./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec1_product14.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec1_product14.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 7bf93f828cd20929ce9c5f311b0e320b3840eed4f400e7f2f8e12c9cdbceb4d2 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:55:15,884 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:55:15,885 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:55:15,910 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:55:15,910 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:55:15,911 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:55:15,913 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:55:15,914 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:55:15,915 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:55:15,916 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:55:15,917 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:55:15,918 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:55:15,918 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:55:15,919 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:55:15,920 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:55:15,921 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:55:15,922 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:55:15,923 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:55:15,925 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:55:15,926 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:55:15,928 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:55:15,929 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:55:15,930 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:55:15,931 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:55:15,933 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:55:15,934 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:55:15,934 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:55:15,935 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:55:15,935 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:55:15,936 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:55:15,936 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:55:15,937 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:55:15,938 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:55:15,938 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:55:15,939 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:55:15,940 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:55:15,940 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:55:15,941 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:55:15,941 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:55:15,942 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:55:15,942 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:55:15,944 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:55:15,969 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:55:15,974 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:55:15,975 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:55:15,976 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:55:15,976 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:55:15,976 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:55:15,977 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:55:15,977 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:55:15,977 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:55:15,978 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:55:15,978 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:55:15,979 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:55:15,979 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:55:15,979 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:55:15,979 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:55:15,979 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:55:15,980 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:55:15,980 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:55:15,980 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:55:15,980 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:55:15,980 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:55:15,981 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:55:15,981 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:55:15,981 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:55:15,981 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:15,981 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:55:15,982 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:55:15,982 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:55:15,982 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:55:15,982 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:55:15,982 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:55:15,983 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:55:15,983 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:55:15,983 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 7bf93f828cd20929ce9c5f311b0e320b3840eed4f400e7f2f8e12c9cdbceb4d2 [2022-02-20 17:55:16,193 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:55:16,226 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:55:16,228 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:55:16,229 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:55:16,230 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:55:16,230 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec1_product14.cil.c [2022-02-20 17:55:16,280 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/265243ac6/ac337f756a2c4045b90a65d7b8f92cf4/FLAGf0638fb38 [2022-02-20 17:55:16,734 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:55:16,735 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product14.cil.c [2022-02-20 17:55:16,764 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/265243ac6/ac337f756a2c4045b90a65d7b8f92cf4/FLAGf0638fb38 [2022-02-20 17:55:16,781 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/265243ac6/ac337f756a2c4045b90a65d7b8f92cf4 [2022-02-20 17:55:16,784 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:55:16,787 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:55:16,790 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:16,790 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:55:16,797 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:55:16,798 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:16" (1/1) ... [2022-02-20 17:55:16,799 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@460260cd and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:16, skipping insertion in model container [2022-02-20 17:55:16,799 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:16" (1/1) ... [2022-02-20 17:55:16,814 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:55:16,858 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:55:17,403 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product14.cil.c[62671,62684] [2022-02-20 17:55:17,405 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:17,417 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:55:17,523 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product14.cil.c[62671,62684] [2022-02-20 17:55:17,525 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:17,552 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:55:17,553 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17 WrapperNode [2022-02-20 17:55:17,553 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:17,555 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:17,555 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:55:17,555 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:55:17,562 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,600 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,645 INFO L137 Inliner]: procedures = 125, calls = 205, calls flagged for inlining = 50, calls inlined = 42, statements flattened = 889 [2022-02-20 17:55:17,646 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:17,647 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:55:17,647 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:55:17,647 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:55:17,654 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,654 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,658 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,659 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,672 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,679 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,682 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,700 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:55:17,701 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:55:17,701 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:55:17,701 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:55:17,702 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (1/1) ... [2022-02-20 17:55:17,711 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:17,721 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:17,735 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:55:17,736 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:55:17,764 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:55:17,764 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:55:17,764 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:55:17,764 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:55:17,764 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:55:17,764 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:55:17,765 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:55:17,765 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:55:17,765 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:55:17,765 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:55:17,766 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:55:17,766 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:55:17,766 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:55:17,766 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:55:17,766 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:55:17,766 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:55:17,767 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:55:17,767 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:55:17,767 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:55:17,767 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:55:17,767 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:55:17,767 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:55:17,767 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:55:17,768 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:55:17,768 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:55:17,768 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:55:17,768 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:55:17,768 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:55:17,768 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:55:17,768 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:55:17,769 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Encrypt [2022-02-20 17:55:17,769 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Encrypt [2022-02-20 17:55:17,769 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:55:17,769 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:55:17,769 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:55:17,770 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:55:17,770 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:55:17,770 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:55:17,770 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:55:17,770 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:55:17,771 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:55:17,771 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:55:17,771 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:55:17,771 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:55:17,771 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:55:17,771 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:55:17,771 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:55:17,924 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:55:17,925 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:55:18,713 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:55:18,728 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:55:18,729 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:55:18,731 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:18 BoogieIcfgContainer [2022-02-20 17:55:18,732 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:55:18,733 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:55:18,734 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:55:18,736 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:55:18,737 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:55:16" (1/3) ... [2022-02-20 17:55:18,738 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7c1e72aa and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:18, skipping insertion in model container [2022-02-20 17:55:18,738 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:17" (2/3) ... [2022-02-20 17:55:18,738 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7c1e72aa and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:18, skipping insertion in model container [2022-02-20 17:55:18,738 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:18" (3/3) ... [2022-02-20 17:55:18,740 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec1_product14.cil.c [2022-02-20 17:55:18,744 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:55:18,744 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:55:18,790 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:55:18,795 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:55:18,796 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:55:18,828 INFO L276 IsEmpty]: Start isEmpty. Operand has 342 states, 267 states have (on average 1.5880149812734083) internal successors, (424), 272 states have internal predecessors, (424), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (52), 51 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 17:55:18,843 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-02-20 17:55:18,843 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:18,844 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:18,844 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:18,848 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:18,849 INFO L85 PathProgramCache]: Analyzing trace with hash -156634383, now seen corresponding path program 1 times [2022-02-20 17:55:18,856 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:18,856 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [825372516] [2022-02-20 17:55:18,856 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:18,857 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:19,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,212 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:19,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,237 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,237 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,237 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,238 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {345#true} #1079#return; {345#true} is VALID [2022-02-20 17:55:19,245 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:19,252 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {397#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,264 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,264 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,264 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {345#true} #1081#return; {345#true} is VALID [2022-02-20 17:55:19,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:19,268 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {398#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:19,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {398#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {399#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {399#(= |setClientId_#in~handle| 1)} assume true; {399#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,296 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {399#(= |setClientId_#in~handle| 1)} {355#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1083#return; {346#false} is VALID [2022-02-20 17:55:19,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:19,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {397#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,309 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,309 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,310 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {346#false} #1085#return; {346#false} is VALID [2022-02-20 17:55:19,310 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:19,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,317 INFO L290 TraceCheckUtils]: 0: Hoare triple {396#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,318 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,319 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,319 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {346#false} #1087#return; {346#false} is VALID [2022-02-20 17:55:19,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:19,322 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,327 INFO L290 TraceCheckUtils]: 0: Hoare triple {397#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,328 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,328 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {346#false} #1089#return; {346#false} is VALID [2022-02-20 17:55:19,338 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:55:19,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,362 INFO L290 TraceCheckUtils]: 0: Hoare triple {400#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,363 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {346#false} #1065#return; {346#false} is VALID [2022-02-20 17:55:19,372 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:55:19,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {401#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,379 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,380 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {346#false} #1067#return; {346#false} is VALID [2022-02-20 17:55:19,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:55:19,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,385 INFO L290 TraceCheckUtils]: 0: Hoare triple {345#true} ~handle := #in~handle;havoc ~retValue_acc~3; {345#true} is VALID [2022-02-20 17:55:19,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {345#true} is VALID [2022-02-20 17:55:19,385 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,386 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {346#false} #1025#return; {346#false} is VALID [2022-02-20 17:55:19,386 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:55:19,389 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,391 INFO L290 TraceCheckUtils]: 0: Hoare triple {345#true} ~handle := #in~handle;havoc ~retValue_acc~36; {345#true} is VALID [2022-02-20 17:55:19,392 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {345#true} is VALID [2022-02-20 17:55:19,392 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,392 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {346#false} #1043#return; {346#false} is VALID [2022-02-20 17:55:19,392 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:55:19,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {400#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,400 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,400 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {346#false} #1049#return; {346#false} is VALID [2022-02-20 17:55:19,400 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:55:19,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,408 INFO L290 TraceCheckUtils]: 0: Hoare triple {345#true} ~handle := #in~handle;havoc ~retValue_acc~39; {345#true} is VALID [2022-02-20 17:55:19,408 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {345#true} is VALID [2022-02-20 17:55:19,408 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,411 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {345#true} {346#false} #1053#return; {346#false} is VALID [2022-02-20 17:55:19,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {345#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {345#true} is VALID [2022-02-20 17:55:19,416 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {345#true} is VALID [2022-02-20 17:55:19,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {345#true} is VALID [2022-02-20 17:55:19,417 INFO L290 TraceCheckUtils]: 3: Hoare triple {345#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {345#true} is VALID [2022-02-20 17:55:19,419 INFO L290 TraceCheckUtils]: 4: Hoare triple {345#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {345#true} is VALID [2022-02-20 17:55:19,419 INFO L290 TraceCheckUtils]: 5: Hoare triple {345#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {345#true} is VALID [2022-02-20 17:55:19,421 INFO L272 TraceCheckUtils]: 6: Hoare triple {345#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {396#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,421 INFO L290 TraceCheckUtils]: 7: Hoare triple {396#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,421 INFO L290 TraceCheckUtils]: 8: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,422 INFO L290 TraceCheckUtils]: 9: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,422 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {345#true} {345#true} #1079#return; {345#true} is VALID [2022-02-20 17:55:19,422 INFO L290 TraceCheckUtils]: 11: Hoare triple {345#true} assume { :end_inline_setup_bob__wrappee__Base } true; {345#true} is VALID [2022-02-20 17:55:19,424 INFO L272 TraceCheckUtils]: 12: Hoare triple {345#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {397#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:19,424 INFO L290 TraceCheckUtils]: 13: Hoare triple {397#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,424 INFO L290 TraceCheckUtils]: 14: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,424 INFO L290 TraceCheckUtils]: 15: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,425 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {345#true} {345#true} #1081#return; {345#true} is VALID [2022-02-20 17:55:19,425 INFO L290 TraceCheckUtils]: 17: Hoare triple {345#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {355#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:19,426 INFO L272 TraceCheckUtils]: 18: Hoare triple {355#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {396#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,427 INFO L290 TraceCheckUtils]: 19: Hoare triple {396#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {398#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:19,428 INFO L290 TraceCheckUtils]: 20: Hoare triple {398#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {399#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,428 INFO L290 TraceCheckUtils]: 21: Hoare triple {399#(= |setClientId_#in~handle| 1)} assume true; {399#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:19,429 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {399#(= |setClientId_#in~handle| 1)} {355#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1083#return; {346#false} is VALID [2022-02-20 17:55:19,429 INFO L290 TraceCheckUtils]: 23: Hoare triple {346#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {346#false} is VALID [2022-02-20 17:55:19,429 INFO L272 TraceCheckUtils]: 24: Hoare triple {346#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {397#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:19,430 INFO L290 TraceCheckUtils]: 25: Hoare triple {397#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,430 INFO L290 TraceCheckUtils]: 26: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,430 INFO L290 TraceCheckUtils]: 27: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,430 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {345#true} {346#false} #1085#return; {346#false} is VALID [2022-02-20 17:55:19,432 INFO L290 TraceCheckUtils]: 29: Hoare triple {346#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {346#false} is VALID [2022-02-20 17:55:19,432 INFO L272 TraceCheckUtils]: 30: Hoare triple {346#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {396#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:19,432 INFO L290 TraceCheckUtils]: 31: Hoare triple {396#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,433 INFO L290 TraceCheckUtils]: 32: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,433 INFO L290 TraceCheckUtils]: 33: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,434 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {345#true} {346#false} #1087#return; {346#false} is VALID [2022-02-20 17:55:19,434 INFO L290 TraceCheckUtils]: 35: Hoare triple {346#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {346#false} is VALID [2022-02-20 17:55:19,434 INFO L272 TraceCheckUtils]: 36: Hoare triple {346#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {397#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:19,435 INFO L290 TraceCheckUtils]: 37: Hoare triple {397#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,436 INFO L290 TraceCheckUtils]: 38: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,436 INFO L290 TraceCheckUtils]: 39: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,437 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {345#true} {346#false} #1089#return; {346#false} is VALID [2022-02-20 17:55:19,437 INFO L290 TraceCheckUtils]: 41: Hoare triple {346#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {346#false} is VALID [2022-02-20 17:55:19,437 INFO L290 TraceCheckUtils]: 42: Hoare triple {346#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {346#false} is VALID [2022-02-20 17:55:19,437 INFO L290 TraceCheckUtils]: 43: Hoare triple {346#false} assume false; {346#false} is VALID [2022-02-20 17:55:19,438 INFO L290 TraceCheckUtils]: 44: Hoare triple {346#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {346#false} is VALID [2022-02-20 17:55:19,438 INFO L272 TraceCheckUtils]: 45: Hoare triple {346#false} call sendEmail(~bob~0, ~rjh~0); {346#false} is VALID [2022-02-20 17:55:19,438 INFO L290 TraceCheckUtils]: 46: Hoare triple {346#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {346#false} is VALID [2022-02-20 17:55:19,439 INFO L272 TraceCheckUtils]: 47: Hoare triple {346#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {400#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:19,439 INFO L290 TraceCheckUtils]: 48: Hoare triple {400#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,439 INFO L290 TraceCheckUtils]: 49: Hoare triple {345#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,439 INFO L290 TraceCheckUtils]: 50: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,439 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {345#true} {346#false} #1065#return; {346#false} is VALID [2022-02-20 17:55:19,442 INFO L272 TraceCheckUtils]: 52: Hoare triple {346#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {401#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:19,442 INFO L290 TraceCheckUtils]: 53: Hoare triple {401#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,443 INFO L290 TraceCheckUtils]: 54: Hoare triple {345#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,443 INFO L290 TraceCheckUtils]: 55: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,443 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {345#true} {346#false} #1067#return; {346#false} is VALID [2022-02-20 17:55:19,444 INFO L290 TraceCheckUtils]: 57: Hoare triple {346#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {346#false} is VALID [2022-02-20 17:55:19,444 INFO L290 TraceCheckUtils]: 58: Hoare triple {346#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {346#false} is VALID [2022-02-20 17:55:19,444 INFO L272 TraceCheckUtils]: 59: Hoare triple {346#false} call outgoing(~sender#1, ~email~0#1); {346#false} is VALID [2022-02-20 17:55:19,444 INFO L290 TraceCheckUtils]: 60: Hoare triple {346#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {346#false} is VALID [2022-02-20 17:55:19,445 INFO L272 TraceCheckUtils]: 61: Hoare triple {346#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {345#true} is VALID [2022-02-20 17:55:19,445 INFO L290 TraceCheckUtils]: 62: Hoare triple {345#true} ~handle := #in~handle;havoc ~retValue_acc~3; {345#true} is VALID [2022-02-20 17:55:19,446 INFO L290 TraceCheckUtils]: 63: Hoare triple {345#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {345#true} is VALID [2022-02-20 17:55:19,447 INFO L290 TraceCheckUtils]: 64: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,447 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {345#true} {346#false} #1025#return; {346#false} is VALID [2022-02-20 17:55:19,449 INFO L290 TraceCheckUtils]: 66: Hoare triple {346#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {346#false} is VALID [2022-02-20 17:55:19,449 INFO L290 TraceCheckUtils]: 67: Hoare triple {346#false} assume !(0 != ~size~2#1); {346#false} is VALID [2022-02-20 17:55:19,461 INFO L272 TraceCheckUtils]: 68: Hoare triple {346#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {346#false} is VALID [2022-02-20 17:55:19,461 INFO L290 TraceCheckUtils]: 69: Hoare triple {346#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {346#false} is VALID [2022-02-20 17:55:19,462 INFO L272 TraceCheckUtils]: 70: Hoare triple {346#false} call #t~ret12#1 := getEmailTo(~msg#1); {345#true} is VALID [2022-02-20 17:55:19,462 INFO L290 TraceCheckUtils]: 71: Hoare triple {345#true} ~handle := #in~handle;havoc ~retValue_acc~36; {345#true} is VALID [2022-02-20 17:55:19,462 INFO L290 TraceCheckUtils]: 72: Hoare triple {345#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {345#true} is VALID [2022-02-20 17:55:19,462 INFO L290 TraceCheckUtils]: 73: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,462 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {345#true} {346#false} #1043#return; {346#false} is VALID [2022-02-20 17:55:19,463 INFO L290 TraceCheckUtils]: 75: Hoare triple {346#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {346#false} is VALID [2022-02-20 17:55:19,463 INFO L290 TraceCheckUtils]: 76: Hoare triple {346#false} assume 1 == findPublicKey_~handle#1; {346#false} is VALID [2022-02-20 17:55:19,467 INFO L290 TraceCheckUtils]: 77: Hoare triple {346#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {346#false} is VALID [2022-02-20 17:55:19,467 INFO L290 TraceCheckUtils]: 78: Hoare triple {346#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {346#false} is VALID [2022-02-20 17:55:19,468 INFO L290 TraceCheckUtils]: 79: Hoare triple {346#false} assume !(0 != ~pubkey~0#1); {346#false} is VALID [2022-02-20 17:55:19,468 INFO L290 TraceCheckUtils]: 80: Hoare triple {346#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {346#false} is VALID [2022-02-20 17:55:19,468 INFO L290 TraceCheckUtils]: 81: Hoare triple {346#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {346#false} is VALID [2022-02-20 17:55:19,468 INFO L290 TraceCheckUtils]: 82: Hoare triple {346#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {346#false} is VALID [2022-02-20 17:55:19,469 INFO L272 TraceCheckUtils]: 83: Hoare triple {346#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {400#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:19,469 INFO L290 TraceCheckUtils]: 84: Hoare triple {400#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:19,469 INFO L290 TraceCheckUtils]: 85: Hoare triple {345#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:19,469 INFO L290 TraceCheckUtils]: 86: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,470 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {345#true} {346#false} #1049#return; {346#false} is VALID [2022-02-20 17:55:19,470 INFO L290 TraceCheckUtils]: 88: Hoare triple {346#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {346#false} is VALID [2022-02-20 17:55:19,470 INFO L290 TraceCheckUtils]: 89: Hoare triple {346#false} assume !