~31; {48982#true} is VALID [2022-02-20 17:56:08,636 INFO L290 TraceCheckUtils]: 103: Hoare triple {48982#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~31; {48982#true} is VALID [2022-02-20 17:56:08,636 INFO L290 TraceCheckUtils]: 104: Hoare triple {48982#true} assume true; {48982#true} is VALID [2022-02-20 17:56:08,636 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {48982#true} {48983#false} #791#return; {48983#false} is VALID [2022-02-20 17:56:08,636 INFO L290 TraceCheckUtils]: 106: Hoare triple {48983#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret92#1; {48983#false} is VALID [2022-02-20 17:56:08,636 INFO L290 TraceCheckUtils]: 107: Hoare triple {48983#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~18#1;assume { :begin_inline___automaton_fail } true; {48983#false} is VALID [2022-02-20 17:56:08,636 INFO L290 TraceCheckUtils]: 108: Hoare triple {48983#false} assume !false; {48983#false} is VALID [2022-02-20 17:56:08,637 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:56:08,637 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:08,637 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [631924768] [2022-02-20 17:56:08,637 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [631924768] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:08,637 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:08,637 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 17:56:08,637 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2128027963] [2022-02-20 17:56:08,637 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:08,638 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 12.333333333333334) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 109 [2022-02-20 17:56:08,638 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:08,638 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 12.333333333333334) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2022-02-20 17:56:08,697 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:08,697 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 17:56:08,697 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:08,697 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 17:56:08,698 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 17:56:08,698 INFO L87 Difference]: Start difference. First operand 2083 states and 3544 transitions. Second operand has 6 states, 6 states have (on average 12.333333333333334) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (12), 5 states have call predecessors, (12), 1 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10)