(-1 == ~mail_is_sensitive~0); {346#false} is VALID [2022-02-20 17:55:19,470 INFO L272 TraceCheckUtils]: 90: Hoare triple {346#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {345#true} is VALID [2022-02-20 17:55:19,471 INFO L290 TraceCheckUtils]: 91: Hoare triple {345#true} ~handle := #in~handle;havoc ~retValue_acc~39; {345#true} is VALID [2022-02-20 17:55:19,471 INFO L290 TraceCheckUtils]: 92: Hoare triple {345#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {345#true} is VALID [2022-02-20 17:55:19,471 INFO L290 TraceCheckUtils]: 93: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:19,471 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {345#true} {346#false} #1053#return; {346#false} is VALID [2022-02-20 17:55:19,471 INFO L290 TraceCheckUtils]: 95: Hoare triple {346#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {346#false} is VALID [2022-02-20 17:55:19,472 INFO L290 TraceCheckUtils]: 96: Hoare triple {346#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {346#false} is VALID [2022-02-20 17:55:19,480 INFO L290 TraceCheckUtils]: 97: Hoare triple {346#false} assume !false; {346#false} is VALID [2022-02-20 17:55:19,481 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:19,481 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:19,481 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [825372516] [2022-02-20 17:55:19,482 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [825372516] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:19,482 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1697268181] [2022-02-20 17:55:19,483 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:19,483 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:19,483 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:19,491 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:19,498 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:55:19,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,747 INFO L263 TraceCheckSpWp]: Trace formula consists of 986 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:55:19,818 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:19,840 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:20,111 INFO L290 TraceCheckUtils]: 0: Hoare triple {345#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {345#true} is VALID [2022-02-20 17:55:20,112 INFO L290 TraceCheckUtils]: 1: Hoare triple {345#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {345#true} is VALID [2022-02-20 17:55:20,112 INFO L290 TraceCheckUtils]: 2: Hoare triple {345#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {345#true} is VALID [2022-02-20 17:55:20,112 INFO L290 TraceCheckUtils]: 3: Hoare triple {345#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {345#true} is VALID [2022-02-20 17:55:20,112 INFO L290 TraceCheckUtils]: 4: Hoare triple {345#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {345#true} is VALID [2022-02-20 17:55:20,112 INFO L290 TraceCheckUtils]: 5: Hoare triple {345#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {345#true} is VALID [2022-02-20 17:55:20,113 INFO L272 TraceCheckUtils]: 6: Hoare triple {345#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {345#true} is VALID [2022-02-20 17:55:20,113 INFO L290 TraceCheckUtils]: 7: Hoare triple {345#true} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:20,113 INFO L290 TraceCheckUtils]: 8: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:20,113 INFO L290 TraceCheckUtils]: 9: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:20,113 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {345#true} {345#true} #1079#return; {345#true} is VALID [2022-02-20 17:55:20,114 INFO L290 TraceCheckUtils]: 11: Hoare triple {345#true} assume { :end_inline_setup_bob__wrappee__Base } true; {345#true} is VALID [2022-02-20 17:55:20,114 INFO L272 TraceCheckUtils]: 12: Hoare triple {345#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {345#true} is VALID [2022-02-20 17:55:20,114 INFO L290 TraceCheckUtils]: 13: Hoare triple {345#true} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:20,114 INFO L290 TraceCheckUtils]: 14: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:20,114 INFO L290 TraceCheckUtils]: 15: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:20,115 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {345#true} {345#true} #1081#return; {345#true} is VALID [2022-02-20 17:55:20,115 INFO L290 TraceCheckUtils]: 17: Hoare triple {345#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {345#true} is VALID [2022-02-20 17:55:20,115 INFO L272 TraceCheckUtils]: 18: Hoare triple {345#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {345#true} is VALID [2022-02-20 17:55:20,115 INFO L290 TraceCheckUtils]: 19: Hoare triple {345#true} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:20,115 INFO L290 TraceCheckUtils]: 20: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:20,115 INFO L290 TraceCheckUtils]: 21: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:20,116 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {345#true} {345#true} #1083#return; {345#true} is VALID [2022-02-20 17:55:20,116 INFO L290 TraceCheckUtils]: 23: Hoare triple {345#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {345#true} is VALID [2022-02-20 17:55:20,116 INFO L272 TraceCheckUtils]: 24: Hoare triple {345#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {345#true} is VALID [2022-02-20 17:55:20,116 INFO L290 TraceCheckUtils]: 25: Hoare triple {345#true} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:20,118 INFO L290 TraceCheckUtils]: 26: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:20,119 INFO L290 TraceCheckUtils]: 27: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:20,119 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {345#true} {345#true} #1085#return; {345#true} is VALID [2022-02-20 17:55:20,119 INFO L290 TraceCheckUtils]: 29: Hoare triple {345#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {345#true} is VALID [2022-02-20 17:55:20,119 INFO L272 TraceCheckUtils]: 30: Hoare triple {345#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {345#true} is VALID [2022-02-20 17:55:20,119 INFO L290 TraceCheckUtils]: 31: Hoare triple {345#true} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:20,120 INFO L290 TraceCheckUtils]: 32: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:20,120 INFO L290 TraceCheckUtils]: 33: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:20,120 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {345#true} {345#true} #1087#return; {345#true} is VALID [2022-02-20 17:55:20,120 INFO L290 TraceCheckUtils]: 35: Hoare triple {345#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {345#true} is VALID [2022-02-20 17:55:20,120 INFO L272 TraceCheckUtils]: 36: Hoare triple {345#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {345#true} is VALID [2022-02-20 17:55:20,120 INFO L290 TraceCheckUtils]: 37: Hoare triple {345#true} ~handle := #in~handle;~value := #in~value; {345#true} is VALID [2022-02-20 17:55:20,121 INFO L290 TraceCheckUtils]: 38: Hoare triple {345#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {345#true} is VALID [2022-02-20 17:55:20,121 INFO L290 TraceCheckUtils]: 39: Hoare triple {345#true} assume true; {345#true} is VALID [2022-02-20 17:55:20,121 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {345#true} {345#true} #1089#return; {345#true} is VALID [2022-02-20 17:55:20,122 INFO L290 TraceCheckUtils]: 41: Hoare triple {345#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {345#true} is VALID [2022-02-20 17:55:20,122 INFO L290 TraceCheckUtils]: 42: Hoare triple {345#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {345#true} is VALID [2022-02-20 17:55:20,122 INFO L290 TraceCheckUtils]: 43: Hoare triple {345#true} assume false; {346#false} is VALID [2022-02-20 17:55:20,123 INFO L290 TraceCheckUtils]: 44: Hoare triple {346#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {346#false} is VALID [2022-02-20 17:55:20,123 INFO L272 TraceCheckUtils]: 45: Hoare triple {346#false} call sendEmail(~bob~0, ~rjh~0); {346#false} is VALID [2022-02-20 17:55:20,123 INFO L290 TraceCheckUtils]: 46: Hoare triple {346#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {346#false} is VALID [2022-02-20 17:55:20,123 INFO L272 TraceCheckUtils]: 47: Hoare triple {346#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {346#false} is VALID [2022-02-20 17:55:20,123 INFO L290 TraceCheckUtils]: 48: Hoare triple {346#false} ~handle := #in~handle;~value := #in~value; {346#false} is VALID [2022-02-20 17:55:20,123 INFO L290 TraceCheckUtils]: 49: Hoare triple {346#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {346#false} is VALID [2022-02-20 17:55:20,124 INFO L290 TraceCheckUtils]: 50: Hoare triple {346#false} assume true; {346#false} is VALID [2022-02-20 17:55:20,128 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {346#false} {346#false} #1065#return; {346#false} is VALID [2022-02-20 17:55:20,128 INFO L272 TraceCheckUtils]: 52: Hoare triple {346#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {346#false} is VALID [2022-02-20 17:55:20,128 INFO L290 TraceCheckUtils]: 53: Hoare triple {346#false} ~handle := #in~handle;~value := #in~value; {346#false} is VALID [2022-02-20 17:55:20,129 INFO L290 TraceCheckUtils]: 54: Hoare triple {346#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {346#false} is VALID [2022-02-20 17:55:20,129 INFO L290 TraceCheckUtils]: 55: Hoare triple {346#false} assume true; {346#false} is VALID [2022-02-20 17:55:20,129 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {346#false} {346#false} #1067#return; {346#false} is VALID [2022-02-20 17:55:20,129 INFO L290 TraceCheckUtils]: 57: Hoare triple {346#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {346#false} is VALID [2022-02-20 17:55:20,129 INFO L290 TraceCheckUtils]: 58: Hoare triple {346#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {346#false} is VALID [2022-02-20 17:55:20,129 INFO L272 TraceCheckUtils]: 59: Hoare triple {346#false} call outgoing(~sender#1, ~email~0#1); {346#false} is VALID [2022-02-20 17:55:20,130 INFO L290 TraceCheckUtils]: 60: Hoare triple {346#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {346#false} is VALID [2022-02-20 17:55:20,130 INFO L272 TraceCheckUtils]: 61: Hoare triple {346#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {346#false} is VALID [2022-02-20 17:55:20,130 INFO L290 TraceCheckUtils]: 62: Hoare triple {346#false} ~handle := #in~handle;havoc ~retValue_acc~3; {346#false} is VALID [2022-02-20 17:55:20,130 INFO L290 TraceCheckUtils]: 63: Hoare triple {346#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {346#false} is VALID [2022-02-20 17:55:20,130 INFO L290 TraceCheckUtils]: 64: Hoare triple {346#false} assume true; {346#false} is VALID [2022-02-20 17:55:20,131 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {346#false} {346#false} #1025#return; {346#false} is VALID [2022-02-20 17:55:20,131 INFO L290 TraceCheckUtils]: 66: Hoare triple {346#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {346#false} is VALID [2022-02-20 17:55:20,131 INFO L290 TraceCheckUtils]: 67: Hoare triple {346#false} assume !(0 != ~size~2#1); {346#false} is VALID [2022-02-20 17:55:20,131 INFO L272 TraceCheckUtils]: 68: Hoare triple {346#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {346#false} is VALID [2022-02-20 17:55:20,131 INFO L290 TraceCheckUtils]: 69: Hoare triple {346#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {346#false} is VALID [2022-02-20 17:55:20,131 INFO L272 TraceCheckUtils]: 70: Hoare triple {346#false} call #t~ret12#1 := getEmailTo(~msg#1); {346#false} is VALID [2022-02-20 17:55:20,132 INFO L290 TraceCheckUtils]: 71: Hoare triple {346#false} ~handle := #in~handle;havoc ~retValue_acc~36; {346#false} is VALID [2022-02-20 17:55:20,132 INFO L290 TraceCheckUtils]: 72: Hoare triple {346#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {346#false} is VALID [2022-02-20 17:55:20,132 INFO L290 TraceCheckUtils]: 73: Hoare triple {346#false} assume true; {346#false} is VALID [2022-02-20 17:55:20,132 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {346#false} {346#false} #1043#return; {346#false} is VALID [2022-02-20 17:55:20,132 INFO L290 TraceCheckUtils]: 75: Hoare triple {346#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {346#false} is VALID [2022-02-20 17:55:20,132 INFO L290 TraceCheckUtils]: 76: Hoare triple {346#false} assume 1 == findPublicKey_~handle#1; {346#false} is VALID [2022-02-20 17:55:20,133 INFO L290 TraceCheckUtils]: 77: Hoare triple {346#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {346#false} is VALID [2022-02-20 17:55:20,133 INFO L290 TraceCheckUtils]: 78: Hoare triple {346#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {346#false} is VALID [2022-02-20 17:55:20,133 INFO L290 TraceCheckUtils]: 79: Hoare triple {346#false} assume !(0 != ~pubkey~0#1); {346#false} is VALID [2022-02-20 17:55:20,133 INFO L290 TraceCheckUtils]: 80: Hoare triple {346#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {346#false} is VALID [2022-02-20 17:55:20,134 INFO L290 TraceCheckUtils]: 81: Hoare triple {346#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {346#false} is VALID [2022-02-20 17:55:20,134 INFO L290 TraceCheckUtils]: 82: Hoare triple {346#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {346#false} is VALID [2022-02-20 17:55:20,134 INFO L272 TraceCheckUtils]: 83: Hoare triple {346#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {346#false} is VALID [2022-02-20 17:55:20,134 INFO L290 TraceCheckUtils]: 84: Hoare triple {346#false} ~handle := #in~handle;~value := #in~value; {346#false} is VALID [2022-02-20 17:55:20,134 INFO L290 TraceCheckUtils]: 85: Hoare triple {346#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {346#false} is VALID [2022-02-20 17:55:20,135 INFO L290 TraceCheckUtils]: 86: Hoare triple {346#false} assume true; {346#false} is VALID [2022-02-20 17:55:20,135 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {346#false} {346#false} #1049#return; {346#false} is VALID [2022-02-20 17:55:20,135 INFO L290 TraceCheckUtils]: 88: Hoare triple {346#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {346#false} is VALID [2022-02-20 17:55:20,135 INFO L290 TraceCheckUtils]: 89: Hoare triple {346#false} assume !(-1 == ~mail_is_sensitive~0); {346#false} is VALID [2022-02-20 17:55:20,138 INFO L272 TraceCheckUtils]: 90: Hoare triple {346#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {346#false} is VALID [2022-02-20 17:55:20,138 INFO L290 TraceCheckUtils]: 91: Hoare triple {346#false} ~handle := #in~handle;havoc ~retValue_acc~39; {346#false} is VALID [2022-02-20 17:55:20,138 INFO L290 TraceCheckUtils]: 92: Hoare triple {346#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {346#false} is VALID [2022-02-20 17:55:20,143 INFO L290 TraceCheckUtils]: 93: Hoare triple {346#false} assume true; {346#false} is VALID [2022-02-20 17:55:20,144 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {346#false} {346#false} #1053#return; {346#false} is VALID [2022-02-20 17:55:20,144 INFO L290 TraceCheckUtils]: 95: Hoare triple {346#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {346#false} is VALID [2022-02-20 17:55:20,145 INFO L290 TraceCheckUtils]: 96: Hoare triple {346#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {346#false} is VALID [2022-02-20 17:55:20,148 INFO L290 TraceCheckUtils]: 97: Hoare triple {346#false} assume !false; {346#false} is VALID [2022-02-20 17:55:20,149 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:20,150 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:20,150 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1697268181] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:20,150 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:20,150 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:55:20,152 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [463956809] [2022-02-20 17:55:20,153 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:20,158 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2022-02-20 17:55:20,160 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:20,164 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:20,237 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:20,237 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:55:20,237 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:20,254 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:55:20,254 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:20,259 INFO L87 Difference]: Start difference. First operand has 342 states, 267 states have (on average 1.5880149812734083) internal successors, (424), 272 states have internal predecessors, (424), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (52), 51 states have call predecessors, (52), 52 states have call successors, (52) Second operand has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:20,613 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:20,613 INFO L93 Difference]: Finished difference Result 496 states and 754 transitions. [2022-02-20 17:55:20,613 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:55:20,614 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2022-02-20 17:55:20,614 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:20,616 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:20,636 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 754 transitions. [2022-02-20 17:55:20,637 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:20,665 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 754 transitions. [2022-02-20 17:55:20,666 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 754 transitions. [2022-02-20 17:55:21,325 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 754 edges. 754 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:21,365 INFO L225 Difference]: With dead ends: 496 [2022-02-20 17:55:21,366 INFO L226 Difference]: Without dead ends: 335 [2022-02-20 17:55:21,373 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 125 GetRequests, 118 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:21,376 INFO L933 BasicCegarLoop]: 524 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 524 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:21,378 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 524 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:21,394 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 335 states. [2022-02-20 17:55:21,443 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 335 to 335. [2022-02-20 17:55:21,444 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:21,448 INFO L82 GeneralOperation]: Start isEquivalent. First operand 335 states. Second operand has 335 states, 261 states have (on average 1.582375478927203) internal successors, (413), 265 states have internal predecessors, (413), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) [2022-02-20 17:55:21,452 INFO L74 IsIncluded]: Start isIncluded. First operand 335 states. Second operand has 335 states, 261 states have (on average 1.582375478927203) internal successors, (413), 265 states have internal predecessors, (413), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) [2022-02-20 17:55:21,454 INFO L87 Difference]: Start difference. First operand 335 states. Second operand has 335 states, 261 states have (on average 1.582375478927203) internal successors, (413), 265 states have internal predecessors, (413), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) [2022-02-20 17:55:21,482 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:21,482 INFO L93 Difference]: Finished difference Result 335 states and 516 transitions. [2022-02-20 17:55:21,483 INFO L276 IsEmpty]: Start isEmpty. Operand 335 states and 516 transitions. [2022-02-20 17:55:21,491 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:21,491 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:21,493 INFO L74 IsIncluded]: Start isIncluded. First operand has 335 states, 261 states have (on average 1.582375478927203) internal successors, (413), 265 states have internal predecessors, (413), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) Second operand 335 states. [2022-02-20 17:55:21,495 INFO L87 Difference]: Start difference. First operand has 335 states, 261 states have (on average 1.582375478927203) internal successors, (413), 265 states have internal predecessors, (413), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) Second operand 335 states. [2022-02-20 17:55:21,514 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:21,515 INFO L93 Difference]: Finished difference Result 335 states and 516 transitions. [2022-02-20 17:55:21,515 INFO L276 IsEmpty]: Start isEmpty. Operand 335 states and 516 transitions. [2022-02-20 17:55:21,516 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:21,516 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:21,517 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:21,517 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:21,519 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 335 states, 261 states have (on average 1.582375478927203) internal successors, (413), 265 states have internal predecessors, (413), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) [2022-02-20 17:55:21,538 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 335 states to 335 states and 516 transitions. [2022-02-20 17:55:21,540 INFO L78 Accepts]: Start accepts. Automaton has 335 states and 516 transitions. Word has length 98 [2022-02-20 17:55:21,540 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:21,541 INFO L470 AbstractCegarLoop]: Abstraction has 335 states and 516 transitions. [2022-02-20 17:55:21,541 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:21,541 INFO L276 IsEmpty]: Start isEmpty. Operand 335 states and 516 transitions. [2022-02-20 17:55:21,545 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2022-02-20 17:55:21,545 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:21,546 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:21,575 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:21,770 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:55:21,771 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:21,771 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:21,771 INFO L85 PathProgramCache]: Analyzing trace with hash 233231985, now seen corresponding path program 1 times [2022-02-20 17:55:21,771 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:21,771 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [219940919] [2022-02-20 17:55:21,772 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:21,772 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:21,826 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,867 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:21,869 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,883 INFO L290 TraceCheckUtils]: 0: Hoare triple {2549#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:21,885 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:21,885 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,885 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2498#true} #1079#return; {2498#true} is VALID [2022-02-20 17:55:21,891 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:21,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,898 INFO L290 TraceCheckUtils]: 0: Hoare triple {2550#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:21,900 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:21,900 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,900 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2498#true} #1081#return; {2498#true} is VALID [2022-02-20 17:55:21,900 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:21,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,923 INFO L290 TraceCheckUtils]: 0: Hoare triple {2549#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2551#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:21,924 INFO L290 TraceCheckUtils]: 1: Hoare triple {2551#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2552#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:21,925 INFO L290 TraceCheckUtils]: 2: Hoare triple {2552#(= |setClientId_#in~handle| 1)} assume true; {2552#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:21,928 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2552#(= |setClientId_#in~handle| 1)} {2508#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1083#return; {2499#false} is VALID [2022-02-20 17:55:21,928 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:21,930 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {2550#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:21,933 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:21,933 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,933 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2499#false} #1085#return; {2499#false} is VALID [2022-02-20 17:55:21,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:21,935 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,938 INFO L290 TraceCheckUtils]: 0: Hoare triple {2549#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:21,938 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:21,938 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,938 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2499#false} #1087#return; {2499#false} is VALID [2022-02-20 17:55:21,939 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:21,942 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,944 INFO L290 TraceCheckUtils]: 0: Hoare triple {2550#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:21,944 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:21,945 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,945 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2499#false} #1089#return; {2499#false} is VALID [2022-02-20 17:55:21,952 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:55:21,953 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {2553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:21,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:21,957 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,957 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2499#false} #1065#return; {2499#false} is VALID [2022-02-20 17:55:21,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:55:21,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {2554#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:21,970 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:21,970 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,970 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2499#false} #1067#return; {2499#false} is VALID [2022-02-20 17:55:21,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:55:21,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,976 INFO L290 TraceCheckUtils]: 0: Hoare triple {2498#true} ~handle := #in~handle;havoc ~retValue_acc~3; {2498#true} is VALID [2022-02-20 17:55:21,976 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {2498#true} is VALID [2022-02-20 17:55:21,976 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,976 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2499#false} #1025#return; {2499#false} is VALID [2022-02-20 17:55:21,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:55:21,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,982 INFO L290 TraceCheckUtils]: 0: Hoare triple {2498#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2498#true} is VALID [2022-02-20 17:55:21,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2498#true} is VALID [2022-02-20 17:55:21,982 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,983 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2499#false} #1043#return; {2499#false} is VALID [2022-02-20 17:55:21,983 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:55:21,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,988 INFO L290 TraceCheckUtils]: 0: Hoare triple {2553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:21,989 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:21,989 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,989 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2499#false} #1049#return; {2499#false} is VALID [2022-02-20 17:55:21,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:55:21,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:21,993 INFO L290 TraceCheckUtils]: 0: Hoare triple {2498#true} ~handle := #in~handle;havoc ~retValue_acc~39; {2498#true} is VALID [2022-02-20 17:55:21,993 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2498#true} is VALID [2022-02-20 17:55:21,993 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,993 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2498#true} {2499#false} #1053#return; {2499#false} is VALID [2022-02-20 17:55:21,993 INFO L290 TraceCheckUtils]: 0: Hoare triple {2498#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2498#true} is VALID [2022-02-20 17:55:21,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {2498#true} is VALID [2022-02-20 17:55:21,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2498#true} is VALID [2022-02-20 17:55:21,994 INFO L290 TraceCheckUtils]: 3: Hoare triple {2498#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {2498#true} is VALID [2022-02-20 17:55:21,996 INFO L290 TraceCheckUtils]: 4: Hoare triple {2498#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {2498#true} is VALID [2022-02-20 17:55:21,996 INFO L290 TraceCheckUtils]: 5: Hoare triple {2498#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2498#true} is VALID [2022-02-20 17:55:21,997 INFO L272 TraceCheckUtils]: 6: Hoare triple {2498#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2549#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:21,997 INFO L290 TraceCheckUtils]: 7: Hoare triple {2549#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:21,997 INFO L290 TraceCheckUtils]: 8: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:21,998 INFO L290 TraceCheckUtils]: 9: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:21,999 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2498#true} {2498#true} #1079#return; {2498#true} is VALID [2022-02-20 17:55:21,999 INFO L290 TraceCheckUtils]: 11: Hoare triple {2498#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2498#true} is VALID [2022-02-20 17:55:22,000 INFO L272 TraceCheckUtils]: 12: Hoare triple {2498#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2550#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:22,000 INFO L290 TraceCheckUtils]: 13: Hoare triple {2550#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,000 INFO L290 TraceCheckUtils]: 14: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,000 INFO L290 TraceCheckUtils]: 15: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,000 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2498#true} {2498#true} #1081#return; {2498#true} is VALID [2022-02-20 17:55:22,001 INFO L290 TraceCheckUtils]: 17: Hoare triple {2498#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2508#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:22,001 INFO L272 TraceCheckUtils]: 18: Hoare triple {2508#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2549#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:22,002 INFO L290 TraceCheckUtils]: 19: Hoare triple {2549#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2551#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:22,002 INFO L290 TraceCheckUtils]: 20: Hoare triple {2551#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2552#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:22,002 INFO L290 TraceCheckUtils]: 21: Hoare triple {2552#(= |setClientId_#in~handle| 1)} assume true; {2552#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:22,003 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2552#(= |setClientId_#in~handle| 1)} {2508#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1083#return; {2499#false} is VALID [2022-02-20 17:55:22,003 INFO L290 TraceCheckUtils]: 23: Hoare triple {2499#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2499#false} is VALID [2022-02-20 17:55:22,003 INFO L272 TraceCheckUtils]: 24: Hoare triple {2499#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2550#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:22,004 INFO L290 TraceCheckUtils]: 25: Hoare triple {2550#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,004 INFO L290 TraceCheckUtils]: 26: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,004 INFO L290 TraceCheckUtils]: 27: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,004 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2498#true} {2499#false} #1085#return; {2499#false} is VALID [2022-02-20 17:55:22,004 INFO L290 TraceCheckUtils]: 29: Hoare triple {2499#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2499#false} is VALID [2022-02-20 17:55:22,004 INFO L272 TraceCheckUtils]: 30: Hoare triple {2499#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2549#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:22,004 INFO L290 TraceCheckUtils]: 31: Hoare triple {2549#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,005 INFO L290 TraceCheckUtils]: 32: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,005 INFO L290 TraceCheckUtils]: 33: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,005 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2498#true} {2499#false} #1087#return; {2499#false} is VALID [2022-02-20 17:55:22,005 INFO L290 TraceCheckUtils]: 35: Hoare triple {2499#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2499#false} is VALID [2022-02-20 17:55:22,005 INFO L272 TraceCheckUtils]: 36: Hoare triple {2499#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2550#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:22,005 INFO L290 TraceCheckUtils]: 37: Hoare triple {2550#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,005 INFO L290 TraceCheckUtils]: 38: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,006 INFO L290 TraceCheckUtils]: 39: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,006 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2498#true} {2499#false} #1089#return; {2499#false} is VALID [2022-02-20 17:55:22,006 INFO L290 TraceCheckUtils]: 41: Hoare triple {2499#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {2499#false} is VALID [2022-02-20 17:55:22,006 INFO L290 TraceCheckUtils]: 42: Hoare triple {2499#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2499#false} is VALID [2022-02-20 17:55:22,006 INFO L290 TraceCheckUtils]: 43: Hoare triple {2499#false} assume !false; {2499#false} is VALID [2022-02-20 17:55:22,007 INFO L290 TraceCheckUtils]: 44: Hoare triple {2499#false} assume !(test_~splverifierCounter~0#1 < 4); {2499#false} is VALID [2022-02-20 17:55:22,007 INFO L290 TraceCheckUtils]: 45: Hoare triple {2499#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {2499#false} is VALID [2022-02-20 17:55:22,007 INFO L272 TraceCheckUtils]: 46: Hoare triple {2499#false} call sendEmail(~bob~0, ~rjh~0); {2499#false} is VALID [2022-02-20 17:55:22,007 INFO L290 TraceCheckUtils]: 47: Hoare triple {2499#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2499#false} is VALID [2022-02-20 17:55:22,007 INFO L272 TraceCheckUtils]: 48: Hoare triple {2499#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:22,007 INFO L290 TraceCheckUtils]: 49: Hoare triple {2553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,007 INFO L290 TraceCheckUtils]: 50: Hoare triple {2498#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,008 INFO L290 TraceCheckUtils]: 51: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,008 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2498#true} {2499#false} #1065#return; {2499#false} is VALID [2022-02-20 17:55:22,008 INFO L272 TraceCheckUtils]: 53: Hoare triple {2499#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2554#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:22,008 INFO L290 TraceCheckUtils]: 54: Hoare triple {2554#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,008 INFO L290 TraceCheckUtils]: 55: Hoare triple {2498#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,008 INFO L290 TraceCheckUtils]: 56: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,009 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2498#true} {2499#false} #1067#return; {2499#false} is VALID [2022-02-20 17:55:22,009 INFO L290 TraceCheckUtils]: 58: Hoare triple {2499#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {2499#false} is VALID [2022-02-20 17:55:22,009 INFO L290 TraceCheckUtils]: 59: Hoare triple {2499#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {2499#false} is VALID [2022-02-20 17:55:22,009 INFO L272 TraceCheckUtils]: 60: Hoare triple {2499#false} call outgoing(~sender#1, ~email~0#1); {2499#false} is VALID [2022-02-20 17:55:22,009 INFO L290 TraceCheckUtils]: 61: Hoare triple {2499#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {2499#false} is VALID [2022-02-20 17:55:22,009 INFO L272 TraceCheckUtils]: 62: Hoare triple {2499#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {2498#true} is VALID [2022-02-20 17:55:22,010 INFO L290 TraceCheckUtils]: 63: Hoare triple {2498#true} ~handle := #in~handle;havoc ~retValue_acc~3; {2498#true} is VALID [2022-02-20 17:55:22,010 INFO L290 TraceCheckUtils]: 64: Hoare triple {2498#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {2498#true} is VALID [2022-02-20 17:55:22,010 INFO L290 TraceCheckUtils]: 65: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,010 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2498#true} {2499#false} #1025#return; {2499#false} is VALID [2022-02-20 17:55:22,010 INFO L290 TraceCheckUtils]: 67: Hoare triple {2499#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {2499#false} is VALID [2022-02-20 17:55:22,010 INFO L290 TraceCheckUtils]: 68: Hoare triple {2499#false} assume !(0 != ~size~2#1); {2499#false} is VALID [2022-02-20 17:55:22,011 INFO L272 TraceCheckUtils]: 69: Hoare triple {2499#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {2499#false} is VALID [2022-02-20 17:55:22,011 INFO L290 TraceCheckUtils]: 70: Hoare triple {2499#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {2499#false} is VALID [2022-02-20 17:55:22,011 INFO L272 TraceCheckUtils]: 71: Hoare triple {2499#false} call #t~ret12#1 := getEmailTo(~msg#1); {2498#true} is VALID [2022-02-20 17:55:22,011 INFO L290 TraceCheckUtils]: 72: Hoare triple {2498#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2498#true} is VALID [2022-02-20 17:55:22,011 INFO L290 TraceCheckUtils]: 73: Hoare triple {2498#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2498#true} is VALID [2022-02-20 17:55:22,012 INFO L290 TraceCheckUtils]: 74: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,012 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {2498#true} {2499#false} #1043#return; {2499#false} is VALID [2022-02-20 17:55:22,013 INFO L290 TraceCheckUtils]: 76: Hoare triple {2499#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {2499#false} is VALID [2022-02-20 17:55:22,013 INFO L290 TraceCheckUtils]: 77: Hoare triple {2499#false} assume 1 == findPublicKey_~handle#1; {2499#false} is VALID [2022-02-20 17:55:22,015 INFO L290 TraceCheckUtils]: 78: Hoare triple {2499#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {2499#false} is VALID [2022-02-20 17:55:22,017 INFO L290 TraceCheckUtils]: 79: Hoare triple {2499#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {2499#false} is VALID [2022-02-20 17:55:22,017 INFO L290 TraceCheckUtils]: 80: Hoare triple {2499#false} assume !(0 != ~pubkey~0#1); {2499#false} is VALID [2022-02-20 17:55:22,017 INFO L290 TraceCheckUtils]: 81: Hoare triple {2499#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2499#false} is VALID [2022-02-20 17:55:22,017 INFO L290 TraceCheckUtils]: 82: Hoare triple {2499#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2499#false} is VALID [2022-02-20 17:55:22,017 INFO L290 TraceCheckUtils]: 83: Hoare triple {2499#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {2499#false} is VALID [2022-02-20 17:55:22,017 INFO L272 TraceCheckUtils]: 84: Hoare triple {2499#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {2553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:22,018 INFO L290 TraceCheckUtils]: 85: Hoare triple {2553#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,018 INFO L290 TraceCheckUtils]: 86: Hoare triple {2498#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,018 INFO L290 TraceCheckUtils]: 87: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,018 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2498#true} {2499#false} #1049#return; {2499#false} is VALID [2022-02-20 17:55:22,018 INFO L290 TraceCheckUtils]: 89: Hoare triple {2499#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {2499#false} is VALID [2022-02-20 17:55:22,018 INFO L290 TraceCheckUtils]: 90: Hoare triple {2499#false} assume !(-1 == ~mail_is_sensitive~0); {2499#false} is VALID [2022-02-20 17:55:22,018 INFO L272 TraceCheckUtils]: 91: Hoare triple {2499#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {2498#true} is VALID [2022-02-20 17:55:22,019 INFO L290 TraceCheckUtils]: 92: Hoare triple {2498#true} ~handle := #in~handle;havoc ~retValue_acc~39; {2498#true} is VALID [2022-02-20 17:55:22,019 INFO L290 TraceCheckUtils]: 93: Hoare triple {2498#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2498#true} is VALID [2022-02-20 17:55:22,019 INFO L290 TraceCheckUtils]: 94: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,019 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {2498#true} {2499#false} #1053#return; {2499#false} is VALID [2022-02-20 17:55:22,019 INFO L290 TraceCheckUtils]: 96: Hoare triple {2499#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {2499#false} is VALID [2022-02-20 17:55:22,019 INFO L290 TraceCheckUtils]: 97: Hoare triple {2499#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {2499#false} is VALID [2022-02-20 17:55:22,019 INFO L290 TraceCheckUtils]: 98: Hoare triple {2499#false} assume !false; {2499#false} is VALID [2022-02-20 17:55:22,020 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:22,020 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:22,020 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [219940919] [2022-02-20 17:55:22,023 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [219940919] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:22,024 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1655744392] [2022-02-20 17:55:22,024 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:22,024 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:22,024 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:22,028 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:22,029 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:55:22,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:22,254 INFO L263 TraceCheckSpWp]: Trace formula consists of 987 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:55:22,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:22,304 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:22,533 INFO L290 TraceCheckUtils]: 0: Hoare triple {2498#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2498#true} is VALID [2022-02-20 17:55:22,533 INFO L290 TraceCheckUtils]: 1: Hoare triple {2498#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {2498#true} is VALID [2022-02-20 17:55:22,534 INFO L290 TraceCheckUtils]: 2: Hoare triple {2498#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2498#true} is VALID [2022-02-20 17:55:22,534 INFO L290 TraceCheckUtils]: 3: Hoare triple {2498#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {2498#true} is VALID [2022-02-20 17:55:22,534 INFO L290 TraceCheckUtils]: 4: Hoare triple {2498#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {2498#true} is VALID [2022-02-20 17:55:22,535 INFO L290 TraceCheckUtils]: 5: Hoare triple {2498#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2498#true} is VALID [2022-02-20 17:55:22,538 INFO L272 TraceCheckUtils]: 6: Hoare triple {2498#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2498#true} is VALID [2022-02-20 17:55:22,538 INFO L290 TraceCheckUtils]: 7: Hoare triple {2498#true} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,538 INFO L290 TraceCheckUtils]: 8: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,538 INFO L290 TraceCheckUtils]: 9: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,538 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2498#true} {2498#true} #1079#return; {2498#true} is VALID [2022-02-20 17:55:22,539 INFO L290 TraceCheckUtils]: 11: Hoare triple {2498#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2498#true} is VALID [2022-02-20 17:55:22,539 INFO L272 TraceCheckUtils]: 12: Hoare triple {2498#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2498#true} is VALID [2022-02-20 17:55:22,539 INFO L290 TraceCheckUtils]: 13: Hoare triple {2498#true} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,539 INFO L290 TraceCheckUtils]: 14: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,539 INFO L290 TraceCheckUtils]: 15: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,539 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2498#true} {2498#true} #1081#return; {2498#true} is VALID [2022-02-20 17:55:22,540 INFO L290 TraceCheckUtils]: 17: Hoare triple {2498#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2498#true} is VALID [2022-02-20 17:55:22,540 INFO L272 TraceCheckUtils]: 18: Hoare triple {2498#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2498#true} is VALID [2022-02-20 17:55:22,540 INFO L290 TraceCheckUtils]: 19: Hoare triple {2498#true} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,540 INFO L290 TraceCheckUtils]: 20: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,540 INFO L290 TraceCheckUtils]: 21: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,540 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2498#true} {2498#true} #1083#return; {2498#true} is VALID [2022-02-20 17:55:22,540 INFO L290 TraceCheckUtils]: 23: Hoare triple {2498#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2498#true} is VALID [2022-02-20 17:55:22,541 INFO L272 TraceCheckUtils]: 24: Hoare triple {2498#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2498#true} is VALID [2022-02-20 17:55:22,541 INFO L290 TraceCheckUtils]: 25: Hoare triple {2498#true} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,541 INFO L290 TraceCheckUtils]: 26: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,541 INFO L290 TraceCheckUtils]: 27: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,541 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2498#true} {2498#true} #1085#return; {2498#true} is VALID [2022-02-20 17:55:22,541 INFO L290 TraceCheckUtils]: 29: Hoare triple {2498#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2498#true} is VALID [2022-02-20 17:55:22,542 INFO L272 TraceCheckUtils]: 30: Hoare triple {2498#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2498#true} is VALID [2022-02-20 17:55:22,542 INFO L290 TraceCheckUtils]: 31: Hoare triple {2498#true} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,542 INFO L290 TraceCheckUtils]: 32: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,542 INFO L290 TraceCheckUtils]: 33: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,543 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2498#true} {2498#true} #1087#return; {2498#true} is VALID [2022-02-20 17:55:22,543 INFO L290 TraceCheckUtils]: 35: Hoare triple {2498#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2498#true} is VALID [2022-02-20 17:55:22,543 INFO L272 TraceCheckUtils]: 36: Hoare triple {2498#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2498#true} is VALID [2022-02-20 17:55:22,543 INFO L290 TraceCheckUtils]: 37: Hoare triple {2498#true} ~handle := #in~handle;~value := #in~value; {2498#true} is VALID [2022-02-20 17:55:22,543 INFO L290 TraceCheckUtils]: 38: Hoare triple {2498#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2498#true} is VALID [2022-02-20 17:55:22,544 INFO L290 TraceCheckUtils]: 39: Hoare triple {2498#true} assume true; {2498#true} is VALID [2022-02-20 17:55:22,544 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2498#true} {2498#true} #1089#return; {2498#true} is VALID [2022-02-20 17:55:22,544 INFO L290 TraceCheckUtils]: 41: Hoare triple {2498#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {2498#true} is VALID [2022-02-20 17:55:22,545 INFO L290 TraceCheckUtils]: 42: Hoare triple {2498#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2684#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:22,545 INFO L290 TraceCheckUtils]: 43: Hoare triple {2684#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2684#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:22,545 INFO L290 TraceCheckUtils]: 44: Hoare triple {2684#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2499#false} is VALID [2022-02-20 17:55:22,546 INFO L290 TraceCheckUtils]: 45: Hoare triple {2499#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {2499#false} is VALID [2022-02-20 17:55:22,547 INFO L272 TraceCheckUtils]: 46: Hoare triple {2499#false} call sendEmail(~bob~0, ~rjh~0); {2499#false} is VALID [2022-02-20 17:55:22,547 INFO L290 TraceCheckUtils]: 47: Hoare triple {2499#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2499#false} is VALID [2022-02-20 17:55:22,548 INFO L272 TraceCheckUtils]: 48: Hoare triple {2499#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2499#false} is VALID [2022-02-20 17:55:22,548 INFO L290 TraceCheckUtils]: 49: Hoare triple {2499#false} ~handle := #in~handle;~value := #in~value; {2499#false} is VALID [2022-02-20 17:55:22,548 INFO L290 TraceCheckUtils]: 50: Hoare triple {2499#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2499#false} is VALID [2022-02-20 17:55:22,548 INFO L290 TraceCheckUtils]: 51: Hoare triple {2499#false} assume true; {2499#false} is VALID [2022-02-20 17:55:22,548 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2499#false} {2499#false} #1065#return; {2499#false} is VALID [2022-02-20 17:55:22,548 INFO L272 TraceCheckUtils]: 53: Hoare triple {2499#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2499#false} is VALID [2022-02-20 17:55:22,549 INFO L290 TraceCheckUtils]: 54: Hoare triple {2499#false} ~handle := #in~handle;~value := #in~value; {2499#false} is VALID [2022-02-20 17:55:22,549 INFO L290 TraceCheckUtils]: 55: Hoare triple {2499#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2499#false} is VALID [2022-02-20 17:55:22,549 INFO L290 TraceCheckUtils]: 56: Hoare triple {2499#false} assume true; {2499#false} is VALID [2022-02-20 17:55:22,549 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2499#false} {2499#false} #1067#return; {2499#false} is VALID [2022-02-20 17:55:22,549 INFO L290 TraceCheckUtils]: 58: Hoare triple {2499#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {2499#false} is VALID [2022-02-20 17:55:22,549 INFO L290 TraceCheckUtils]: 59: Hoare triple {2499#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {2499#false} is VALID [2022-02-20 17:55:22,550 INFO L272 TraceCheckUtils]: 60: Hoare triple {2499#false} call outgoing(~sender#1, ~email~0#1); {2499#false} is VALID [2022-02-20 17:55:22,550 INFO L290 TraceCheckUtils]: 61: Hoare triple {2499#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {2499#false} is VALID [2022-02-20 17:55:22,550 INFO L272 TraceCheckUtils]: 62: Hoare triple {2499#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {2499#false} is VALID [2022-02-20 17:55:22,550 INFO L290 TraceCheckUtils]: 63: Hoare triple {2499#false} ~handle := #in~handle;havoc ~retValue_acc~3; {2499#false} is VALID [2022-02-20 17:55:22,550 INFO L290 TraceCheckUtils]: 64: Hoare triple {2499#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {2499#false} is VALID [2022-02-20 17:55:22,550 INFO L290 TraceCheckUtils]: 65: Hoare triple {2499#false} assume true; {2499#false} is VALID [2022-02-20 17:55:22,551 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2499#false} {2499#false} #1025#return; {2499#false} is VALID [2022-02-20 17:55:22,551 INFO L290 TraceCheckUtils]: 67: Hoare triple {2499#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {2499#false} is VALID [2022-02-20 17:55:22,551 INFO L290 TraceCheckUtils]: 68: Hoare triple {2499#false} assume !(0 != ~size~2#1); {2499#false} is VALID [2022-02-20 17:55:22,551 INFO L272 TraceCheckUtils]: 69: Hoare triple {2499#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {2499#false} is VALID [2022-02-20 17:55:22,551 INFO L290 TraceCheckUtils]: 70: Hoare triple {2499#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {2499#false} is VALID [2022-02-20 17:55:22,551 INFO L272 TraceCheckUtils]: 71: Hoare triple {2499#false} call #t~ret12#1 := getEmailTo(~msg#1); {2499#false} is VALID [2022-02-20 17:55:22,551 INFO L290 TraceCheckUtils]: 72: Hoare triple {2499#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2499#false} is VALID [2022-02-20 17:55:22,552 INFO L290 TraceCheckUtils]: 73: Hoare triple {2499#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {2499#false} is VALID [2022-02-20 17:55:22,552 INFO L290 TraceCheckUtils]: 74: Hoare triple {2499#false} assume true; {2499#false} is VALID [2022-02-20 17:55:22,552 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {2499#false} {2499#false} #1043#return; {2499#false} is VALID [2022-02-20 17:55:22,553 INFO L290 TraceCheckUtils]: 76: Hoare triple {2499#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {2499#false} is VALID [2022-02-20 17:55:22,553 INFO L290 TraceCheckUtils]: 77: Hoare triple {2499#false} assume 1 == findPublicKey_~handle#1; {2499#false} is VALID [2022-02-20 17:55:22,553 INFO L290 TraceCheckUtils]: 78: Hoare triple {2499#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {2499#false} is VALID [2022-02-20 17:55:22,553 INFO L290 TraceCheckUtils]: 79: Hoare triple {2499#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {2499#false} is VALID [2022-02-20 17:55:22,553 INFO L290 TraceCheckUtils]: 80: Hoare triple {2499#false} assume !(0 != ~pubkey~0#1); {2499#false} is VALID [2022-02-20 17:55:22,553 INFO L290 TraceCheckUtils]: 81: Hoare triple {2499#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2499#false} is VALID [2022-02-20 17:55:22,554 INFO L290 TraceCheckUtils]: 82: Hoare triple {2499#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2499#false} is VALID [2022-02-20 17:55:22,554 INFO L290 TraceCheckUtils]: 83: Hoare triple {2499#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {2499#false} is VALID [2022-02-20 17:55:22,554 INFO L272 TraceCheckUtils]: 84: Hoare triple {2499#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {2499#false} is VALID [2022-02-20 17:55:22,554 INFO L290 TraceCheckUtils]: 85: Hoare triple {2499#false} ~handle := #in~handle;~value := #in~value; {2499#false} is VALID [2022-02-20 17:55:22,554 INFO L290 TraceCheckUtils]: 86: Hoare triple {2499#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2499#false} is VALID [2022-02-20 17:55:22,554 INFO L290 TraceCheckUtils]: 87: Hoare triple {2499#false} assume true; {2499#false} is VALID [2022-02-20 17:55:22,555 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2499#false} {2499#false} #1049#return; {2499#false} is VALID [2022-02-20 17:55:22,555 INFO L290 TraceCheckUtils]: 89: Hoare triple {2499#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {2499#false} is VALID [2022-02-20 17:55:22,555 INFO L290 TraceCheckUtils]: 90: Hoare triple {2499#false} assume !(-1 == ~mail_is_sensitive~0); {2499#false} is VALID [2022-02-20 17:55:22,555 INFO L272 TraceCheckUtils]: 91: Hoare triple {2499#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {2499#false} is VALID [2022-02-20 17:55:22,555 INFO L290 TraceCheckUtils]: 92: Hoare triple {2499#false} ~handle := #in~handle;havoc ~retValue_acc~39; {2499#false} is VALID [2022-02-20 17:55:22,555 INFO L290 TraceCheckUtils]: 93: Hoare triple {2499#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {2499#false} is VALID [2022-02-20 17:55:22,556 INFO L290 TraceCheckUtils]: 94: Hoare triple {2499#false} assume true; {2499#false} is VALID [2022-02-20 17:55:22,556 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {2499#false} {2499#false} #1053#return; {2499#false} is VALID [2022-02-20 17:55:22,556 INFO L290 TraceCheckUtils]: 96: Hoare triple {2499#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {2499#false} is VALID [2022-02-20 17:55:22,556 INFO L290 TraceCheckUtils]: 97: Hoare triple {2499#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {2499#false} is VALID [2022-02-20 17:55:22,556 INFO L290 TraceCheckUtils]: 98: Hoare triple {2499#false} assume !false; {2499#false} is VALID [2022-02-20 17:55:22,557 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:22,557 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:22,557 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1655744392] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:22,558 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:22,558 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:55:22,558 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [822265768] [2022-02-20 17:55:22,558 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:22,559 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2022-02-20 17:55:22,561 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:22,562 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:22,626 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:22,626 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:22,626 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:22,627 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:22,627 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:22,627 INFO L87 Difference]: Start difference. First operand 335 states and 516 transitions. Second operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:23,134 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:23,134 INFO L93 Difference]: Finished difference Result 486 states and 732 transitions. [2022-02-20 17:55:23,134 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:23,135 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2022-02-20 17:55:23,135 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:23,135 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:23,146 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 732 transitions. [2022-02-20 17:55:23,146 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:23,157 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 732 transitions. [2022-02-20 17:55:23,157 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 732 transitions. [2022-02-20 17:55:23,697 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 732 edges. 732 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:23,710 INFO L225 Difference]: With dead ends: 486 [2022-02-20 17:55:23,710 INFO L226 Difference]: Without dead ends: 338 [2022-02-20 17:55:23,711 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 126 GetRequests, 118 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:23,712 INFO L933 BasicCegarLoop]: 514 mSDtfsCounter, 1 mSDsluCounter, 512 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1026 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:23,713 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1026 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:23,714 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 338 states. [2022-02-20 17:55:23,724 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 338 to 337. [2022-02-20 17:55:23,724 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:23,725 INFO L82 GeneralOperation]: Start isEquivalent. First operand 338 states. Second operand has 337 states, 263 states have (on average 1.5779467680608366) internal successors, (415), 267 states have internal predecessors, (415), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) [2022-02-20 17:55:23,726 INFO L74 IsIncluded]: Start isIncluded. First operand 338 states. Second operand has 337 states, 263 states have (on average 1.5779467680608366) internal successors, (415), 267 states have internal predecessors, (415), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) [2022-02-20 17:55:23,727 INFO L87 Difference]: Start difference. First operand 338 states. Second operand has 337 states, 263 states have (on average 1.5779467680608366) internal successors, (415), 267 states have internal predecessors, (415), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) [2022-02-20 17:55:23,743 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:23,743 INFO L93 Difference]: Finished difference Result 338 states and 519 transitions. [2022-02-20 17:55:23,743 INFO L276 IsEmpty]: Start isEmpty. Operand 338 states and 519 transitions. [2022-02-20 17:55:23,745 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:23,745 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:23,746 INFO L74 IsIncluded]: Start isIncluded. First operand has 337 states, 263 states have (on average 1.5779467680608366) internal successors, (415), 267 states have internal predecessors, (415), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) Second operand 338 states. [2022-02-20 17:55:23,747 INFO L87 Difference]: Start difference. First operand has 337 states, 263 states have (on average 1.5779467680608366) internal successors, (415), 267 states have internal predecessors, (415), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) Second operand 338 states. [2022-02-20 17:55:23,763 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:23,763 INFO L93 Difference]: Finished difference Result 338 states and 519 transitions. [2022-02-20 17:55:23,764 INFO L276 IsEmpty]: Start isEmpty. Operand 338 states and 519 transitions. [2022-02-20 17:55:23,765 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:23,765 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:23,765 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:23,765 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:23,766 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 337 states, 263 states have (on average 1.5779467680608366) internal successors, (415), 267 states have internal predecessors, (415), 52 states have call successors, (52), 21 states have call predecessors, (52), 21 states have return successors, (51), 50 states have call predecessors, (51), 51 states have call successors, (51) [2022-02-20 17:55:23,783 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 337 states to 337 states and 518 transitions. [2022-02-20 17:55:23,784 INFO L78 Accepts]: Start accepts. Automaton has 337 states and 518 transitions. Word has length 99 [2022-02-20 17:55:23,784 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:23,784 INFO L470 AbstractCegarLoop]: Abstraction has 337 states and 518 transitions. [2022-02-20 17:55:23,784 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:23,784 INFO L276 IsEmpty]: Start isEmpty. Operand 337 states and 518 transitions. [2022-02-20 17:55:23,786 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 106 [2022-02-20 17:55:23,786 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:23,786 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:23,812 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:24,010 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:55:24,010 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:24,011 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:24,011 INFO L85 PathProgramCache]: Analyzing trace with hash 932096872, now seen corresponding path program 1 times [2022-02-20 17:55:24,011 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:24,011 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1068125316] [2022-02-20 17:55:24,011 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:24,011 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:24,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:24,096 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,099 INFO L290 TraceCheckUtils]: 0: Hoare triple {4699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,099 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,099 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,100 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4648#true} #1079#return; {4648#true} is VALID [2022-02-20 17:55:24,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:24,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {4700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,113 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,113 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4648#true} #1081#return; {4648#true} is VALID [2022-02-20 17:55:24,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:24,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,128 INFO L290 TraceCheckUtils]: 0: Hoare triple {4699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4701#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:24,129 INFO L290 TraceCheckUtils]: 1: Hoare triple {4701#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4702#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:24,129 INFO L290 TraceCheckUtils]: 2: Hoare triple {4702#(= |setClientId_#in~handle| 1)} assume true; {4702#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:24,130 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4702#(= |setClientId_#in~handle| 1)} {4658#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1083#return; {4649#false} is VALID [2022-02-20 17:55:24,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:24,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {4700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,134 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,134 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,134 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4649#false} #1085#return; {4649#false} is VALID [2022-02-20 17:55:24,134 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:24,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,139 INFO L290 TraceCheckUtils]: 0: Hoare triple {4699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,139 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,139 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,139 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4649#false} #1087#return; {4649#false} is VALID [2022-02-20 17:55:24,139 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:24,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {4700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,144 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4649#false} #1089#return; {4649#false} is VALID [2022-02-20 17:55:24,151 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 17:55:24,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,157 INFO L290 TraceCheckUtils]: 0: Hoare triple {4703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,157 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,157 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,157 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4649#false} #1065#return; {4649#false} is VALID [2022-02-20 17:55:24,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:55:24,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {4704#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,167 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,168 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4649#false} #1067#return; {4649#false} is VALID [2022-02-20 17:55:24,168 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:55:24,169 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,170 INFO L290 TraceCheckUtils]: 0: Hoare triple {4648#true} ~handle := #in~handle;havoc ~retValue_acc~3; {4648#true} is VALID [2022-02-20 17:55:24,171 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {4648#true} is VALID [2022-02-20 17:55:24,171 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,171 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4649#false} #1025#return; {4649#false} is VALID [2022-02-20 17:55:24,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:55:24,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,174 INFO L290 TraceCheckUtils]: 0: Hoare triple {4648#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4648#true} is VALID [2022-02-20 17:55:24,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {4648#true} is VALID [2022-02-20 17:55:24,174 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,175 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4649#false} #1043#return; {4649#false} is VALID [2022-02-20 17:55:24,175 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:55:24,176 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,177 INFO L290 TraceCheckUtils]: 0: Hoare triple {4703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,178 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,178 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,178 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4649#false} #1049#return; {4649#false} is VALID [2022-02-20 17:55:24,178 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:55:24,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,183 INFO L290 TraceCheckUtils]: 0: Hoare triple {4648#true} ~handle := #in~handle;havoc ~retValue_acc~39; {4648#true} is VALID [2022-02-20 17:55:24,183 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {4648#true} is VALID [2022-02-20 17:55:24,183 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,183 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4648#true} {4649#false} #1053#return; {4649#false} is VALID [2022-02-20 17:55:24,183 INFO L290 TraceCheckUtils]: 0: Hoare triple {4648#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {4648#true} is VALID [2022-02-20 17:55:24,183 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {4648#true} is VALID [2022-02-20 17:55:24,184 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4648#true} is VALID [2022-02-20 17:55:24,184 INFO L290 TraceCheckUtils]: 3: Hoare triple {4648#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {4648#true} is VALID [2022-02-20 17:55:24,184 INFO L290 TraceCheckUtils]: 4: Hoare triple {4648#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {4648#true} is VALID [2022-02-20 17:55:24,184 INFO L290 TraceCheckUtils]: 5: Hoare triple {4648#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4648#true} is VALID [2022-02-20 17:55:24,185 INFO L272 TraceCheckUtils]: 6: Hoare triple {4648#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:24,185 INFO L290 TraceCheckUtils]: 7: Hoare triple {4699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,185 INFO L290 TraceCheckUtils]: 8: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,185 INFO L290 TraceCheckUtils]: 9: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,185 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4648#true} {4648#true} #1079#return; {4648#true} is VALID [2022-02-20 17:55:24,185 INFO L290 TraceCheckUtils]: 11: Hoare triple {4648#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4648#true} is VALID [2022-02-20 17:55:24,186 INFO L272 TraceCheckUtils]: 12: Hoare triple {4648#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:24,186 INFO L290 TraceCheckUtils]: 13: Hoare triple {4700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,186 INFO L290 TraceCheckUtils]: 14: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,187 INFO L290 TraceCheckUtils]: 15: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,187 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4648#true} {4648#true} #1081#return; {4648#true} is VALID [2022-02-20 17:55:24,187 INFO L290 TraceCheckUtils]: 17: Hoare triple {4648#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4658#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:24,188 INFO L272 TraceCheckUtils]: 18: Hoare triple {4658#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:24,188 INFO L290 TraceCheckUtils]: 19: Hoare triple {4699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4701#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:24,189 INFO L290 TraceCheckUtils]: 20: Hoare triple {4701#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4702#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:24,189 INFO L290 TraceCheckUtils]: 21: Hoare triple {4702#(= |setClientId_#in~handle| 1)} assume true; {4702#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:24,189 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4702#(= |setClientId_#in~handle| 1)} {4658#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1083#return; {4649#false} is VALID [2022-02-20 17:55:24,190 INFO L290 TraceCheckUtils]: 23: Hoare triple {4649#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4649#false} is VALID [2022-02-20 17:55:24,190 INFO L272 TraceCheckUtils]: 24: Hoare triple {4649#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:24,190 INFO L290 TraceCheckUtils]: 25: Hoare triple {4700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,190 INFO L290 TraceCheckUtils]: 26: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,190 INFO L290 TraceCheckUtils]: 27: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,190 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4648#true} {4649#false} #1085#return; {4649#false} is VALID [2022-02-20 17:55:24,190 INFO L290 TraceCheckUtils]: 29: Hoare triple {4649#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4649#false} is VALID [2022-02-20 17:55:24,191 INFO L272 TraceCheckUtils]: 30: Hoare triple {4649#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:24,191 INFO L290 TraceCheckUtils]: 31: Hoare triple {4699#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,191 INFO L290 TraceCheckUtils]: 32: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,191 INFO L290 TraceCheckUtils]: 33: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,191 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4648#true} {4649#false} #1087#return; {4649#false} is VALID [2022-02-20 17:55:24,191 INFO L290 TraceCheckUtils]: 35: Hoare triple {4649#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4649#false} is VALID [2022-02-20 17:55:24,191 INFO L272 TraceCheckUtils]: 36: Hoare triple {4649#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:24,192 INFO L290 TraceCheckUtils]: 37: Hoare triple {4700#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,192 INFO L290 TraceCheckUtils]: 38: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,192 INFO L290 TraceCheckUtils]: 39: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,192 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4648#true} {4649#false} #1089#return; {4649#false} is VALID [2022-02-20 17:55:24,192 INFO L290 TraceCheckUtils]: 41: Hoare triple {4649#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {4649#false} is VALID [2022-02-20 17:55:24,192 INFO L290 TraceCheckUtils]: 42: Hoare triple {4649#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4649#false} is VALID [2022-02-20 17:55:24,192 INFO L290 TraceCheckUtils]: 43: Hoare triple {4649#false} assume !false; {4649#false} is VALID [2022-02-20 17:55:24,193 INFO L290 TraceCheckUtils]: 44: Hoare triple {4649#false} assume test_~splverifierCounter~0#1 < 4; {4649#false} is VALID [2022-02-20 17:55:24,193 INFO L290 TraceCheckUtils]: 45: Hoare triple {4649#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4649#false} is VALID [2022-02-20 17:55:24,193 INFO L290 TraceCheckUtils]: 46: Hoare triple {4649#false} assume !(0 == test_~op1~0#1); {4649#false} is VALID [2022-02-20 17:55:24,193 INFO L290 TraceCheckUtils]: 47: Hoare triple {4649#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {4649#false} is VALID [2022-02-20 17:55:24,193 INFO L290 TraceCheckUtils]: 48: Hoare triple {4649#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4649#false} is VALID [2022-02-20 17:55:24,193 INFO L290 TraceCheckUtils]: 49: Hoare triple {4649#false} assume !false; {4649#false} is VALID [2022-02-20 17:55:24,194 INFO L290 TraceCheckUtils]: 50: Hoare triple {4649#false} assume !(test_~splverifierCounter~0#1 < 4); {4649#false} is VALID [2022-02-20 17:55:24,194 INFO L290 TraceCheckUtils]: 51: Hoare triple {4649#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {4649#false} is VALID [2022-02-20 17:55:24,194 INFO L272 TraceCheckUtils]: 52: Hoare triple {4649#false} call sendEmail(~bob~0, ~rjh~0); {4649#false} is VALID [2022-02-20 17:55:24,194 INFO L290 TraceCheckUtils]: 53: Hoare triple {4649#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4649#false} is VALID [2022-02-20 17:55:24,194 INFO L272 TraceCheckUtils]: 54: Hoare triple {4649#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:24,194 INFO L290 TraceCheckUtils]: 55: Hoare triple {4703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,194 INFO L290 TraceCheckUtils]: 56: Hoare triple {4648#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,195 INFO L290 TraceCheckUtils]: 57: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,195 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4648#true} {4649#false} #1065#return; {4649#false} is VALID [2022-02-20 17:55:24,195 INFO L272 TraceCheckUtils]: 59: Hoare triple {4649#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4704#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:24,195 INFO L290 TraceCheckUtils]: 60: Hoare triple {4704#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,195 INFO L290 TraceCheckUtils]: 61: Hoare triple {4648#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,195 INFO L290 TraceCheckUtils]: 62: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,195 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {4648#true} {4649#false} #1067#return; {4649#false} is VALID [2022-02-20 17:55:24,196 INFO L290 TraceCheckUtils]: 64: Hoare triple {4649#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {4649#false} is VALID [2022-02-20 17:55:24,196 INFO L290 TraceCheckUtils]: 65: Hoare triple {4649#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {4649#false} is VALID [2022-02-20 17:55:24,196 INFO L272 TraceCheckUtils]: 66: Hoare triple {4649#false} call outgoing(~sender#1, ~email~0#1); {4649#false} is VALID [2022-02-20 17:55:24,196 INFO L290 TraceCheckUtils]: 67: Hoare triple {4649#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {4649#false} is VALID [2022-02-20 17:55:24,196 INFO L272 TraceCheckUtils]: 68: Hoare triple {4649#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {4648#true} is VALID [2022-02-20 17:55:24,196 INFO L290 TraceCheckUtils]: 69: Hoare triple {4648#true} ~handle := #in~handle;havoc ~retValue_acc~3; {4648#true} is VALID [2022-02-20 17:55:24,196 INFO L290 TraceCheckUtils]: 70: Hoare triple {4648#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {4648#true} is VALID [2022-02-20 17:55:24,197 INFO L290 TraceCheckUtils]: 71: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,197 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {4648#true} {4649#false} #1025#return; {4649#false} is VALID [2022-02-20 17:55:24,197 INFO L290 TraceCheckUtils]: 73: Hoare triple {4649#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {4649#false} is VALID [2022-02-20 17:55:24,197 INFO L290 TraceCheckUtils]: 74: Hoare triple {4649#false} assume !(0 != ~size~2#1); {4649#false} is VALID [2022-02-20 17:55:24,197 INFO L272 TraceCheckUtils]: 75: Hoare triple {4649#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {4649#false} is VALID [2022-02-20 17:55:24,197 INFO L290 TraceCheckUtils]: 76: Hoare triple {4649#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {4649#false} is VALID [2022-02-20 17:55:24,197 INFO L272 TraceCheckUtils]: 77: Hoare triple {4649#false} call #t~ret12#1 := getEmailTo(~msg#1); {4648#true} is VALID [2022-02-20 17:55:24,198 INFO L290 TraceCheckUtils]: 78: Hoare triple {4648#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4648#true} is VALID [2022-02-20 17:55:24,198 INFO L290 TraceCheckUtils]: 79: Hoare triple {4648#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {4648#true} is VALID [2022-02-20 17:55:24,198 INFO L290 TraceCheckUtils]: 80: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,198 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {4648#true} {4649#false} #1043#return; {4649#false} is VALID [2022-02-20 17:55:24,198 INFO L290 TraceCheckUtils]: 82: Hoare triple {4649#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {4649#false} is VALID [2022-02-20 17:55:24,198 INFO L290 TraceCheckUtils]: 83: Hoare triple {4649#false} assume 1 == findPublicKey_~handle#1; {4649#false} is VALID [2022-02-20 17:55:24,198 INFO L290 TraceCheckUtils]: 84: Hoare triple {4649#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {4649#false} is VALID [2022-02-20 17:55:24,198 INFO L290 TraceCheckUtils]: 85: Hoare triple {4649#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {4649#false} is VALID [2022-02-20 17:55:24,199 INFO L290 TraceCheckUtils]: 86: Hoare triple {4649#false} assume !(0 != ~pubkey~0#1); {4649#false} is VALID [2022-02-20 17:55:24,199 INFO L290 TraceCheckUtils]: 87: Hoare triple {4649#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {4649#false} is VALID [2022-02-20 17:55:24,199 INFO L290 TraceCheckUtils]: 88: Hoare triple {4649#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {4649#false} is VALID [2022-02-20 17:55:24,199 INFO L290 TraceCheckUtils]: 89: Hoare triple {4649#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {4649#false} is VALID [2022-02-20 17:55:24,199 INFO L272 TraceCheckUtils]: 90: Hoare triple {4649#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {4703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:24,199 INFO L290 TraceCheckUtils]: 91: Hoare triple {4703#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,200 INFO L290 TraceCheckUtils]: 92: Hoare triple {4648#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,200 INFO L290 TraceCheckUtils]: 93: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,200 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {4648#true} {4649#false} #1049#return; {4649#false} is VALID [2022-02-20 17:55:24,200 INFO L290 TraceCheckUtils]: 95: Hoare triple {4649#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {4649#false} is VALID [2022-02-20 17:55:24,200 INFO L290 TraceCheckUtils]: 96: Hoare triple {4649#false} assume !(-1 == ~mail_is_sensitive~0); {4649#false} is VALID [2022-02-20 17:55:24,200 INFO L272 TraceCheckUtils]: 97: Hoare triple {4649#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {4648#true} is VALID [2022-02-20 17:55:24,200 INFO L290 TraceCheckUtils]: 98: Hoare triple {4648#true} ~handle := #in~handle;havoc ~retValue_acc~39; {4648#true} is VALID [2022-02-20 17:55:24,201 INFO L290 TraceCheckUtils]: 99: Hoare triple {4648#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {4648#true} is VALID [2022-02-20 17:55:24,201 INFO L290 TraceCheckUtils]: 100: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,201 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {4648#true} {4649#false} #1053#return; {4649#false} is VALID [2022-02-20 17:55:24,201 INFO L290 TraceCheckUtils]: 102: Hoare triple {4649#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {4649#false} is VALID [2022-02-20 17:55:24,201 INFO L290 TraceCheckUtils]: 103: Hoare triple {4649#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {4649#false} is VALID [2022-02-20 17:55:24,201 INFO L290 TraceCheckUtils]: 104: Hoare triple {4649#false} assume !false; {4649#false} is VALID [2022-02-20 17:55:24,202 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:24,202 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:24,202 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1068125316] [2022-02-20 17:55:24,202 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1068125316] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:24,202 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2081559368] [2022-02-20 17:55:24,203 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:24,203 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:24,203 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:24,204 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:24,219 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:55:24,438 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,441 INFO L263 TraceCheckSpWp]: Trace formula consists of 1001 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:55:24,484 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:24,486 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:24,708 INFO L290 TraceCheckUtils]: 0: Hoare triple {4648#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {4648#true} is VALID [2022-02-20 17:55:24,708 INFO L290 TraceCheckUtils]: 1: Hoare triple {4648#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {4648#true} is VALID [2022-02-20 17:55:24,708 INFO L290 TraceCheckUtils]: 2: Hoare triple {4648#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4648#true} is VALID [2022-02-20 17:55:24,708 INFO L290 TraceCheckUtils]: 3: Hoare triple {4648#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {4648#true} is VALID [2022-02-20 17:55:24,708 INFO L290 TraceCheckUtils]: 4: Hoare triple {4648#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {4648#true} is VALID [2022-02-20 17:55:24,709 INFO L290 TraceCheckUtils]: 5: Hoare triple {4648#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4648#true} is VALID [2022-02-20 17:55:24,709 INFO L272 TraceCheckUtils]: 6: Hoare triple {4648#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4648#true} is VALID [2022-02-20 17:55:24,709 INFO L290 TraceCheckUtils]: 7: Hoare triple {4648#true} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,709 INFO L290 TraceCheckUtils]: 8: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,709 INFO L290 TraceCheckUtils]: 9: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,709 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4648#true} {4648#true} #1079#return; {4648#true} is VALID [2022-02-20 17:55:24,710 INFO L290 TraceCheckUtils]: 11: Hoare triple {4648#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4648#true} is VALID [2022-02-20 17:55:24,710 INFO L272 TraceCheckUtils]: 12: Hoare triple {4648#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4648#true} is VALID [2022-02-20 17:55:24,710 INFO L290 TraceCheckUtils]: 13: Hoare triple {4648#true} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,710 INFO L290 TraceCheckUtils]: 14: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,710 INFO L290 TraceCheckUtils]: 15: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,710 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4648#true} {4648#true} #1081#return; {4648#true} is VALID [2022-02-20 17:55:24,710 INFO L290 TraceCheckUtils]: 17: Hoare triple {4648#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4648#true} is VALID [2022-02-20 17:55:24,711 INFO L272 TraceCheckUtils]: 18: Hoare triple {4648#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4648#true} is VALID [2022-02-20 17:55:24,711 INFO L290 TraceCheckUtils]: 19: Hoare triple {4648#true} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,711 INFO L290 TraceCheckUtils]: 20: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,711 INFO L290 TraceCheckUtils]: 21: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,711 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4648#true} {4648#true} #1083#return; {4648#true} is VALID [2022-02-20 17:55:24,711 INFO L290 TraceCheckUtils]: 23: Hoare triple {4648#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4648#true} is VALID [2022-02-20 17:55:24,711 INFO L272 TraceCheckUtils]: 24: Hoare triple {4648#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4648#true} is VALID [2022-02-20 17:55:24,712 INFO L290 TraceCheckUtils]: 25: Hoare triple {4648#true} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,712 INFO L290 TraceCheckUtils]: 26: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,712 INFO L290 TraceCheckUtils]: 27: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,712 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4648#true} {4648#true} #1085#return; {4648#true} is VALID [2022-02-20 17:55:24,712 INFO L290 TraceCheckUtils]: 29: Hoare triple {4648#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4648#true} is VALID [2022-02-20 17:55:24,712 INFO L272 TraceCheckUtils]: 30: Hoare triple {4648#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4648#true} is VALID [2022-02-20 17:55:24,712 INFO L290 TraceCheckUtils]: 31: Hoare triple {4648#true} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,713 INFO L290 TraceCheckUtils]: 32: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,713 INFO L290 TraceCheckUtils]: 33: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,713 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4648#true} {4648#true} #1087#return; {4648#true} is VALID [2022-02-20 17:55:24,713 INFO L290 TraceCheckUtils]: 35: Hoare triple {4648#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4648#true} is VALID [2022-02-20 17:55:24,713 INFO L272 TraceCheckUtils]: 36: Hoare triple {4648#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4648#true} is VALID [2022-02-20 17:55:24,713 INFO L290 TraceCheckUtils]: 37: Hoare triple {4648#true} ~handle := #in~handle;~value := #in~value; {4648#true} is VALID [2022-02-20 17:55:24,713 INFO L290 TraceCheckUtils]: 38: Hoare triple {4648#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4648#true} is VALID [2022-02-20 17:55:24,714 INFO L290 TraceCheckUtils]: 39: Hoare triple {4648#true} assume true; {4648#true} is VALID [2022-02-20 17:55:24,714 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4648#true} {4648#true} #1089#return; {4648#true} is VALID [2022-02-20 17:55:24,714 INFO L290 TraceCheckUtils]: 41: Hoare triple {4648#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {4648#true} is VALID [2022-02-20 17:55:24,715 INFO L290 TraceCheckUtils]: 42: Hoare triple {4648#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4834#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:24,715 INFO L290 TraceCheckUtils]: 43: Hoare triple {4834#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {4834#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:24,715 INFO L290 TraceCheckUtils]: 44: Hoare triple {4834#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {4834#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:24,716 INFO L290 TraceCheckUtils]: 45: Hoare triple {4834#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4834#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:24,717 INFO L290 TraceCheckUtils]: 46: Hoare triple {4834#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4649#false} is VALID [2022-02-20 17:55:24,717 INFO L290 TraceCheckUtils]: 47: Hoare triple {4649#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {4649#false} is VALID [2022-02-20 17:55:24,717 INFO L290 TraceCheckUtils]: 48: Hoare triple {4649#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {4649#false} is VALID [2022-02-20 17:55:24,717 INFO L290 TraceCheckUtils]: 49: Hoare triple {4649#false} assume !false; {4649#false} is VALID [2022-02-20 17:55:24,717 INFO L290 TraceCheckUtils]: 50: Hoare triple {4649#false} assume !(test_~splverifierCounter~0#1 < 4); {4649#false} is VALID [2022-02-20 17:55:24,718 INFO L290 TraceCheckUtils]: 51: Hoare triple {4649#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {4649#false} is VALID [2022-02-20 17:55:24,718 INFO L272 TraceCheckUtils]: 52: Hoare triple {4649#false} call sendEmail(~bob~0, ~rjh~0); {4649#false} is VALID [2022-02-20 17:55:24,718 INFO L290 TraceCheckUtils]: 53: Hoare triple {4649#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4649#false} is VALID [2022-02-20 17:55:24,718 INFO L272 TraceCheckUtils]: 54: Hoare triple {4649#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4649#false} is VALID [2022-02-20 17:55:24,718 INFO L290 TraceCheckUtils]: 55: Hoare triple {4649#false} ~handle := #in~handle;~value := #in~value; {4649#false} is VALID [2022-02-20 17:55:24,718 INFO L290 TraceCheckUtils]: 56: Hoare triple {4649#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4649#false} is VALID [2022-02-20 17:55:24,718 INFO L290 TraceCheckUtils]: 57: Hoare triple {4649#false} assume true; {4649#false} is VALID [2022-02-20 17:55:24,719 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {4649#false} {4649#false} #1065#return; {4649#false} is VALID [2022-02-20 17:55:24,719 INFO L272 TraceCheckUtils]: 59: Hoare triple {4649#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4649#false} is VALID [2022-02-20 17:55:24,719 INFO L290 TraceCheckUtils]: 60: Hoare triple {4649#false} ~handle := #in~handle;~value := #in~value; {4649#false} is VALID [2022-02-20 17:55:24,719 INFO L290 TraceCheckUtils]: 61: Hoare triple {4649#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4649#false} is VALID [2022-02-20 17:55:24,719 INFO L290 TraceCheckUtils]: 62: Hoare triple {4649#false} assume true; {4649#false} is VALID [2022-02-20 17:55:24,719 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {4649#false} {4649#false} #1067#return; {4649#false} is VALID [2022-02-20 17:55:24,720 INFO L290 TraceCheckUtils]: 64: Hoare triple {4649#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {4649#false} is VALID [2022-02-20 17:55:24,720 INFO L290 TraceCheckUtils]: 65: Hoare triple {4649#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {4649#false} is VALID [2022-02-20 17:55:24,720 INFO L272 TraceCheckUtils]: 66: Hoare triple {4649#false} call outgoing(~sender#1, ~email~0#1); {4649#false} is VALID [2022-02-20 17:55:24,720 INFO L290 TraceCheckUtils]: 67: Hoare triple {4649#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {4649#false} is VALID [2022-02-20 17:55:24,720 INFO L272 TraceCheckUtils]: 68: Hoare triple {4649#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {4649#false} is VALID [2022-02-20 17:55:24,720 INFO L290 TraceCheckUtils]: 69: Hoare triple {4649#false} ~handle := #in~handle;havoc ~retValue_acc~3; {4649#false} is VALID [2022-02-20 17:55:24,720 INFO L290 TraceCheckUtils]: 70: Hoare triple {4649#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {4649#false} is VALID [2022-02-20 17:55:24,721 INFO L290 TraceCheckUtils]: 71: Hoare triple {4649#false} assume true; {4649#false} is VALID [2022-02-20 17:55:24,721 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {4649#false} {4649#false} #1025#return; {4649#false} is VALID [2022-02-20 17:55:24,721 INFO L290 TraceCheckUtils]: 73: Hoare triple {4649#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {4649#false} is VALID [2022-02-20 17:55:24,721 INFO L290 TraceCheckUtils]: 74: Hoare triple {4649#false} assume !(0 != ~size~2#1); {4649#false} is VALID [2022-02-20 17:55:24,721 INFO L272 TraceCheckUtils]: 75: Hoare triple {4649#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {4649#false} is VALID [2022-02-20 17:55:24,721 INFO L290 TraceCheckUtils]: 76: Hoare triple {4649#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {4649#false} is VALID [2022-02-20 17:55:24,721 INFO L272 TraceCheckUtils]: 77: Hoare triple {4649#false} call #t~ret12#1 := getEmailTo(~msg#1); {4649#false} is VALID [2022-02-20 17:55:24,721 INFO L290 TraceCheckUtils]: 78: Hoare triple {4649#false} ~handle := #in~handle;havoc ~retValue_acc~36; {4649#false} is VALID [2022-02-20 17:55:24,722 INFO L290 TraceCheckUtils]: 79: Hoare triple {4649#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {4649#false} is VALID [2022-02-20 17:55:24,722 INFO L290 TraceCheckUtils]: 80: Hoare triple {4649#false} assume true; {4649#false} is VALID [2022-02-20 17:55:24,722 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {4649#false} {4649#false} #1043#return; {4649#false} is VALID [2022-02-20 17:55:24,722 INFO L290 TraceCheckUtils]: 82: Hoare triple {4649#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {4649#false} is VALID [2022-02-20 17:55:24,722 INFO L290 TraceCheckUtils]: 83: Hoare triple {4649#false} assume 1 == findPublicKey_~handle#1; {4649#false} is VALID [2022-02-20 17:55:24,722 INFO L290 TraceCheckUtils]: 84: Hoare triple {4649#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {4649#false} is VALID [2022-02-20 17:55:24,723 INFO L290 TraceCheckUtils]: 85: Hoare triple {4649#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {4649#false} is VALID [2022-02-20 17:55:24,723 INFO L290 TraceCheckUtils]: 86: Hoare triple {4649#false} assume !(0 != ~pubkey~0#1); {4649#false} is VALID [2022-02-20 17:55:24,723 INFO L290 TraceCheckUtils]: 87: Hoare triple {4649#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {4649#false} is VALID [2022-02-20 17:55:24,723 INFO L290 TraceCheckUtils]: 88: Hoare triple {4649#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {4649#false} is VALID [2022-02-20 17:55:24,723 INFO L290 TraceCheckUtils]: 89: Hoare triple {4649#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {4649#false} is VALID [2022-02-20 17:55:24,723 INFO L272 TraceCheckUtils]: 90: Hoare triple {4649#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {4649#false} is VALID [2022-02-20 17:55:24,724 INFO L290 TraceCheckUtils]: 91: Hoare triple {4649#false} ~handle := #in~handle;~value := #in~value; {4649#false} is VALID [2022-02-20 17:55:24,724 INFO L290 TraceCheckUtils]: 92: Hoare triple {4649#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4649#false} is VALID [2022-02-20 17:55:24,724 INFO L290 TraceCheckUtils]: 93: Hoare triple {4649#false} assume true; {4649#false} is VALID [2022-02-20 17:55:24,724 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {4649#false} {4649#false} #1049#return; {4649#false} is VALID [2022-02-20 17:55:24,724 INFO L290 TraceCheckUtils]: 95: Hoare triple {4649#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {4649#false} is VALID [2022-02-20 17:55:24,724 INFO L290 TraceCheckUtils]: 96: Hoare triple {4649#false} assume !(-1 == ~mail_is_sensitive~0); {4649#false} is VALID [2022-02-20 17:55:24,724 INFO L272 TraceCheckUtils]: 97: Hoare triple {4649#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {4649#false} is VALID [2022-02-20 17:55:24,725 INFO L290 TraceCheckUtils]: 98: Hoare triple {4649#false} ~handle := #in~handle;havoc ~retValue_acc~39; {4649#false} is VALID [2022-02-20 17:55:24,725 INFO L290 TraceCheckUtils]: 99: Hoare triple {4649#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {4649#false} is VALID [2022-02-20 17:55:24,725 INFO L290 TraceCheckUtils]: 100: Hoare triple {4649#false} assume true; {4649#false} is VALID [2022-02-20 17:55:24,725 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {4649#false} {4649#false} #1053#return; {4649#false} is VALID [2022-02-20 17:55:24,725 INFO L290 TraceCheckUtils]: 102: Hoare triple {4649#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {4649#false} is VALID [2022-02-20 17:55:24,725 INFO L290 TraceCheckUtils]: 103: Hoare triple {4649#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {4649#false} is VALID [2022-02-20 17:55:24,725 INFO L290 TraceCheckUtils]: 104: Hoare triple {4649#false} assume !false; {4649#false} is VALID [2022-02-20 17:55:24,726 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:24,726 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:24,726 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2081559368] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:24,726 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:24,726 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:55:24,727 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1703853160] [2022-02-20 17:55:24,727 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:24,727 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 105 [2022-02-20 17:55:24,728 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:24,728 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:24,791 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 90 edges. 90 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:24,792 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:24,792 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:24,792 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:24,792 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:24,793 INFO L87 Difference]: Start difference. First operand 337 states and 518 transitions. Second operand has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:25,259 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:25,259 INFO L93 Difference]: Finished difference Result 717 states and 1120 transitions. [2022-02-20 17:55:25,259 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:25,259 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 105 [2022-02-20 17:55:25,260 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:25,260 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:25,272 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1118 transitions. [2022-02-20 17:55:25,272 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:25,283 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1118 transitions. [2022-02-20 17:55:25,284 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1118 transitions. [2022-02-20 17:55:26,041 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1118 edges. 1118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:26,056 INFO L225 Difference]: With dead ends: 717 [2022-02-20 17:55:26,056 INFO L226 Difference]: Without dead ends: 407 [2022-02-20 17:55:26,057 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 132 GetRequests, 124 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:26,058 INFO L933 BasicCegarLoop]: 534 mSDtfsCounter, 126 mSDsluCounter, 468 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1002 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:26,058 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1002 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:26,059 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 407 states. [2022-02-20 17:55:26,071 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 407 to 399. [2022-02-20 17:55:26,071 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:26,072 INFO L82 GeneralOperation]: Start isEquivalent. First operand 407 states. Second operand has 399 states, 311 states have (on average 1.594855305466238) internal successors, (496), 315 states have internal predecessors, (496), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:55:26,073 INFO L74 IsIncluded]: Start isIncluded. First operand 407 states. Second operand has 399 states, 311 states have (on average 1.594855305466238) internal successors, (496), 315 states have internal predecessors, (496), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:55:26,074 INFO L87 Difference]: Start difference. First operand 407 states. Second operand has 399 states, 311 states have (on average 1.594855305466238) internal successors, (496), 315 states have internal predecessors, (496), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:55:26,088 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:26,088 INFO L93 Difference]: Finished difference Result 407 states and 636 transitions. [2022-02-20 17:55:26,088 INFO L276 IsEmpty]: Start isEmpty. Operand 407 states and 636 transitions. [2022-02-20 17:55:26,089 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:26,089 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:26,090 INFO L74 IsIncluded]: Start isIncluded. First operand has 399 states, 311 states have (on average 1.594855305466238) internal successors, (496), 315 states have internal predecessors, (496), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 407 states. [2022-02-20 17:55:26,091 INFO L87 Difference]: Start difference. First operand has 399 states, 311 states have (on average 1.594855305466238) internal successors, (496), 315 states have internal predecessors, (496), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 407 states. [2022-02-20 17:55:26,105 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:26,105 INFO L93 Difference]: Finished difference Result 407 states and 636 transitions. [2022-02-20 17:55:26,105 INFO L276 IsEmpty]: Start isEmpty. Operand 407 states and 636 transitions. [2022-02-20 17:55:26,107 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:26,107 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:26,107 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:26,107 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:26,108 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 399 states, 311 states have (on average 1.594855305466238) internal successors, (496), 315 states have internal predecessors, (496), 66 states have call successors, (66), 21 states have call predecessors, (66), 21 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:55:26,123 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 399 states to 399 states and 627 transitions. [2022-02-20 17:55:26,123 INFO L78 Accepts]: Start accepts. Automaton has 399 states and 627 transitions. Word has length 105 [2022-02-20 17:55:26,123 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:26,124 INFO L470 AbstractCegarLoop]: Abstraction has 399 states and 627 transitions. [2022-02-20 17:55:26,124 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.0) internal successors, (63), 3 states have internal predecessors, (63), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:26,124 INFO L276 IsEmpty]: Start isEmpty. Operand 399 states and 627 transitions. [2022-02-20 17:55:26,126 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 107 [2022-02-20 17:55:26,126 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:26,126 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:26,152 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:26,339 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:26,339 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:26,340 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:26,340 INFO L85 PathProgramCache]: Analyzing trace with hash -654731446, now seen corresponding path program 1 times [2022-02-20 17:55:26,340 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:26,340 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [672809345] [2022-02-20 17:55:26,340 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:26,340 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:26,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,432 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:26,434 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,440 INFO L290 TraceCheckUtils]: 0: Hoare triple {7419#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,440 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,440 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,440 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7368#true} #1079#return; {7368#true} is VALID [2022-02-20 17:55:26,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:26,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,450 INFO L290 TraceCheckUtils]: 0: Hoare triple {7420#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,450 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,450 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,450 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7368#true} #1081#return; {7368#true} is VALID [2022-02-20 17:55:26,451 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:26,453 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,466 INFO L290 TraceCheckUtils]: 0: Hoare triple {7419#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7421#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:26,466 INFO L290 TraceCheckUtils]: 1: Hoare triple {7421#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7422#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:26,466 INFO L290 TraceCheckUtils]: 2: Hoare triple {7422#(= |setClientId_#in~handle| 1)} assume true; {7422#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:26,467 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7422#(= |setClientId_#in~handle| 1)} {7378#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1083#return; {7369#false} is VALID [2022-02-20 17:55:26,467 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:26,469 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,470 INFO L290 TraceCheckUtils]: 0: Hoare triple {7420#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,471 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,471 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,471 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7369#false} #1085#return; {7369#false} is VALID [2022-02-20 17:55:26,471 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:26,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,475 INFO L290 TraceCheckUtils]: 0: Hoare triple {7419#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,475 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,475 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,475 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7369#false} #1087#return; {7369#false} is VALID [2022-02-20 17:55:26,475 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:26,477 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,479 INFO L290 TraceCheckUtils]: 0: Hoare triple {7420#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,479 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,480 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,480 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7369#false} #1089#return; {7369#false} is VALID [2022-02-20 17:55:26,498 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:55:26,499 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,501 INFO L290 TraceCheckUtils]: 0: Hoare triple {7423#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,501 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,502 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,502 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7369#false} #1065#return; {7369#false} is VALID [2022-02-20 17:55:26,510 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:55:26,511 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,513 INFO L290 TraceCheckUtils]: 0: Hoare triple {7424#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,513 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,514 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,514 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7369#false} #1067#return; {7369#false} is VALID [2022-02-20 17:55:26,514 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:55:26,515 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,516 INFO L290 TraceCheckUtils]: 0: Hoare triple {7368#true} ~handle := #in~handle;havoc ~retValue_acc~3; {7368#true} is VALID [2022-02-20 17:55:26,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {7368#true} is VALID [2022-02-20 17:55:26,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,517 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7369#false} #1025#return; {7369#false} is VALID [2022-02-20 17:55:26,517 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:55:26,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,519 INFO L290 TraceCheckUtils]: 0: Hoare triple {7368#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7368#true} is VALID [2022-02-20 17:55:26,519 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {7368#true} is VALID [2022-02-20 17:55:26,520 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,520 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7369#false} #1043#return; {7369#false} is VALID [2022-02-20 17:55:26,520 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:55:26,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,522 INFO L290 TraceCheckUtils]: 0: Hoare triple {7423#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,523 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,523 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,523 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7369#false} #1049#return; {7369#false} is VALID [2022-02-20 17:55:26,523 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:55:26,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,526 INFO L290 TraceCheckUtils]: 0: Hoare triple {7368#true} ~handle := #in~handle;havoc ~retValue_acc~39; {7368#true} is VALID [2022-02-20 17:55:26,526 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {7368#true} is VALID [2022-02-20 17:55:26,526 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,526 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7368#true} {7369#false} #1053#return; {7369#false} is VALID [2022-02-20 17:55:26,526 INFO L290 TraceCheckUtils]: 0: Hoare triple {7368#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {7368#true} is VALID [2022-02-20 17:55:26,526 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {7368#true} is VALID [2022-02-20 17:55:26,527 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7368#true} is VALID [2022-02-20 17:55:26,527 INFO L290 TraceCheckUtils]: 3: Hoare triple {7368#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {7368#true} is VALID [2022-02-20 17:55:26,527 INFO L290 TraceCheckUtils]: 4: Hoare triple {7368#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {7368#true} is VALID [2022-02-20 17:55:26,527 INFO L290 TraceCheckUtils]: 5: Hoare triple {7368#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7368#true} is VALID [2022-02-20 17:55:26,528 INFO L272 TraceCheckUtils]: 6: Hoare triple {7368#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7419#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:26,528 INFO L290 TraceCheckUtils]: 7: Hoare triple {7419#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,528 INFO L290 TraceCheckUtils]: 8: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,528 INFO L290 TraceCheckUtils]: 9: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,528 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7368#true} {7368#true} #1079#return; {7368#true} is VALID [2022-02-20 17:55:26,528 INFO L290 TraceCheckUtils]: 11: Hoare triple {7368#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7368#true} is VALID [2022-02-20 17:55:26,529 INFO L272 TraceCheckUtils]: 12: Hoare triple {7368#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7420#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:26,529 INFO L290 TraceCheckUtils]: 13: Hoare triple {7420#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,529 INFO L290 TraceCheckUtils]: 14: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,530 INFO L290 TraceCheckUtils]: 15: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,530 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7368#true} {7368#true} #1081#return; {7368#true} is VALID [2022-02-20 17:55:26,530 INFO L290 TraceCheckUtils]: 17: Hoare triple {7368#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7378#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:26,531 INFO L272 TraceCheckUtils]: 18: Hoare triple {7378#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7419#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:26,531 INFO L290 TraceCheckUtils]: 19: Hoare triple {7419#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7421#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:26,532 INFO L290 TraceCheckUtils]: 20: Hoare triple {7421#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7422#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:26,532 INFO L290 TraceCheckUtils]: 21: Hoare triple {7422#(= |setClientId_#in~handle| 1)} assume true; {7422#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:26,533 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7422#(= |setClientId_#in~handle| 1)} {7378#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1083#return; {7369#false} is VALID [2022-02-20 17:55:26,533 INFO L290 TraceCheckUtils]: 23: Hoare triple {7369#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7369#false} is VALID [2022-02-20 17:55:26,533 INFO L272 TraceCheckUtils]: 24: Hoare triple {7369#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7420#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:26,533 INFO L290 TraceCheckUtils]: 25: Hoare triple {7420#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,533 INFO L290 TraceCheckUtils]: 26: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,533 INFO L290 TraceCheckUtils]: 27: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,533 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7368#true} {7369#false} #1085#return; {7369#false} is VALID [2022-02-20 17:55:26,534 INFO L290 TraceCheckUtils]: 29: Hoare triple {7369#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7369#false} is VALID [2022-02-20 17:55:26,534 INFO L272 TraceCheckUtils]: 30: Hoare triple {7369#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7419#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:26,534 INFO L290 TraceCheckUtils]: 31: Hoare triple {7419#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,534 INFO L290 TraceCheckUtils]: 32: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,534 INFO L290 TraceCheckUtils]: 33: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,534 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7368#true} {7369#false} #1087#return; {7369#false} is VALID [2022-02-20 17:55:26,534 INFO L290 TraceCheckUtils]: 35: Hoare triple {7369#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7369#false} is VALID [2022-02-20 17:55:26,535 INFO L272 TraceCheckUtils]: 36: Hoare triple {7369#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7420#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:26,535 INFO L290 TraceCheckUtils]: 37: Hoare triple {7420#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,535 INFO L290 TraceCheckUtils]: 38: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,535 INFO L290 TraceCheckUtils]: 39: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,535 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7368#true} {7369#false} #1089#return; {7369#false} is VALID [2022-02-20 17:55:26,535 INFO L290 TraceCheckUtils]: 41: Hoare triple {7369#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {7369#false} is VALID [2022-02-20 17:55:26,535 INFO L290 TraceCheckUtils]: 42: Hoare triple {7369#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7369#false} is VALID [2022-02-20 17:55:26,536 INFO L290 TraceCheckUtils]: 43: Hoare triple {7369#false} assume !false; {7369#false} is VALID [2022-02-20 17:55:26,536 INFO L290 TraceCheckUtils]: 44: Hoare triple {7369#false} assume test_~splverifierCounter~0#1 < 4; {7369#false} is VALID [2022-02-20 17:55:26,536 INFO L290 TraceCheckUtils]: 45: Hoare triple {7369#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7369#false} is VALID [2022-02-20 17:55:26,536 INFO L290 TraceCheckUtils]: 46: Hoare triple {7369#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {7369#false} is VALID [2022-02-20 17:55:26,536 INFO L290 TraceCheckUtils]: 47: Hoare triple {7369#false} assume !(0 != test_~tmp___9~0#1); {7369#false} is VALID [2022-02-20 17:55:26,536 INFO L290 TraceCheckUtils]: 48: Hoare triple {7369#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {7369#false} is VALID [2022-02-20 17:55:26,536 INFO L290 TraceCheckUtils]: 49: Hoare triple {7369#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7369#false} is VALID [2022-02-20 17:55:26,536 INFO L290 TraceCheckUtils]: 50: Hoare triple {7369#false} assume !false; {7369#false} is VALID [2022-02-20 17:55:26,537 INFO L290 TraceCheckUtils]: 51: Hoare triple {7369#false} assume !(test_~splverifierCounter~0#1 < 4); {7369#false} is VALID [2022-02-20 17:55:26,537 INFO L290 TraceCheckUtils]: 52: Hoare triple {7369#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {7369#false} is VALID [2022-02-20 17:55:26,537 INFO L272 TraceCheckUtils]: 53: Hoare triple {7369#false} call sendEmail(~bob~0, ~rjh~0); {7369#false} is VALID [2022-02-20 17:55:26,537 INFO L290 TraceCheckUtils]: 54: Hoare triple {7369#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7369#false} is VALID [2022-02-20 17:55:26,537 INFO L272 TraceCheckUtils]: 55: Hoare triple {7369#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7423#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:26,537 INFO L290 TraceCheckUtils]: 56: Hoare triple {7423#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,537 INFO L290 TraceCheckUtils]: 57: Hoare triple {7368#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,538 INFO L290 TraceCheckUtils]: 58: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,538 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {7368#true} {7369#false} #1065#return; {7369#false} is VALID [2022-02-20 17:55:26,538 INFO L272 TraceCheckUtils]: 60: Hoare triple {7369#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7424#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:26,538 INFO L290 TraceCheckUtils]: 61: Hoare triple {7424#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,538 INFO L290 TraceCheckUtils]: 62: Hoare triple {7368#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,538 INFO L290 TraceCheckUtils]: 63: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,538 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {7368#true} {7369#false} #1067#return; {7369#false} is VALID [2022-02-20 17:55:26,539 INFO L290 TraceCheckUtils]: 65: Hoare triple {7369#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {7369#false} is VALID [2022-02-20 17:55:26,539 INFO L290 TraceCheckUtils]: 66: Hoare triple {7369#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {7369#false} is VALID [2022-02-20 17:55:26,539 INFO L272 TraceCheckUtils]: 67: Hoare triple {7369#false} call outgoing(~sender#1, ~email~0#1); {7369#false} is VALID [2022-02-20 17:55:26,539 INFO L290 TraceCheckUtils]: 68: Hoare triple {7369#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {7369#false} is VALID [2022-02-20 17:55:26,539 INFO L272 TraceCheckUtils]: 69: Hoare triple {7369#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {7368#true} is VALID [2022-02-20 17:55:26,539 INFO L290 TraceCheckUtils]: 70: Hoare triple {7368#true} ~handle := #in~handle;havoc ~retValue_acc~3; {7368#true} is VALID [2022-02-20 17:55:26,539 INFO L290 TraceCheckUtils]: 71: Hoare triple {7368#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {7368#true} is VALID [2022-02-20 17:55:26,539 INFO L290 TraceCheckUtils]: 72: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,540 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {7368#true} {7369#false} #1025#return; {7369#false} is VALID [2022-02-20 17:55:26,540 INFO L290 TraceCheckUtils]: 74: Hoare triple {7369#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {7369#false} is VALID [2022-02-20 17:55:26,540 INFO L290 TraceCheckUtils]: 75: Hoare triple {7369#false} assume !(0 != ~size~2#1); {7369#false} is VALID [2022-02-20 17:55:26,540 INFO L272 TraceCheckUtils]: 76: Hoare triple {7369#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {7369#false} is VALID [2022-02-20 17:55:26,540 INFO L290 TraceCheckUtils]: 77: Hoare triple {7369#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {7369#false} is VALID [2022-02-20 17:55:26,540 INFO L272 TraceCheckUtils]: 78: Hoare triple {7369#false} call #t~ret12#1 := getEmailTo(~msg#1); {7368#true} is VALID [2022-02-20 17:55:26,540 INFO L290 TraceCheckUtils]: 79: Hoare triple {7368#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7368#true} is VALID [2022-02-20 17:55:26,540 INFO L290 TraceCheckUtils]: 80: Hoare triple {7368#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {7368#true} is VALID [2022-02-20 17:55:26,541 INFO L290 TraceCheckUtils]: 81: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,541 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {7368#true} {7369#false} #1043#return; {7369#false} is VALID [2022-02-20 17:55:26,541 INFO L290 TraceCheckUtils]: 83: Hoare triple {7369#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {7369#false} is VALID [2022-02-20 17:55:26,541 INFO L290 TraceCheckUtils]: 84: Hoare triple {7369#false} assume 1 == findPublicKey_~handle#1; {7369#false} is VALID [2022-02-20 17:55:26,541 INFO L290 TraceCheckUtils]: 85: Hoare triple {7369#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {7369#false} is VALID [2022-02-20 17:55:26,541 INFO L290 TraceCheckUtils]: 86: Hoare triple {7369#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {7369#false} is VALID [2022-02-20 17:55:26,541 INFO L290 TraceCheckUtils]: 87: Hoare triple {7369#false} assume !(0 != ~pubkey~0#1); {7369#false} is VALID [2022-02-20 17:55:26,542 INFO L290 TraceCheckUtils]: 88: Hoare triple {7369#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {7369#false} is VALID [2022-02-20 17:55:26,542 INFO L290 TraceCheckUtils]: 89: Hoare triple {7369#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {7369#false} is VALID [2022-02-20 17:55:26,542 INFO L290 TraceCheckUtils]: 90: Hoare triple {7369#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {7369#false} is VALID [2022-02-20 17:55:26,542 INFO L272 TraceCheckUtils]: 91: Hoare triple {7369#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {7423#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:26,542 INFO L290 TraceCheckUtils]: 92: Hoare triple {7423#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:26,542 INFO L290 TraceCheckUtils]: 93: Hoare triple {7368#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:26,542 INFO L290 TraceCheckUtils]: 94: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,542 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {7368#true} {7369#false} #1049#return; {7369#false} is VALID [2022-02-20 17:55:26,543 INFO L290 TraceCheckUtils]: 96: Hoare triple {7369#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {7369#false} is VALID [2022-02-20 17:55:26,543 INFO L290 TraceCheckUtils]: 97: Hoare triple {7369#false} assume !(-1 == ~mail_is_sensitive~0); {7369#false} is VALID [2022-02-20 17:55:26,543 INFO L272 TraceCheckUtils]: 98: Hoare triple {7369#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {7368#true} is VALID [2022-02-20 17:55:26,543 INFO L290 TraceCheckUtils]: 99: Hoare triple {7368#true} ~handle := #in~handle;havoc ~retValue_acc~39; {7368#true} is VALID [2022-02-20 17:55:26,543 INFO L290 TraceCheckUtils]: 100: Hoare triple {7368#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {7368#true} is VALID [2022-02-20 17:55:26,543 INFO L290 TraceCheckUtils]: 101: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:26,543 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {7368#true} {7369#false} #1053#return; {7369#false} is VALID [2022-02-20 17:55:26,544 INFO L290 TraceCheckUtils]: 103: Hoare triple {7369#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {7369#false} is VALID [2022-02-20 17:55:26,544 INFO L290 TraceCheckUtils]: 104: Hoare triple {7369#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {7369#false} is VALID [2022-02-20 17:55:26,544 INFO L290 TraceCheckUtils]: 105: Hoare triple {7369#false} assume !false; {7369#false} is VALID [2022-02-20 17:55:26,544 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:26,544 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:26,545 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [672809345] [2022-02-20 17:55:26,545 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [672809345] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:26,545 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1390560412] [2022-02-20 17:55:26,545 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:26,545 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:26,545 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:26,546 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:26,574 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:55:26,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,792 INFO L263 TraceCheckSpWp]: Trace formula consists of 1008 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:55:26,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:26,842 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:27,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {7368#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {7368#true} is VALID [2022-02-20 17:55:27,134 INFO L290 TraceCheckUtils]: 1: Hoare triple {7368#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {7368#true} is VALID [2022-02-20 17:55:27,134 INFO L290 TraceCheckUtils]: 2: Hoare triple {7368#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7368#true} is VALID [2022-02-20 17:55:27,135 INFO L290 TraceCheckUtils]: 3: Hoare triple {7368#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {7368#true} is VALID [2022-02-20 17:55:27,135 INFO L290 TraceCheckUtils]: 4: Hoare triple {7368#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {7368#true} is VALID [2022-02-20 17:55:27,135 INFO L290 TraceCheckUtils]: 5: Hoare triple {7368#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7368#true} is VALID [2022-02-20 17:55:27,135 INFO L272 TraceCheckUtils]: 6: Hoare triple {7368#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7368#true} is VALID [2022-02-20 17:55:27,135 INFO L290 TraceCheckUtils]: 7: Hoare triple {7368#true} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:27,135 INFO L290 TraceCheckUtils]: 8: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:27,137 INFO L290 TraceCheckUtils]: 9: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:27,137 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7368#true} {7368#true} #1079#return; {7368#true} is VALID [2022-02-20 17:55:27,137 INFO L290 TraceCheckUtils]: 11: Hoare triple {7368#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7368#true} is VALID [2022-02-20 17:55:27,137 INFO L272 TraceCheckUtils]: 12: Hoare triple {7368#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7368#true} is VALID [2022-02-20 17:55:27,137 INFO L290 TraceCheckUtils]: 13: Hoare triple {7368#true} ~handle := #in~handle;~value := #in~value; {7368#true} is VALID [2022-02-20 17:55:27,137 INFO L290 TraceCheckUtils]: 14: Hoare triple {7368#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7368#true} is VALID [2022-02-20 17:55:27,138 INFO L290 TraceCheckUtils]: 15: Hoare triple {7368#true} assume true; {7368#true} is VALID [2022-02-20 17:55:27,138 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7368#true} {7368#true} #1081#return; {7368#true} is VALID [2022-02-20 17:55:27,138 INFO L290 TraceCheckUtils]: 17: Hoare triple {7368#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7479#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:55:27,138 INFO L272 TraceCheckUtils]: 18: Hoare triple {7479#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7368#true} is VALID [2022-02-20 17:55:27,139 INFO L290 TraceCheckUtils]: 19: Hoare triple {7368#true} ~handle := #in~handle;~value := #in~value; {7486#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:55:27,139 INFO L290 TraceCheckUtils]: 20: Hoare triple {7486#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7490#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:27,140 INFO L290 TraceCheckUtils]: 21: Hoare triple {7490#(<= |setClientId_#in~handle| 1)} assume true; {7490#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:27,140 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7490#(<= |setClientId_#in~handle| 1)} {7479#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1083#return; {7369#false} is VALID [2022-02-20 17:55:27,141 INFO L290 TraceCheckUtils]: 23: Hoare triple {7369#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7369#false} is VALID [2022-02-20 17:55:27,141 INFO L272 TraceCheckUtils]: 24: Hoare triple {7369#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7369#false} is VALID [2022-02-20 17:55:27,141 INFO L290 TraceCheckUtils]: 25: Hoare triple {7369#false} ~handle := #in~handle;~value := #in~value; {7369#false} is VALID [2022-02-20 17:55:27,141 INFO L290 TraceCheckUtils]: 26: Hoare triple {7369#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7369#false} is VALID [2022-02-20 17:55:27,141 INFO L290 TraceCheckUtils]: 27: Hoare triple {7369#false} assume true; {7369#false} is VALID [2022-02-20 17:55:27,141 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7369#false} {7369#false} #1085#return; {7369#false} is VALID [2022-02-20 17:55:27,141 INFO L290 TraceCheckUtils]: 29: Hoare triple {7369#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7369#false} is VALID [2022-02-20 17:55:27,142 INFO L272 TraceCheckUtils]: 30: Hoare triple {7369#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7369#false} is VALID [2022-02-20 17:55:27,142 INFO L290 TraceCheckUtils]: 31: Hoare triple {7369#false} ~handle := #in~handle;~value := #in~value; {7369#false} is VALID [2022-02-20 17:55:27,142 INFO L290 TraceCheckUtils]: 32: Hoare triple {7369#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7369#false} is VALID [2022-02-20 17:55:27,142 INFO L290 TraceCheckUtils]: 33: Hoare triple {7369#false} assume true; {7369#false} is VALID [2022-02-20 17:55:27,142 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7369#false} {7369#false} #1087#return; {7369#false} is VALID [2022-02-20 17:55:27,142 INFO L290 TraceCheckUtils]: 35: Hoare triple {7369#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7369#false} is VALID [2022-02-20 17:55:27,142 INFO L272 TraceCheckUtils]: 36: Hoare triple {7369#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7369#false} is VALID [2022-02-20 17:55:27,142 INFO L290 TraceCheckUtils]: 37: Hoare triple {7369#false} ~handle := #in~handle;~value := #in~value; {7369#false} is VALID [2022-02-20 17:55:27,143 INFO L290 TraceCheckUtils]: 38: Hoare triple {7369#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7369#false} is VALID [2022-02-20 17:55:27,143 INFO L290 TraceCheckUtils]: 39: Hoare triple {7369#false} assume true; {7369#false} is VALID [2022-02-20 17:55:27,143 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7369#false} {7369#false} #1089#return; {7369#false} is VALID [2022-02-20 17:55:27,143 INFO L290 TraceCheckUtils]: 41: Hoare triple {7369#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {7369#false} is VALID [2022-02-20 17:55:27,143 INFO L290 TraceCheckUtils]: 42: Hoare triple {7369#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7369#false} is VALID [2022-02-20 17:55:27,143 INFO L290 TraceCheckUtils]: 43: Hoare triple {7369#false} assume !false; {7369#false} is VALID [2022-02-20 17:55:27,143 INFO L290 TraceCheckUtils]: 44: Hoare triple {7369#false} assume test_~splverifierCounter~0#1 < 4; {7369#false} is VALID [2022-02-20 17:55:27,144 INFO L290 TraceCheckUtils]: 45: Hoare triple {7369#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7369#false} is VALID [2022-02-20 17:55:27,144 INFO L290 TraceCheckUtils]: 46: Hoare triple {7369#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {7369#false} is VALID [2022-02-20 17:55:27,144 INFO L290 TraceCheckUtils]: 47: Hoare triple {7369#false} assume !(0 != test_~tmp___9~0#1); {7369#false} is VALID [2022-02-20 17:55:27,144 INFO L290 TraceCheckUtils]: 48: Hoare triple {7369#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {7369#false} is VALID [2022-02-20 17:55:27,144 INFO L290 TraceCheckUtils]: 49: Hoare triple {7369#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {7369#false} is VALID [2022-02-20 17:55:27,144 INFO L290 TraceCheckUtils]: 50: Hoare triple {7369#false} assume !false; {7369#false} is VALID [2022-02-20 17:55:27,144 INFO L290 TraceCheckUtils]: 51: Hoare triple {7369#false} assume !(test_~splverifierCounter~0#1 < 4); {7369#false} is VALID [2022-02-20 17:55:27,145 INFO L290 TraceCheckUtils]: 52: Hoare triple {7369#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {7369#false} is VALID [2022-02-20 17:55:27,145 INFO L272 TraceCheckUtils]: 53: Hoare triple {7369#false} call sendEmail(~bob~0, ~rjh~0); {7369#false} is VALID [2022-02-20 17:55:27,145 INFO L290 TraceCheckUtils]: 54: Hoare triple {7369#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7369#false} is VALID [2022-02-20 17:55:27,145 INFO L272 TraceCheckUtils]: 55: Hoare triple {7369#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7369#false} is VALID [2022-02-20 17:55:27,145 INFO L290 TraceCheckUtils]: 56: Hoare triple {7369#false} ~handle := #in~handle;~value := #in~value; {7369#false} is VALID [2022-02-20 17:55:27,145 INFO L290 TraceCheckUtils]: 57: Hoare triple {7369#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7369#false} is VALID [2022-02-20 17:55:27,145 INFO L290 TraceCheckUtils]: 58: Hoare triple {7369#false} assume true; {7369#false} is VALID [2022-02-20 17:55:27,146 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {7369#false} {7369#false} #1065#return; {7369#false} is VALID [2022-02-20 17:55:27,146 INFO L272 TraceCheckUtils]: 60: Hoare triple {7369#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7369#false} is VALID [2022-02-20 17:55:27,146 INFO L290 TraceCheckUtils]: 61: Hoare triple {7369#false} ~handle := #in~handle;~value := #in~value; {7369#false} is VALID [2022-02-20 17:55:27,146 INFO L290 TraceCheckUtils]: 62: Hoare triple {7369#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7369#false} is VALID [2022-02-20 17:55:27,146 INFO L290 TraceCheckUtils]: 63: Hoare triple {7369#false} assume true; {7369#false} is VALID [2022-02-20 17:55:27,146 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {7369#false} {7369#false} #1067#return; {7369#false} is VALID [2022-02-20 17:55:27,146 INFO L290 TraceCheckUtils]: 65: Hoare triple {7369#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {7369#false} is VALID [2022-02-20 17:55:27,147 INFO L290 TraceCheckUtils]: 66: Hoare triple {7369#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {7369#false} is VALID [2022-02-20 17:55:27,147 INFO L272 TraceCheckUtils]: 67: Hoare triple {7369#false} call outgoing(~sender#1, ~email~0#1); {7369#false} is VALID [2022-02-20 17:55:27,147 INFO L290 TraceCheckUtils]: 68: Hoare triple {7369#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {7369#false} is VALID [2022-02-20 17:55:27,147 INFO L272 TraceCheckUtils]: 69: Hoare triple {7369#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {7369#false} is VALID [2022-02-20 17:55:27,147 INFO L290 TraceCheckUtils]: 70: Hoare triple {7369#false} ~handle := #in~handle;havoc ~retValue_acc~3; {7369#false} is VALID [2022-02-20 17:55:27,147 INFO L290 TraceCheckUtils]: 71: Hoare triple {7369#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {7369#false} is VALID [2022-02-20 17:55:27,147 INFO L290 TraceCheckUtils]: 72: Hoare triple {7369#false} assume true; {7369#false} is VALID [2022-02-20 17:55:27,148 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {7369#false} {7369#false} #1025#return; {7369#false} is VALID [2022-02-20 17:55:27,148 INFO L290 TraceCheckUtils]: 74: Hoare triple {7369#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {7369#false} is VALID [2022-02-20 17:55:27,148 INFO L290 TraceCheckUtils]: 75: Hoare triple {7369#false} assume !(0 != ~size~2#1); {7369#false} is VALID [2022-02-20 17:55:27,148 INFO L272 TraceCheckUtils]: 76: Hoare triple {7369#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {7369#false} is VALID [2022-02-20 17:55:27,148 INFO L290 TraceCheckUtils]: 77: Hoare triple {7369#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {7369#false} is VALID [2022-02-20 17:55:27,148 INFO L272 TraceCheckUtils]: 78: Hoare triple {7369#false} call #t~ret12#1 := getEmailTo(~msg#1); {7369#false} is VALID [2022-02-20 17:55:27,149 INFO L290 TraceCheckUtils]: 79: Hoare triple {7369#false} ~handle := #in~handle;havoc ~retValue_acc~36; {7369#false} is VALID [2022-02-20 17:55:27,149 INFO L290 TraceCheckUtils]: 80: Hoare triple {7369#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {7369#false} is VALID [2022-02-20 17:55:27,149 INFO L290 TraceCheckUtils]: 81: Hoare triple {7369#false} assume true; {7369#false} is VALID [2022-02-20 17:55:27,149 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {7369#false} {7369#false} #1043#return; {7369#false} is VALID [2022-02-20 17:55:27,149 INFO L290 TraceCheckUtils]: 83: Hoare triple {7369#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {7369#false} is VALID [2022-02-20 17:55:27,149 INFO L290 TraceCheckUtils]: 84: Hoare triple {7369#false} assume 1 == findPublicKey_~handle#1; {7369#false} is VALID [2022-02-20 17:55:27,149 INFO L290 TraceCheckUtils]: 85: Hoare triple {7369#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {7369#false} is VALID [2022-02-20 17:55:27,150 INFO L290 TraceCheckUtils]: 86: Hoare triple {7369#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {7369#false} is VALID [2022-02-20 17:55:27,150 INFO L290 TraceCheckUtils]: 87: Hoare triple {7369#false} assume !(0 != ~pubkey~0#1); {7369#false} is VALID [2022-02-20 17:55:27,150 INFO L290 TraceCheckUtils]: 88: Hoare triple {7369#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {7369#false} is VALID [2022-02-20 17:55:27,150 INFO L290 TraceCheckUtils]: 89: Hoare triple {7369#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {7369#false} is VALID [2022-02-20 17:55:27,150 INFO L290 TraceCheckUtils]: 90: Hoare triple {7369#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {7369#false} is VALID [2022-02-20 17:55:27,150 INFO L272 TraceCheckUtils]: 91: Hoare triple {7369#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {7369#false} is VALID [2022-02-20 17:55:27,150 INFO L290 TraceCheckUtils]: 92: Hoare triple {7369#false} ~handle := #in~handle;~value := #in~value; {7369#false} is VALID [2022-02-20 17:55:27,151 INFO L290 TraceCheckUtils]: 93: Hoare triple {7369#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7369#false} is VALID [2022-02-20 17:55:27,151 INFO L290 TraceCheckUtils]: 94: Hoare triple {7369#false} assume true; {7369#false} is VALID [2022-02-20 17:55:27,151 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {7369#false} {7369#false} #1049#return; {7369#false} is VALID [2022-02-20 17:55:27,151 INFO L290 TraceCheckUtils]: 96: Hoare triple {7369#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {7369#false} is VALID [2022-02-20 17:55:27,151 INFO L290 TraceCheckUtils]: 97: Hoare triple {7369#false} assume !(-1 == ~mail_is_sensitive~0); {7369#false} is VALID [2022-02-20 17:55:27,151 INFO L272 TraceCheckUtils]: 98: Hoare triple {7369#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {7369#false} is VALID [2022-02-20 17:55:27,151 INFO L290 TraceCheckUtils]: 99: Hoare triple {7369#false} ~handle := #in~handle;havoc ~retValue_acc~39; {7369#false} is VALID [2022-02-20 17:55:27,152 INFO L290 TraceCheckUtils]: 100: Hoare triple {7369#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {7369#false} is VALID [2022-02-20 17:55:27,152 INFO L290 TraceCheckUtils]: 101: Hoare triple {7369#false} assume true; {7369#false} is VALID [2022-02-20 17:55:27,152 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {7369#false} {7369#false} #1053#return; {7369#false} is VALID [2022-02-20 17:55:27,152 INFO L290 TraceCheckUtils]: 103: Hoare triple {7369#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {7369#false} is VALID [2022-02-20 17:55:27,152 INFO L290 TraceCheckUtils]: 104: Hoare triple {7369#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {7369#false} is VALID [2022-02-20 17:55:27,152 INFO L290 TraceCheckUtils]: 105: Hoare triple {7369#false} assume !false; {7369#false} is VALID [2022-02-20 17:55:27,153 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:55:27,153 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:27,153 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1390560412] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:27,153 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:27,153 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:55:27,153 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [122137662] [2022-02-20 17:55:27,154 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:27,154 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 17:55:27,155 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:27,155 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:27,222 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 99 edges. 99 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:27,223 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:55:27,223 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:27,224 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:55:27,224 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:55:27,224 INFO L87 Difference]: Start difference. First operand 399 states and 627 transitions. Second operand has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:28,219 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:28,220 INFO L93 Difference]: Finished difference Result 789 states and 1244 transitions. [2022-02-20 17:55:28,220 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:55:28,220 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 106 [2022-02-20 17:55:28,220 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:28,221 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:28,231 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1022 transitions. [2022-02-20 17:55:28,231 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:28,241 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1022 transitions. [2022-02-20 17:55:28,241 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1022 transitions. [2022-02-20 17:55:28,911 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1022 edges. 1022 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:28,925 INFO L225 Difference]: With dead ends: 789 [2022-02-20 17:55:28,925 INFO L226 Difference]: Without dead ends: 401 [2022-02-20 17:55:28,926 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 134 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:55:28,927 INFO L933 BasicCegarLoop]: 507 mSDtfsCounter, 144 mSDsluCounter, 1355 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 167 SdHoareTripleChecker+Valid, 1862 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:28,928 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [167 Valid, 1862 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:28,928 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 401 states. [2022-02-20 17:55:28,978 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 401 to 401. [2022-02-20 17:55:28,978 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:28,979 INFO L82 GeneralOperation]: Start isEquivalent. First operand 401 states. Second operand has 401 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 317 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67) [2022-02-20 17:55:28,980 INFO L74 IsIncluded]: Start isIncluded. First operand 401 states. Second operand has 401 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 317 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67) [2022-02-20 17:55:28,981 INFO L87 Difference]: Start difference. First operand 401 states. Second operand has 401 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 317 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67) [2022-02-20 17:55:28,995 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:28,995 INFO L93 Difference]: Finished difference Result 401 states and 630 transitions. [2022-02-20 17:55:28,995 INFO L276 IsEmpty]: Start isEmpty. Operand 401 states and 630 transitions. [2022-02-20 17:55:28,997 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:28,997 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:28,998 INFO L74 IsIncluded]: Start isIncluded. First operand has 401 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 317 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67) Second operand 401 states. [2022-02-20 17:55:29,000 INFO L87 Difference]: Start difference. First operand has 401 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 317 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67) Second operand 401 states. [2022-02-20 17:55:29,014 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:29,015 INFO L93 Difference]: Finished difference Result 401 states and 630 transitions. [2022-02-20 17:55:29,015 INFO L276 IsEmpty]: Start isEmpty. Operand 401 states and 630 transitions. [2022-02-20 17:55:29,016 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:29,016 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:29,016 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:29,016 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:29,018 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 401 states, 312 states have (on average 1.5929487179487178) internal successors, (497), 317 states have internal predecessors, (497), 66 states have call successors, (66), 21 states have call predecessors, (66), 22 states have return successors, (67), 64 states have call predecessors, (67), 65 states have call successors, (67) [2022-02-20 17:55:29,033 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 401 states to 401 states and 630 transitions. [2022-02-20 17:55:29,034 INFO L78 Accepts]: Start accepts. Automaton has 401 states and 630 transitions. Word has length 106 [2022-02-20 17:55:29,034 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:29,034 INFO L470 AbstractCegarLoop]: Abstraction has 401 states and 630 transitions. [2022-02-20 17:55:29,034 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.0) internal successors, (72), 5 states have internal predecessors, (72), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:29,035 INFO L276 IsEmpty]: Start isEmpty. Operand 401 states and 630 transitions. [2022-02-20 17:55:29,036 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 108 [2022-02-20 17:55:29,036 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:29,036 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:29,064 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:29,260 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:29,261 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:29,261 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:29,261 INFO L85 PathProgramCache]: Analyzing trace with hash 59366120, now seen corresponding path program 1 times [2022-02-20 17:55:29,261 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:29,261 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [471081960] [2022-02-20 17:55:29,261 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:29,261 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:29,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,329 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:29,331 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,333 INFO L290 TraceCheckUtils]: 0: Hoare triple {10246#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,334 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,334 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,334 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10193#true} #1079#return; {10193#true} is VALID [2022-02-20 17:55:29,340 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:29,342 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,344 INFO L290 TraceCheckUtils]: 0: Hoare triple {10247#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,344 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,344 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10193#true} #1081#return; {10193#true} is VALID [2022-02-20 17:55:29,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:29,347 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {10246#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10248#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,362 INFO L290 TraceCheckUtils]: 1: Hoare triple {10248#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10248#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,362 INFO L290 TraceCheckUtils]: 2: Hoare triple {10248#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10249#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,362 INFO L290 TraceCheckUtils]: 3: Hoare triple {10249#(= 2 |setClientId_#in~handle|)} assume true; {10249#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,363 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10249#(= 2 |setClientId_#in~handle|)} {10203#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1083#return; {10209#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:29,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:29,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,388 INFO L290 TraceCheckUtils]: 0: Hoare triple {10247#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10250#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:29,388 INFO L290 TraceCheckUtils]: 1: Hoare triple {10250#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10251#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:29,389 INFO L290 TraceCheckUtils]: 2: Hoare triple {10251#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10251#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:29,389 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10251#(= |setClientPrivateKey_#in~handle| 1)} {10209#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1085#return; {10194#false} is VALID [2022-02-20 17:55:29,390 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:55:29,393 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,395 INFO L290 TraceCheckUtils]: 0: Hoare triple {10246#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,395 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,395 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,395 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10194#false} #1087#return; {10194#false} is VALID [2022-02-20 17:55:29,396 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:55:29,397 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,399 INFO L290 TraceCheckUtils]: 0: Hoare triple {10247#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,399 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,399 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,400 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10194#false} #1089#return; {10194#false} is VALID [2022-02-20 17:55:29,411 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 17:55:29,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,414 INFO L290 TraceCheckUtils]: 0: Hoare triple {10252#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,414 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,415 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,415 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10194#false} #1065#return; {10194#false} is VALID [2022-02-20 17:55:29,424 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:55:29,425 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,427 INFO L290 TraceCheckUtils]: 0: Hoare triple {10253#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,427 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,427 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,427 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10194#false} #1067#return; {10194#false} is VALID [2022-02-20 17:55:29,428 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:55:29,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {10193#true} ~handle := #in~handle;havoc ~retValue_acc~3; {10193#true} is VALID [2022-02-20 17:55:29,430 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {10193#true} is VALID [2022-02-20 17:55:29,431 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,431 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10194#false} #1025#return; {10194#false} is VALID [2022-02-20 17:55:29,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:55:29,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,433 INFO L290 TraceCheckUtils]: 0: Hoare triple {10193#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10193#true} is VALID [2022-02-20 17:55:29,434 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {10193#true} is VALID [2022-02-20 17:55:29,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,434 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10194#false} #1043#return; {10194#false} is VALID [2022-02-20 17:55:29,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:55:29,450 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,453 INFO L290 TraceCheckUtils]: 0: Hoare triple {10252#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,453 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,453 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10194#false} #1049#return; {10194#false} is VALID [2022-02-20 17:55:29,453 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:55:29,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,456 INFO L290 TraceCheckUtils]: 0: Hoare triple {10193#true} ~handle := #in~handle;havoc ~retValue_acc~39; {10193#true} is VALID [2022-02-20 17:55:29,456 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {10193#true} is VALID [2022-02-20 17:55:29,457 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,457 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10193#true} {10194#false} #1053#return; {10194#false} is VALID [2022-02-20 17:55:29,457 INFO L290 TraceCheckUtils]: 0: Hoare triple {10193#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {10193#true} is VALID [2022-02-20 17:55:29,457 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {10193#true} is VALID [2022-02-20 17:55:29,457 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10193#true} is VALID [2022-02-20 17:55:29,457 INFO L290 TraceCheckUtils]: 3: Hoare triple {10193#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {10193#true} is VALID [2022-02-20 17:55:29,458 INFO L290 TraceCheckUtils]: 4: Hoare triple {10193#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {10193#true} is VALID [2022-02-20 17:55:29,458 INFO L290 TraceCheckUtils]: 5: Hoare triple {10193#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10193#true} is VALID [2022-02-20 17:55:29,458 INFO L272 TraceCheckUtils]: 6: Hoare triple {10193#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10246#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:29,459 INFO L290 TraceCheckUtils]: 7: Hoare triple {10246#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,459 INFO L290 TraceCheckUtils]: 8: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,459 INFO L290 TraceCheckUtils]: 9: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,459 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10193#true} {10193#true} #1079#return; {10193#true} is VALID [2022-02-20 17:55:29,459 INFO L290 TraceCheckUtils]: 11: Hoare triple {10193#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10193#true} is VALID [2022-02-20 17:55:29,460 INFO L272 TraceCheckUtils]: 12: Hoare triple {10193#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10247#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:29,460 INFO L290 TraceCheckUtils]: 13: Hoare triple {10247#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,460 INFO L290 TraceCheckUtils]: 14: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,460 INFO L290 TraceCheckUtils]: 15: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,460 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10193#true} {10193#true} #1081#return; {10193#true} is VALID [2022-02-20 17:55:29,461 INFO L290 TraceCheckUtils]: 17: Hoare triple {10193#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10203#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:55:29,462 INFO L272 TraceCheckUtils]: 18: Hoare triple {10203#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10246#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:29,462 INFO L290 TraceCheckUtils]: 19: Hoare triple {10246#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10248#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,462 INFO L290 TraceCheckUtils]: 20: Hoare triple {10248#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10248#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,463 INFO L290 TraceCheckUtils]: 21: Hoare triple {10248#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10249#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,463 INFO L290 TraceCheckUtils]: 22: Hoare triple {10249#(= 2 |setClientId_#in~handle|)} assume true; {10249#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:29,467 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10249#(= 2 |setClientId_#in~handle|)} {10203#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1083#return; {10209#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:29,468 INFO L290 TraceCheckUtils]: 24: Hoare triple {10209#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {10209#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:29,468 INFO L272 TraceCheckUtils]: 25: Hoare triple {10209#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10247#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:29,469 INFO L290 TraceCheckUtils]: 26: Hoare triple {10247#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10250#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:29,469 INFO L290 TraceCheckUtils]: 27: Hoare triple {10250#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10251#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:29,469 INFO L290 TraceCheckUtils]: 28: Hoare triple {10251#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10251#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:29,470 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10251#(= |setClientPrivateKey_#in~handle| 1)} {10209#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1085#return; {10194#false} is VALID [2022-02-20 17:55:29,470 INFO L290 TraceCheckUtils]: 30: Hoare triple {10194#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10194#false} is VALID [2022-02-20 17:55:29,470 INFO L272 TraceCheckUtils]: 31: Hoare triple {10194#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10246#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:29,470 INFO L290 TraceCheckUtils]: 32: Hoare triple {10246#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,471 INFO L290 TraceCheckUtils]: 33: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,471 INFO L290 TraceCheckUtils]: 34: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,471 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10193#true} {10194#false} #1087#return; {10194#false} is VALID [2022-02-20 17:55:29,471 INFO L290 TraceCheckUtils]: 36: Hoare triple {10194#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10194#false} is VALID [2022-02-20 17:55:29,471 INFO L272 TraceCheckUtils]: 37: Hoare triple {10194#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10247#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:29,471 INFO L290 TraceCheckUtils]: 38: Hoare triple {10247#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,471 INFO L290 TraceCheckUtils]: 39: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,471 INFO L290 TraceCheckUtils]: 40: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,472 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10193#true} {10194#false} #1089#return; {10194#false} is VALID [2022-02-20 17:55:29,472 INFO L290 TraceCheckUtils]: 42: Hoare triple {10194#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {10194#false} is VALID [2022-02-20 17:55:29,472 INFO L290 TraceCheckUtils]: 43: Hoare triple {10194#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10194#false} is VALID [2022-02-20 17:55:29,472 INFO L290 TraceCheckUtils]: 44: Hoare triple {10194#false} assume !false; {10194#false} is VALID [2022-02-20 17:55:29,472 INFO L290 TraceCheckUtils]: 45: Hoare triple {10194#false} assume test_~splverifierCounter~0#1 < 4; {10194#false} is VALID [2022-02-20 17:55:29,472 INFO L290 TraceCheckUtils]: 46: Hoare triple {10194#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10194#false} is VALID [2022-02-20 17:55:29,472 INFO L290 TraceCheckUtils]: 47: Hoare triple {10194#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {10194#false} is VALID [2022-02-20 17:55:29,473 INFO L290 TraceCheckUtils]: 48: Hoare triple {10194#false} assume !(0 != test_~tmp___9~0#1); {10194#false} is VALID [2022-02-20 17:55:29,473 INFO L290 TraceCheckUtils]: 49: Hoare triple {10194#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {10194#false} is VALID [2022-02-20 17:55:29,473 INFO L290 TraceCheckUtils]: 50: Hoare triple {10194#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10194#false} is VALID [2022-02-20 17:55:29,473 INFO L290 TraceCheckUtils]: 51: Hoare triple {10194#false} assume !false; {10194#false} is VALID [2022-02-20 17:55:29,473 INFO L290 TraceCheckUtils]: 52: Hoare triple {10194#false} assume !(test_~splverifierCounter~0#1 < 4); {10194#false} is VALID [2022-02-20 17:55:29,473 INFO L290 TraceCheckUtils]: 53: Hoare triple {10194#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {10194#false} is VALID [2022-02-20 17:55:29,473 INFO L272 TraceCheckUtils]: 54: Hoare triple {10194#false} call sendEmail(~bob~0, ~rjh~0); {10194#false} is VALID [2022-02-20 17:55:29,474 INFO L290 TraceCheckUtils]: 55: Hoare triple {10194#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10194#false} is VALID [2022-02-20 17:55:29,474 INFO L272 TraceCheckUtils]: 56: Hoare triple {10194#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10252#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:29,474 INFO L290 TraceCheckUtils]: 57: Hoare triple {10252#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,474 INFO L290 TraceCheckUtils]: 58: Hoare triple {10193#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,474 INFO L290 TraceCheckUtils]: 59: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,474 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {10193#true} {10194#false} #1065#return; {10194#false} is VALID [2022-02-20 17:55:29,474 INFO L272 TraceCheckUtils]: 61: Hoare triple {10194#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10253#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:29,475 INFO L290 TraceCheckUtils]: 62: Hoare triple {10253#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,475 INFO L290 TraceCheckUtils]: 63: Hoare triple {10193#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,475 INFO L290 TraceCheckUtils]: 64: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,475 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {10193#true} {10194#false} #1067#return; {10194#false} is VALID [2022-02-20 17:55:29,475 INFO L290 TraceCheckUtils]: 66: Hoare triple {10194#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {10194#false} is VALID [2022-02-20 17:55:29,475 INFO L290 TraceCheckUtils]: 67: Hoare triple {10194#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {10194#false} is VALID [2022-02-20 17:55:29,475 INFO L272 TraceCheckUtils]: 68: Hoare triple {10194#false} call outgoing(~sender#1, ~email~0#1); {10194#false} is VALID [2022-02-20 17:55:29,476 INFO L290 TraceCheckUtils]: 69: Hoare triple {10194#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {10194#false} is VALID [2022-02-20 17:55:29,476 INFO L272 TraceCheckUtils]: 70: Hoare triple {10194#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {10193#true} is VALID [2022-02-20 17:55:29,476 INFO L290 TraceCheckUtils]: 71: Hoare triple {10193#true} ~handle := #in~handle;havoc ~retValue_acc~3; {10193#true} is VALID [2022-02-20 17:55:29,476 INFO L290 TraceCheckUtils]: 72: Hoare triple {10193#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {10193#true} is VALID [2022-02-20 17:55:29,476 INFO L290 TraceCheckUtils]: 73: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,476 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {10193#true} {10194#false} #1025#return; {10194#false} is VALID [2022-02-20 17:55:29,476 INFO L290 TraceCheckUtils]: 75: Hoare triple {10194#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {10194#false} is VALID [2022-02-20 17:55:29,477 INFO L290 TraceCheckUtils]: 76: Hoare triple {10194#false} assume !(0 != ~size~2#1); {10194#false} is VALID [2022-02-20 17:55:29,477 INFO L272 TraceCheckUtils]: 77: Hoare triple {10194#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {10194#false} is VALID [2022-02-20 17:55:29,477 INFO L290 TraceCheckUtils]: 78: Hoare triple {10194#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {10194#false} is VALID [2022-02-20 17:55:29,477 INFO L272 TraceCheckUtils]: 79: Hoare triple {10194#false} call #t~ret12#1 := getEmailTo(~msg#1); {10193#true} is VALID [2022-02-20 17:55:29,477 INFO L290 TraceCheckUtils]: 80: Hoare triple {10193#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10193#true} is VALID [2022-02-20 17:55:29,477 INFO L290 TraceCheckUtils]: 81: Hoare triple {10193#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {10193#true} is VALID [2022-02-20 17:55:29,477 INFO L290 TraceCheckUtils]: 82: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,477 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {10193#true} {10194#false} #1043#return; {10194#false} is VALID [2022-02-20 17:55:29,478 INFO L290 TraceCheckUtils]: 84: Hoare triple {10194#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {10194#false} is VALID [2022-02-20 17:55:29,478 INFO L290 TraceCheckUtils]: 85: Hoare triple {10194#false} assume 1 == findPublicKey_~handle#1; {10194#false} is VALID [2022-02-20 17:55:29,478 INFO L290 TraceCheckUtils]: 86: Hoare triple {10194#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {10194#false} is VALID [2022-02-20 17:55:29,478 INFO L290 TraceCheckUtils]: 87: Hoare triple {10194#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {10194#false} is VALID [2022-02-20 17:55:29,478 INFO L290 TraceCheckUtils]: 88: Hoare triple {10194#false} assume !(0 != ~pubkey~0#1); {10194#false} is VALID [2022-02-20 17:55:29,478 INFO L290 TraceCheckUtils]: 89: Hoare triple {10194#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {10194#false} is VALID [2022-02-20 17:55:29,478 INFO L290 TraceCheckUtils]: 90: Hoare triple {10194#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {10194#false} is VALID [2022-02-20 17:55:29,479 INFO L290 TraceCheckUtils]: 91: Hoare triple {10194#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {10194#false} is VALID [2022-02-20 17:55:29,479 INFO L272 TraceCheckUtils]: 92: Hoare triple {10194#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {10252#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:29,479 INFO L290 TraceCheckUtils]: 93: Hoare triple {10252#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:29,479 INFO L290 TraceCheckUtils]: 94: Hoare triple {10193#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:29,479 INFO L290 TraceCheckUtils]: 95: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,479 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {10193#true} {10194#false} #1049#return; {10194#false} is VALID [2022-02-20 17:55:29,479 INFO L290 TraceCheckUtils]: 97: Hoare triple {10194#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {10194#false} is VALID [2022-02-20 17:55:29,480 INFO L290 TraceCheckUtils]: 98: Hoare triple {10194#false} assume !(-1 == ~mail_is_sensitive~0); {10194#false} is VALID [2022-02-20 17:55:29,480 INFO L272 TraceCheckUtils]: 99: Hoare triple {10194#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {10193#true} is VALID [2022-02-20 17:55:29,480 INFO L290 TraceCheckUtils]: 100: Hoare triple {10193#true} ~handle := #in~handle;havoc ~retValue_acc~39; {10193#true} is VALID [2022-02-20 17:55:29,480 INFO L290 TraceCheckUtils]: 101: Hoare triple {10193#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {10193#true} is VALID [2022-02-20 17:55:29,480 INFO L290 TraceCheckUtils]: 102: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:29,480 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {10193#true} {10194#false} #1053#return; {10194#false} is VALID [2022-02-20 17:55:29,480 INFO L290 TraceCheckUtils]: 104: Hoare triple {10194#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {10194#false} is VALID [2022-02-20 17:55:29,481 INFO L290 TraceCheckUtils]: 105: Hoare triple {10194#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {10194#false} is VALID [2022-02-20 17:55:29,481 INFO L290 TraceCheckUtils]: 106: Hoare triple {10194#false} assume !false; {10194#false} is VALID [2022-02-20 17:55:29,481 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:55:29,481 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:29,481 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [471081960] [2022-02-20 17:55:29,482 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [471081960] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:29,482 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1301861456] [2022-02-20 17:55:29,482 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:29,482 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:29,482 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:29,484 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:29,510 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:55:29,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,701 INFO L263 TraceCheckSpWp]: Trace formula consists of 1009 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:55:29,752 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:29,754 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:30,042 INFO L290 TraceCheckUtils]: 0: Hoare triple {10193#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {10193#true} is VALID [2022-02-20 17:55:30,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {10193#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {10193#true} is VALID [2022-02-20 17:55:30,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {10193#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10193#true} is VALID [2022-02-20 17:55:30,043 INFO L290 TraceCheckUtils]: 3: Hoare triple {10193#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {10193#true} is VALID [2022-02-20 17:55:30,043 INFO L290 TraceCheckUtils]: 4: Hoare triple {10193#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {10193#true} is VALID [2022-02-20 17:55:30,043 INFO L290 TraceCheckUtils]: 5: Hoare triple {10193#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10193#true} is VALID [2022-02-20 17:55:30,044 INFO L272 TraceCheckUtils]: 6: Hoare triple {10193#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10193#true} is VALID [2022-02-20 17:55:30,044 INFO L290 TraceCheckUtils]: 7: Hoare triple {10193#true} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:30,044 INFO L290 TraceCheckUtils]: 8: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:30,044 INFO L290 TraceCheckUtils]: 9: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:30,044 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10193#true} {10193#true} #1079#return; {10193#true} is VALID [2022-02-20 17:55:30,044 INFO L290 TraceCheckUtils]: 11: Hoare triple {10193#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10193#true} is VALID [2022-02-20 17:55:30,044 INFO L272 TraceCheckUtils]: 12: Hoare triple {10193#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10193#true} is VALID [2022-02-20 17:55:30,045 INFO L290 TraceCheckUtils]: 13: Hoare triple {10193#true} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:30,045 INFO L290 TraceCheckUtils]: 14: Hoare triple {10193#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:30,045 INFO L290 TraceCheckUtils]: 15: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:30,045 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10193#true} {10193#true} #1081#return; {10193#true} is VALID [2022-02-20 17:55:30,046 INFO L290 TraceCheckUtils]: 17: Hoare triple {10193#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10308#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:30,046 INFO L272 TraceCheckUtils]: 18: Hoare triple {10308#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10193#true} is VALID [2022-02-20 17:55:30,046 INFO L290 TraceCheckUtils]: 19: Hoare triple {10193#true} ~handle := #in~handle;~value := #in~value; {10193#true} is VALID [2022-02-20 17:55:30,046 INFO L290 TraceCheckUtils]: 20: Hoare triple {10193#true} assume !(1 == ~handle); {10193#true} is VALID [2022-02-20 17:55:30,046 INFO L290 TraceCheckUtils]: 21: Hoare triple {10193#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10193#true} is VALID [2022-02-20 17:55:30,046 INFO L290 TraceCheckUtils]: 22: Hoare triple {10193#true} assume true; {10193#true} is VALID [2022-02-20 17:55:30,047 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10193#true} {10308#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1083#return; {10308#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:30,047 INFO L290 TraceCheckUtils]: 24: Hoare triple {10308#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {10308#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:30,047 INFO L272 TraceCheckUtils]: 25: Hoare triple {10308#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10193#true} is VALID [2022-02-20 17:55:30,048 INFO L290 TraceCheckUtils]: 26: Hoare triple {10193#true} ~handle := #in~handle;~value := #in~value; {10336#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:55:30,048 INFO L290 TraceCheckUtils]: 27: Hoare triple {10336#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10340#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:30,049 INFO L290 TraceCheckUtils]: 28: Hoare triple {10340#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {10340#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:30,049 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10340#(<= |setClientPrivateKey_#in~handle| 1)} {10308#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1085#return; {10194#false} is VALID [2022-02-20 17:55:30,050 INFO L290 TraceCheckUtils]: 30: Hoare triple {10194#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10194#false} is VALID [2022-02-20 17:55:30,050 INFO L272 TraceCheckUtils]: 31: Hoare triple {10194#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10194#false} is VALID [2022-02-20 17:55:30,050 INFO L290 TraceCheckUtils]: 32: Hoare triple {10194#false} ~handle := #in~handle;~value := #in~value; {10194#false} is VALID [2022-02-20 17:55:30,050 INFO L290 TraceCheckUtils]: 33: Hoare triple {10194#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10194#false} is VALID [2022-02-20 17:55:30,050 INFO L290 TraceCheckUtils]: 34: Hoare triple {10194#false} assume true; {10194#false} is VALID [2022-02-20 17:55:30,050 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10194#false} {10194#false} #1087#return; {10194#false} is VALID [2022-02-20 17:55:30,050 INFO L290 TraceCheckUtils]: 36: Hoare triple {10194#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10194#false} is VALID [2022-02-20 17:55:30,051 INFO L272 TraceCheckUtils]: 37: Hoare triple {10194#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10194#false} is VALID [2022-02-20 17:55:30,051 INFO L290 TraceCheckUtils]: 38: Hoare triple {10194#false} ~handle := #in~handle;~value := #in~value; {10194#false} is VALID [2022-02-20 17:55:30,051 INFO L290 TraceCheckUtils]: 39: Hoare triple {10194#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10194#false} is VALID [2022-02-20 17:55:30,051 INFO L290 TraceCheckUtils]: 40: Hoare triple {10194#false} assume true; {10194#false} is VALID [2022-02-20 17:55:30,051 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10194#false} {10194#false} #1089#return; {10194#false} is VALID [2022-02-20 17:55:30,051 INFO L290 TraceCheckUtils]: 42: Hoare triple {10194#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {10194#false} is VALID [2022-02-20 17:55:30,051 INFO L290 TraceCheckUtils]: 43: Hoare triple {10194#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10194#false} is VALID [2022-02-20 17:55:30,052 INFO L290 TraceCheckUtils]: 44: Hoare triple {10194#false} assume !false; {10194#false} is VALID [2022-02-20 17:55:30,052 INFO L290 TraceCheckUtils]: 45: Hoare triple {10194#false} assume test_~splverifierCounter~0#1 < 4; {10194#false} is VALID [2022-02-20 17:55:30,052 INFO L290 TraceCheckUtils]: 46: Hoare triple {10194#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10194#false} is VALID [2022-02-20 17:55:30,052 INFO L290 TraceCheckUtils]: 47: Hoare triple {10194#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {10194#false} is VALID [2022-02-20 17:55:30,052 INFO L290 TraceCheckUtils]: 48: Hoare triple {10194#false} assume !(0 != test_~tmp___9~0#1); {10194#false} is VALID [2022-02-20 17:55:30,052 INFO L290 TraceCheckUtils]: 49: Hoare triple {10194#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {10194#false} is VALID [2022-02-20 17:55:30,052 INFO L290 TraceCheckUtils]: 50: Hoare triple {10194#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10194#false} is VALID [2022-02-20 17:55:30,053 INFO L290 TraceCheckUtils]: 51: Hoare triple {10194#false} assume !false; {10194#false} is VALID [2022-02-20 17:55:30,053 INFO L290 TraceCheckUtils]: 52: Hoare triple {10194#false} assume !(test_~splverifierCounter~0#1 < 4); {10194#false} is VALID [2022-02-20 17:55:30,053 INFO L290 TraceCheckUtils]: 53: Hoare triple {10194#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {10194#false} is VALID [2022-02-20 17:55:30,053 INFO L272 TraceCheckUtils]: 54: Hoare triple {10194#false} call sendEmail(~bob~0, ~rjh~0); {10194#false} is VALID [2022-02-20 17:55:30,053 INFO L290 TraceCheckUtils]: 55: Hoare triple {10194#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10194#false} is VALID [2022-02-20 17:55:30,053 INFO L272 TraceCheckUtils]: 56: Hoare triple {10194#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10194#false} is VALID [2022-02-20 17:55:30,053 INFO L290 TraceCheckUtils]: 57: Hoare triple {10194#false} ~handle := #in~handle;~value := #in~value; {10194#false} is VALID [2022-02-20 17:55:30,054 INFO L290 TraceCheckUtils]: 58: Hoare triple {10194#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10194#false} is VALID [2022-02-20 17:55:30,054 INFO L290 TraceCheckUtils]: 59: Hoare triple {10194#false} assume true; {10194#false} is VALID [2022-02-20 17:55:30,054 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {10194#false} {10194#false} #1065#return; {10194#false} is VALID [2022-02-20 17:55:30,054 INFO L272 TraceCheckUtils]: 61: Hoare triple {10194#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10194#false} is VALID [2022-02-20 17:55:30,054 INFO L290 TraceCheckUtils]: 62: Hoare triple {10194#false} ~handle := #in~handle;~value := #in~value; {10194#false} is VALID [2022-02-20 17:55:30,054 INFO L290 TraceCheckUtils]: 63: Hoare triple {10194#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10194#false} is VALID [2022-02-20 17:55:30,054 INFO L290 TraceCheckUtils]: 64: Hoare triple {10194#false} assume true; {10194#false} is VALID [2022-02-20 17:55:30,055 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {10194#false} {10194#false} #1067#return; {10194#false} is VALID [2022-02-20 17:55:30,055 INFO L290 TraceCheckUtils]: 66: Hoare triple {10194#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {10194#false} is VALID [2022-02-20 17:55:30,055 INFO L290 TraceCheckUtils]: 67: Hoare triple {10194#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {10194#false} is VALID [2022-02-20 17:55:30,055 INFO L272 TraceCheckUtils]: 68: Hoare triple {10194#false} call outgoing(~sender#1, ~email~0#1); {10194#false} is VALID [2022-02-20 17:55:30,055 INFO L290 TraceCheckUtils]: 69: Hoare triple {10194#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {10194#false} is VALID [2022-02-20 17:55:30,055 INFO L272 TraceCheckUtils]: 70: Hoare triple {10194#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {10194#false} is VALID [2022-02-20 17:55:30,055 INFO L290 TraceCheckUtils]: 71: Hoare triple {10194#false} ~handle := #in~handle;havoc ~retValue_acc~3; {10194#false} is VALID [2022-02-20 17:55:30,056 INFO L290 TraceCheckUtils]: 72: Hoare triple {10194#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {10194#false} is VALID [2022-02-20 17:55:30,056 INFO L290 TraceCheckUtils]: 73: Hoare triple {10194#false} assume true; {10194#false} is VALID [2022-02-20 17:55:30,056 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {10194#false} {10194#false} #1025#return; {10194#false} is VALID [2022-02-20 17:55:30,056 INFO L290 TraceCheckUtils]: 75: Hoare triple {10194#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {10194#false} is VALID [2022-02-20 17:55:30,056 INFO L290 TraceCheckUtils]: 76: Hoare triple {10194#false} assume !(0 != ~size~2#1); {10194#false} is VALID [2022-02-20 17:55:30,056 INFO L272 TraceCheckUtils]: 77: Hoare triple {10194#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {10194#false} is VALID [2022-02-20 17:55:30,056 INFO L290 TraceCheckUtils]: 78: Hoare triple {10194#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {10194#false} is VALID [2022-02-20 17:55:30,057 INFO L272 TraceCheckUtils]: 79: Hoare triple {10194#false} call #t~ret12#1 := getEmailTo(~msg#1); {10194#false} is VALID [2022-02-20 17:55:30,057 INFO L290 TraceCheckUtils]: 80: Hoare triple {10194#false} ~handle := #in~handle;havoc ~retValue_acc~36; {10194#false} is VALID [2022-02-20 17:55:30,057 INFO L290 TraceCheckUtils]: 81: Hoare triple {10194#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {10194#false} is VALID [2022-02-20 17:55:30,057 INFO L290 TraceCheckUtils]: 82: Hoare triple {10194#false} assume true; {10194#false} is VALID [2022-02-20 17:55:30,057 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {10194#false} {10194#false} #1043#return; {10194#false} is VALID [2022-02-20 17:55:30,057 INFO L290 TraceCheckUtils]: 84: Hoare triple {10194#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {10194#false} is VALID [2022-02-20 17:55:30,057 INFO L290 TraceCheckUtils]: 85: Hoare triple {10194#false} assume 1 == findPublicKey_~handle#1; {10194#false} is VALID [2022-02-20 17:55:30,058 INFO L290 TraceCheckUtils]: 86: Hoare triple {10194#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {10194#false} is VALID [2022-02-20 17:55:30,058 INFO L290 TraceCheckUtils]: 87: Hoare triple {10194#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {10194#false} is VALID [2022-02-20 17:55:30,058 INFO L290 TraceCheckUtils]: 88: Hoare triple {10194#false} assume !(0 != ~pubkey~0#1); {10194#false} is VALID [2022-02-20 17:55:30,058 INFO L290 TraceCheckUtils]: 89: Hoare triple {10194#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {10194#false} is VALID [2022-02-20 17:55:30,058 INFO L290 TraceCheckUtils]: 90: Hoare triple {10194#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {10194#false} is VALID [2022-02-20 17:55:30,058 INFO L290 TraceCheckUtils]: 91: Hoare triple {10194#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {10194#false} is VALID [2022-02-20 17:55:30,058 INFO L272 TraceCheckUtils]: 92: Hoare triple {10194#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {10194#false} is VALID [2022-02-20 17:55:30,058 INFO L290 TraceCheckUtils]: 93: Hoare triple {10194#false} ~handle := #in~handle;~value := #in~value; {10194#false} is VALID [2022-02-20 17:55:30,059 INFO L290 TraceCheckUtils]: 94: Hoare triple {10194#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10194#false} is VALID [2022-02-20 17:55:30,059 INFO L290 TraceCheckUtils]: 95: Hoare triple {10194#false} assume true; {10194#false} is VALID [2022-02-20 17:55:30,059 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {10194#false} {10194#false} #1049#return; {10194#false} is VALID [2022-02-20 17:55:30,059 INFO L290 TraceCheckUtils]: 97: Hoare triple {10194#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {10194#false} is VALID [2022-02-20 17:55:30,059 INFO L290 TraceCheckUtils]: 98: Hoare triple {10194#false} assume !(-1 == ~mail_is_sensitive~0); {10194#false} is VALID [2022-02-20 17:55:30,059 INFO L272 TraceCheckUtils]: 99: Hoare triple {10194#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {10194#false} is VALID [2022-02-20 17:55:30,059 INFO L290 TraceCheckUtils]: 100: Hoare triple {10194#false} ~handle := #in~handle;havoc ~retValue_acc~39; {10194#false} is VALID [2022-02-20 17:55:30,060 INFO L290 TraceCheckUtils]: 101: Hoare triple {10194#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {10194#false} is VALID [2022-02-20 17:55:30,060 INFO L290 TraceCheckUtils]: 102: Hoare triple {10194#false} assume true; {10194#false} is VALID [2022-02-20 17:55:30,060 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {10194#false} {10194#false} #1053#return; {10194#false} is VALID [2022-02-20 17:55:30,060 INFO L290 TraceCheckUtils]: 104: Hoare triple {10194#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {10194#false} is VALID [2022-02-20 17:55:30,060 INFO L290 TraceCheckUtils]: 105: Hoare triple {10194#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {10194#false} is VALID [2022-02-20 17:55:30,060 INFO L290 TraceCheckUtils]: 106: Hoare triple {10194#false} assume !false; {10194#false} is VALID [2022-02-20 17:55:30,061 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:55:30,061 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:30,061 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1301861456] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:30,061 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:30,061 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:55:30,061 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1466514540] [2022-02-20 17:55:30,062 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:30,063 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 107 [2022-02-20 17:55:30,063 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:30,064 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:30,153 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:30,153 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:55:30,153 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:30,154 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:55:30,154 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:55:30,154 INFO L87 Difference]: Start difference. First operand 401 states and 630 transitions. Second operand has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:31,223 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:31,223 INFO L93 Difference]: Finished difference Result 791 states and 1249 transitions. [2022-02-20 17:55:31,223 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:55:31,224 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 107 [2022-02-20 17:55:31,224 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:31,225 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:31,234 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1021 transitions. [2022-02-20 17:55:31,235 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:31,244 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1021 transitions. [2022-02-20 17:55:31,244 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1021 transitions. [2022-02-20 17:55:32,031 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1021 edges. 1021 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:32,044 INFO L225 Difference]: With dead ends: 791 [2022-02-20 17:55:32,044 INFO L226 Difference]: Without dead ends: 403 [2022-02-20 17:55:32,045 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 137 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:55:32,047 INFO L933 BasicCegarLoop]: 505 mSDtfsCounter, 143 mSDsluCounter, 1346 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 166 SdHoareTripleChecker+Valid, 1851 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:32,047 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [166 Valid, 1851 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:32,048 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 403 states. [2022-02-20 17:55:32,174 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 403 to 403. [2022-02-20 17:55:32,174 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:32,175 INFO L82 GeneralOperation]: Start isEquivalent. First operand 403 states. Second operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) [2022-02-20 17:55:32,176 INFO L74 IsIncluded]: Start isIncluded. First operand 403 states. Second operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) [2022-02-20 17:55:32,180 INFO L87 Difference]: Start difference. First operand 403 states. Second operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) [2022-02-20 17:55:32,193 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:32,193 INFO L93 Difference]: Finished difference Result 403 states and 636 transitions. [2022-02-20 17:55:32,193 INFO L276 IsEmpty]: Start isEmpty. Operand 403 states and 636 transitions. [2022-02-20 17:55:32,195 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:32,195 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:32,196 INFO L74 IsIncluded]: Start isIncluded. First operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) Second operand 403 states. [2022-02-20 17:55:32,197 INFO L87 Difference]: Start difference. First operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) Second operand 403 states. [2022-02-20 17:55:32,211 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:32,212 INFO L93 Difference]: Finished difference Result 403 states and 636 transitions. [2022-02-20 17:55:32,212 INFO L276 IsEmpty]: Start isEmpty. Operand 403 states and 636 transitions. [2022-02-20 17:55:32,213 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:32,213 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:32,213 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:32,213 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:32,215 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) [2022-02-20 17:55:32,230 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 403 states to 403 states and 636 transitions. [2022-02-20 17:55:32,231 INFO L78 Accepts]: Start accepts. Automaton has 403 states and 636 transitions. Word has length 107 [2022-02-20 17:55:32,231 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:32,231 INFO L470 AbstractCegarLoop]: Abstraction has 403 states and 636 transitions. [2022-02-20 17:55:32,232 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 14.8) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:32,232 INFO L276 IsEmpty]: Start isEmpty. Operand 403 states and 636 transitions. [2022-02-20 17:55:32,233 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 17:55:32,234 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:32,234 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:32,263 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:32,458 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:32,459 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:32,459 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:32,459 INFO L85 PathProgramCache]: Analyzing trace with hash -306147499, now seen corresponding path program 1 times [2022-02-20 17:55:32,459 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:32,459 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [542980566] [2022-02-20 17:55:32,459 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:32,460 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:32,492 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,526 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:32,527 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,529 INFO L290 TraceCheckUtils]: 0: Hoare triple {13084#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,530 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,530 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,530 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13031#true} {13031#true} #1079#return; {13031#true} is VALID [2022-02-20 17:55:32,535 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:32,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,539 INFO L290 TraceCheckUtils]: 0: Hoare triple {13085#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,539 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,539 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,539 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13031#true} {13031#true} #1081#return; {13031#true} is VALID [2022-02-20 17:55:32,539 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:32,540 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,542 INFO L290 TraceCheckUtils]: 0: Hoare triple {13084#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,542 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume !(1 == ~handle); {13031#true} is VALID [2022-02-20 17:55:32,542 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,542 INFO L290 TraceCheckUtils]: 3: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,543 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13031#true} {13031#true} #1083#return; {13031#true} is VALID [2022-02-20 17:55:32,543 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:32,545 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,547 INFO L290 TraceCheckUtils]: 0: Hoare triple {13085#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,547 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume !(1 == ~handle); {13031#true} is VALID [2022-02-20 17:55:32,547 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,547 INFO L290 TraceCheckUtils]: 3: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,548 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13031#true} {13031#true} #1085#return; {13031#true} is VALID [2022-02-20 17:55:32,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:32,550 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,563 INFO L290 TraceCheckUtils]: 0: Hoare triple {13084#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13086#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:32,564 INFO L290 TraceCheckUtils]: 1: Hoare triple {13086#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13087#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:32,564 INFO L290 TraceCheckUtils]: 2: Hoare triple {13087#(= |setClientId_#in~handle| 1)} assume true; {13087#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:32,564 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13087#(= |setClientId_#in~handle| 1)} {13051#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1087#return; {13032#false} is VALID [2022-02-20 17:55:32,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:32,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,570 INFO L290 TraceCheckUtils]: 0: Hoare triple {13085#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,570 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,570 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,570 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13031#true} {13032#false} #1089#return; {13032#false} is VALID [2022-02-20 17:55:32,577 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:55:32,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,581 INFO L290 TraceCheckUtils]: 0: Hoare triple {13088#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,581 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,581 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,581 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13031#true} {13032#false} #1065#return; {13032#false} is VALID [2022-02-20 17:55:32,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:55:32,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,592 INFO L290 TraceCheckUtils]: 0: Hoare triple {13089#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,592 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,592 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,592 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13031#true} {13032#false} #1067#return; {13032#false} is VALID [2022-02-20 17:55:32,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:55:32,593 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,603 INFO L290 TraceCheckUtils]: 0: Hoare triple {13031#true} ~handle := #in~handle;havoc ~retValue_acc~3; {13031#true} is VALID [2022-02-20 17:55:32,603 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {13031#true} is VALID [2022-02-20 17:55:32,603 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,603 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13031#true} {13032#false} #1025#return; {13032#false} is VALID [2022-02-20 17:55:32,603 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:55:32,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {13031#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13031#true} is VALID [2022-02-20 17:55:32,608 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {13031#true} is VALID [2022-02-20 17:55:32,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,608 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13031#true} {13032#false} #1043#return; {13032#false} is VALID [2022-02-20 17:55:32,608 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:55:32,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {13088#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,611 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,611 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13031#true} {13032#false} #1049#return; {13032#false} is VALID [2022-02-20 17:55:32,612 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:55:32,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:32,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {13031#true} ~handle := #in~handle;havoc ~retValue_acc~39; {13031#true} is VALID [2022-02-20 17:55:32,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {13031#true} is VALID [2022-02-20 17:55:32,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,618 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13031#true} {13032#false} #1053#return; {13032#false} is VALID [2022-02-20 17:55:32,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {13031#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {13031#true} is VALID [2022-02-20 17:55:32,618 INFO L290 TraceCheckUtils]: 1: Hoare triple {13031#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {13031#true} is VALID [2022-02-20 17:55:32,618 INFO L290 TraceCheckUtils]: 2: Hoare triple {13031#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13031#true} is VALID [2022-02-20 17:55:32,618 INFO L290 TraceCheckUtils]: 3: Hoare triple {13031#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {13031#true} is VALID [2022-02-20 17:55:32,619 INFO L290 TraceCheckUtils]: 4: Hoare triple {13031#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {13031#true} is VALID [2022-02-20 17:55:32,619 INFO L290 TraceCheckUtils]: 5: Hoare triple {13031#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13031#true} is VALID [2022-02-20 17:55:32,620 INFO L272 TraceCheckUtils]: 6: Hoare triple {13031#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13084#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:32,620 INFO L290 TraceCheckUtils]: 7: Hoare triple {13084#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,620 INFO L290 TraceCheckUtils]: 8: Hoare triple {13031#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,620 INFO L290 TraceCheckUtils]: 9: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,620 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13031#true} {13031#true} #1079#return; {13031#true} is VALID [2022-02-20 17:55:32,620 INFO L290 TraceCheckUtils]: 11: Hoare triple {13031#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13031#true} is VALID [2022-02-20 17:55:32,621 INFO L272 TraceCheckUtils]: 12: Hoare triple {13031#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13085#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:32,621 INFO L290 TraceCheckUtils]: 13: Hoare triple {13085#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,621 INFO L290 TraceCheckUtils]: 14: Hoare triple {13031#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,622 INFO L290 TraceCheckUtils]: 15: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,622 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13031#true} {13031#true} #1081#return; {13031#true} is VALID [2022-02-20 17:55:32,622 INFO L290 TraceCheckUtils]: 17: Hoare triple {13031#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13031#true} is VALID [2022-02-20 17:55:32,622 INFO L272 TraceCheckUtils]: 18: Hoare triple {13031#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13084#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:32,623 INFO L290 TraceCheckUtils]: 19: Hoare triple {13084#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,623 INFO L290 TraceCheckUtils]: 20: Hoare triple {13031#true} assume !(1 == ~handle); {13031#true} is VALID [2022-02-20 17:55:32,623 INFO L290 TraceCheckUtils]: 21: Hoare triple {13031#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,623 INFO L290 TraceCheckUtils]: 22: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,623 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13031#true} {13031#true} #1083#return; {13031#true} is VALID [2022-02-20 17:55:32,623 INFO L290 TraceCheckUtils]: 24: Hoare triple {13031#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {13031#true} is VALID [2022-02-20 17:55:32,624 INFO L272 TraceCheckUtils]: 25: Hoare triple {13031#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13085#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:32,624 INFO L290 TraceCheckUtils]: 26: Hoare triple {13085#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,624 INFO L290 TraceCheckUtils]: 27: Hoare triple {13031#true} assume !(1 == ~handle); {13031#true} is VALID [2022-02-20 17:55:32,625 INFO L290 TraceCheckUtils]: 28: Hoare triple {13031#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,625 INFO L290 TraceCheckUtils]: 29: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,625 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {13031#true} {13031#true} #1085#return; {13031#true} is VALID [2022-02-20 17:55:32,625 INFO L290 TraceCheckUtils]: 31: Hoare triple {13031#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13051#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:55:32,626 INFO L272 TraceCheckUtils]: 32: Hoare triple {13051#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13084#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:32,627 INFO L290 TraceCheckUtils]: 33: Hoare triple {13084#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13086#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:32,627 INFO L290 TraceCheckUtils]: 34: Hoare triple {13086#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13087#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:32,627 INFO L290 TraceCheckUtils]: 35: Hoare triple {13087#(= |setClientId_#in~handle| 1)} assume true; {13087#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:32,628 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {13087#(= |setClientId_#in~handle| 1)} {13051#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1087#return; {13032#false} is VALID [2022-02-20 17:55:32,628 INFO L290 TraceCheckUtils]: 37: Hoare triple {13032#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13032#false} is VALID [2022-02-20 17:55:32,628 INFO L272 TraceCheckUtils]: 38: Hoare triple {13032#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13085#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:32,628 INFO L290 TraceCheckUtils]: 39: Hoare triple {13085#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,629 INFO L290 TraceCheckUtils]: 40: Hoare triple {13031#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,629 INFO L290 TraceCheckUtils]: 41: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,629 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {13031#true} {13032#false} #1089#return; {13032#false} is VALID [2022-02-20 17:55:32,629 INFO L290 TraceCheckUtils]: 43: Hoare triple {13032#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {13032#false} is VALID [2022-02-20 17:55:32,629 INFO L290 TraceCheckUtils]: 44: Hoare triple {13032#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13032#false} is VALID [2022-02-20 17:55:32,629 INFO L290 TraceCheckUtils]: 45: Hoare triple {13032#false} assume !false; {13032#false} is VALID [2022-02-20 17:55:32,630 INFO L290 TraceCheckUtils]: 46: Hoare triple {13032#false} assume test_~splverifierCounter~0#1 < 4; {13032#false} is VALID [2022-02-20 17:55:32,630 INFO L290 TraceCheckUtils]: 47: Hoare triple {13032#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13032#false} is VALID [2022-02-20 17:55:32,630 INFO L290 TraceCheckUtils]: 48: Hoare triple {13032#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {13032#false} is VALID [2022-02-20 17:55:32,630 INFO L290 TraceCheckUtils]: 49: Hoare triple {13032#false} assume !(0 != test_~tmp___9~0#1); {13032#false} is VALID [2022-02-20 17:55:32,630 INFO L290 TraceCheckUtils]: 50: Hoare triple {13032#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {13032#false} is VALID [2022-02-20 17:55:32,630 INFO L290 TraceCheckUtils]: 51: Hoare triple {13032#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {13032#false} is VALID [2022-02-20 17:55:32,630 INFO L290 TraceCheckUtils]: 52: Hoare triple {13032#false} assume !false; {13032#false} is VALID [2022-02-20 17:55:32,631 INFO L290 TraceCheckUtils]: 53: Hoare triple {13032#false} assume !(test_~splverifierCounter~0#1 < 4); {13032#false} is VALID [2022-02-20 17:55:32,631 INFO L290 TraceCheckUtils]: 54: Hoare triple {13032#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {13032#false} is VALID [2022-02-20 17:55:32,631 INFO L272 TraceCheckUtils]: 55: Hoare triple {13032#false} call sendEmail(~bob~0, ~rjh~0); {13032#false} is VALID [2022-02-20 17:55:32,631 INFO L290 TraceCheckUtils]: 56: Hoare triple {13032#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13032#false} is VALID [2022-02-20 17:55:32,631 INFO L272 TraceCheckUtils]: 57: Hoare triple {13032#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13088#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:32,631 INFO L290 TraceCheckUtils]: 58: Hoare triple {13088#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,632 INFO L290 TraceCheckUtils]: 59: Hoare triple {13031#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,632 INFO L290 TraceCheckUtils]: 60: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,632 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {13031#true} {13032#false} #1065#return; {13032#false} is VALID [2022-02-20 17:55:32,632 INFO L272 TraceCheckUtils]: 62: Hoare triple {13032#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13089#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:32,632 INFO L290 TraceCheckUtils]: 63: Hoare triple {13089#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,632 INFO L290 TraceCheckUtils]: 64: Hoare triple {13031#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,633 INFO L290 TraceCheckUtils]: 65: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,633 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {13031#true} {13032#false} #1067#return; {13032#false} is VALID [2022-02-20 17:55:32,633 INFO L290 TraceCheckUtils]: 67: Hoare triple {13032#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {13032#false} is VALID [2022-02-20 17:55:32,633 INFO L290 TraceCheckUtils]: 68: Hoare triple {13032#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {13032#false} is VALID [2022-02-20 17:55:32,633 INFO L272 TraceCheckUtils]: 69: Hoare triple {13032#false} call outgoing(~sender#1, ~email~0#1); {13032#false} is VALID [2022-02-20 17:55:32,633 INFO L290 TraceCheckUtils]: 70: Hoare triple {13032#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {13032#false} is VALID [2022-02-20 17:55:32,633 INFO L272 TraceCheckUtils]: 71: Hoare triple {13032#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {13031#true} is VALID [2022-02-20 17:55:32,634 INFO L290 TraceCheckUtils]: 72: Hoare triple {13031#true} ~handle := #in~handle;havoc ~retValue_acc~3; {13031#true} is VALID [2022-02-20 17:55:32,634 INFO L290 TraceCheckUtils]: 73: Hoare triple {13031#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {13031#true} is VALID [2022-02-20 17:55:32,634 INFO L290 TraceCheckUtils]: 74: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,634 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {13031#true} {13032#false} #1025#return; {13032#false} is VALID [2022-02-20 17:55:32,634 INFO L290 TraceCheckUtils]: 76: Hoare triple {13032#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {13032#false} is VALID [2022-02-20 17:55:32,634 INFO L290 TraceCheckUtils]: 77: Hoare triple {13032#false} assume !(0 != ~size~2#1); {13032#false} is VALID [2022-02-20 17:55:32,635 INFO L272 TraceCheckUtils]: 78: Hoare triple {13032#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {13032#false} is VALID [2022-02-20 17:55:32,635 INFO L290 TraceCheckUtils]: 79: Hoare triple {13032#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {13032#false} is VALID [2022-02-20 17:55:32,635 INFO L272 TraceCheckUtils]: 80: Hoare triple {13032#false} call #t~ret12#1 := getEmailTo(~msg#1); {13031#true} is VALID [2022-02-20 17:55:32,635 INFO L290 TraceCheckUtils]: 81: Hoare triple {13031#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13031#true} is VALID [2022-02-20 17:55:32,635 INFO L290 TraceCheckUtils]: 82: Hoare triple {13031#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {13031#true} is VALID [2022-02-20 17:55:32,635 INFO L290 TraceCheckUtils]: 83: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,635 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {13031#true} {13032#false} #1043#return; {13032#false} is VALID [2022-02-20 17:55:32,636 INFO L290 TraceCheckUtils]: 85: Hoare triple {13032#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {13032#false} is VALID [2022-02-20 17:55:32,636 INFO L290 TraceCheckUtils]: 86: Hoare triple {13032#false} assume 1 == findPublicKey_~handle#1; {13032#false} is VALID [2022-02-20 17:55:32,636 INFO L290 TraceCheckUtils]: 87: Hoare triple {13032#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {13032#false} is VALID [2022-02-20 17:55:32,636 INFO L290 TraceCheckUtils]: 88: Hoare triple {13032#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {13032#false} is VALID [2022-02-20 17:55:32,636 INFO L290 TraceCheckUtils]: 89: Hoare triple {13032#false} assume !(0 != ~pubkey~0#1); {13032#false} is VALID [2022-02-20 17:55:32,636 INFO L290 TraceCheckUtils]: 90: Hoare triple {13032#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {13032#false} is VALID [2022-02-20 17:55:32,637 INFO L290 TraceCheckUtils]: 91: Hoare triple {13032#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {13032#false} is VALID [2022-02-20 17:55:32,637 INFO L290 TraceCheckUtils]: 92: Hoare triple {13032#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {13032#false} is VALID [2022-02-20 17:55:32,637 INFO L272 TraceCheckUtils]: 93: Hoare triple {13032#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {13088#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:32,637 INFO L290 TraceCheckUtils]: 94: Hoare triple {13088#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13031#true} is VALID [2022-02-20 17:55:32,637 INFO L290 TraceCheckUtils]: 95: Hoare triple {13031#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13031#true} is VALID [2022-02-20 17:55:32,637 INFO L290 TraceCheckUtils]: 96: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,638 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {13031#true} {13032#false} #1049#return; {13032#false} is VALID [2022-02-20 17:55:32,638 INFO L290 TraceCheckUtils]: 98: Hoare triple {13032#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {13032#false} is VALID [2022-02-20 17:55:32,638 INFO L290 TraceCheckUtils]: 99: Hoare triple {13032#false} assume !(-1 == ~mail_is_sensitive~0); {13032#false} is VALID [2022-02-20 17:55:32,638 INFO L272 TraceCheckUtils]: 100: Hoare triple {13032#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {13031#true} is VALID [2022-02-20 17:55:32,638 INFO L290 TraceCheckUtils]: 101: Hoare triple {13031#true} ~handle := #in~handle;havoc ~retValue_acc~39; {13031#true} is VALID [2022-02-20 17:55:32,638 INFO L290 TraceCheckUtils]: 102: Hoare triple {13031#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {13031#true} is VALID [2022-02-20 17:55:32,639 INFO L290 TraceCheckUtils]: 103: Hoare triple {13031#true} assume true; {13031#true} is VALID [2022-02-20 17:55:32,639 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {13031#true} {13032#false} #1053#return; {13032#false} is VALID [2022-02-20 17:55:32,639 INFO L290 TraceCheckUtils]: 105: Hoare triple {13032#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {13032#false} is VALID [2022-02-20 17:55:32,639 INFO L290 TraceCheckUtils]: 106: Hoare triple {13032#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {13032#false} is VALID [2022-02-20 17:55:32,639 INFO L290 TraceCheckUtils]: 107: Hoare triple {13032#false} assume !false; {13032#false} is VALID [2022-02-20 17:55:32,640 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:32,640 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:32,640 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [542980566] [2022-02-20 17:55:32,640 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [542980566] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:32,641 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:32,641 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:55:32,641 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [129121948] [2022-02-20 17:55:32,641 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:32,642 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 108 [2022-02-20 17:55:32,642 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:32,642 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:32,708 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 97 edges. 97 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:32,709 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:55:32,709 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:32,710 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:55:32,710 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:32,711 INFO L87 Difference]: Start difference. First operand 403 states and 636 transitions. Second operand has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:38,860 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:38,860 INFO L93 Difference]: Finished difference Result 864 states and 1383 transitions. [2022-02-20 17:55:38,860 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:55:38,861 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 108 [2022-02-20 17:55:38,861 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:38,861 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:38,873 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1147 transitions. [2022-02-20 17:55:38,874 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:38,887 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1147 transitions. [2022-02-20 17:55:38,888 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1147 transitions. [2022-02-20 17:55:39,958 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1147 edges. 1147 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:39,976 INFO L225 Difference]: With dead ends: 864 [2022-02-20 17:55:39,976 INFO L226 Difference]: Without dead ends: 484 [2022-02-20 17:55:39,977 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:55:39,978 INFO L933 BasicCegarLoop]: 547 mSDtfsCounter, 1205 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 1734 mSolverCounterSat, 409 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1225 SdHoareTripleChecker+Valid, 1485 SdHoareTripleChecker+Invalid, 2143 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 409 IncrementalHoareTripleChecker+Valid, 1734 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:39,978 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1225 Valid, 1485 Invalid, 2143 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [409 Valid, 1734 Invalid, 0 Unknown, 0 Unchecked, 2.6s Time] [2022-02-20 17:55:39,979 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 484 states. [2022-02-20 17:55:40,086 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 484 to 403. [2022-02-20 17:55:40,086 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:40,088 INFO L82 GeneralOperation]: Start isEquivalent. First operand 484 states. Second operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71) [2022-02-20 17:55:40,089 INFO L74 IsIncluded]: Start isIncluded. First operand 484 states. Second operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71) [2022-02-20 17:55:40,090 INFO L87 Difference]: Start difference. First operand 484 states. Second operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71) [2022-02-20 17:55:40,107 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:40,107 INFO L93 Difference]: Finished difference Result 484 states and 778 transitions. [2022-02-20 17:55:40,107 INFO L276 IsEmpty]: Start isEmpty. Operand 484 states and 778 transitions. [2022-02-20 17:55:40,111 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:40,111 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:40,112 INFO L74 IsIncluded]: Start isIncluded. First operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71) Second operand 484 states. [2022-02-20 17:55:40,113 INFO L87 Difference]: Start difference. First operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71) Second operand 484 states. [2022-02-20 17:55:40,130 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:40,130 INFO L93 Difference]: Finished difference Result 484 states and 778 transitions. [2022-02-20 17:55:40,131 INFO L276 IsEmpty]: Start isEmpty. Operand 484 states and 778 transitions. [2022-02-20 17:55:40,133 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:40,133 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:40,133 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:40,133 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:40,134 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 403 states, 313 states have (on average 1.5910543130990416) internal successors, (498), 319 states have internal predecessors, (498), 66 states have call successors, (66), 21 states have call predecessors, (66), 23 states have return successors, (71), 64 states have call predecessors, (71), 65 states have call successors, (71) [2022-02-20 17:55:40,149 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 403 states to 403 states and 635 transitions. [2022-02-20 17:55:40,150 INFO L78 Accepts]: Start accepts. Automaton has 403 states and 635 transitions. Word has length 108 [2022-02-20 17:55:40,150 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:40,150 INFO L470 AbstractCegarLoop]: Abstraction has 403 states and 635 transitions. [2022-02-20 17:55:40,151 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.75) internal successors, (70), 5 states have internal predecessors, (70), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:40,151 INFO L276 IsEmpty]: Start isEmpty. Operand 403 states and 635 transitions. [2022-02-20 17:55:40,154 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 17:55:40,155 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:40,155 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:40,155 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:55:40,155 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:40,155 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:40,156 INFO L85 PathProgramCache]: Analyzing trace with hash 435953045, now seen corresponding path program 2 times [2022-02-20 17:55:40,156 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:40,156 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2125779809] [2022-02-20 17:55:40,156 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:40,156 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:40,185 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,216 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:40,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,220 INFO L290 TraceCheckUtils]: 0: Hoare triple {15884#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,220 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,220 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,220 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15830#true} {15830#true} #1079#return; {15830#true} is VALID [2022-02-20 17:55:40,225 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:40,228 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,230 INFO L290 TraceCheckUtils]: 0: Hoare triple {15885#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,230 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,230 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15830#true} {15830#true} #1081#return; {15830#true} is VALID [2022-02-20 17:55:40,230 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:40,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,233 INFO L290 TraceCheckUtils]: 0: Hoare triple {15884#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,233 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume !(1 == ~handle); {15830#true} is VALID [2022-02-20 17:55:40,233 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,233 INFO L290 TraceCheckUtils]: 3: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,234 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15830#true} {15830#true} #1083#return; {15830#true} is VALID [2022-02-20 17:55:40,234 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:40,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,237 INFO L290 TraceCheckUtils]: 0: Hoare triple {15885#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,237 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume !(1 == ~handle); {15830#true} is VALID [2022-02-20 17:55:40,237 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,237 INFO L290 TraceCheckUtils]: 3: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,237 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15830#true} {15830#true} #1085#return; {15830#true} is VALID [2022-02-20 17:55:40,237 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:40,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,252 INFO L290 TraceCheckUtils]: 0: Hoare triple {15884#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15886#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,252 INFO L290 TraceCheckUtils]: 1: Hoare triple {15886#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15886#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,253 INFO L290 TraceCheckUtils]: 2: Hoare triple {15886#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15887#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,253 INFO L290 TraceCheckUtils]: 3: Hoare triple {15887#(= 2 |setClientId_#in~handle|)} assume true; {15887#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,254 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15887#(= 2 |setClientId_#in~handle|)} {15850#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1087#return; {15831#false} is VALID [2022-02-20 17:55:40,254 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:55:40,255 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,258 INFO L290 TraceCheckUtils]: 0: Hoare triple {15885#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,258 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,259 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,259 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15830#true} {15831#false} #1089#return; {15831#false} is VALID [2022-02-20 17:55:40,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:55:40,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,268 INFO L290 TraceCheckUtils]: 0: Hoare triple {15888#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,268 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,268 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,269 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15830#true} {15831#false} #1065#return; {15831#false} is VALID [2022-02-20 17:55:40,276 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:55:40,276 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,278 INFO L290 TraceCheckUtils]: 0: Hoare triple {15889#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,279 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,279 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15830#true} {15831#false} #1067#return; {15831#false} is VALID [2022-02-20 17:55:40,279 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:55:40,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,281 INFO L290 TraceCheckUtils]: 0: Hoare triple {15830#true} ~handle := #in~handle;havoc ~retValue_acc~3; {15830#true} is VALID [2022-02-20 17:55:40,282 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {15830#true} is VALID [2022-02-20 17:55:40,282 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,282 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15830#true} {15831#false} #1025#return; {15831#false} is VALID [2022-02-20 17:55:40,282 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:55:40,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {15830#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15830#true} is VALID [2022-02-20 17:55:40,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {15830#true} is VALID [2022-02-20 17:55:40,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,285 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15830#true} {15831#false} #1043#return; {15831#false} is VALID [2022-02-20 17:55:40,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:55:40,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,287 INFO L290 TraceCheckUtils]: 0: Hoare triple {15888#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,287 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,287 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,287 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15830#true} {15831#false} #1049#return; {15831#false} is VALID [2022-02-20 17:55:40,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:55:40,288 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,290 INFO L290 TraceCheckUtils]: 0: Hoare triple {15830#true} ~handle := #in~handle;havoc ~retValue_acc~39; {15830#true} is VALID [2022-02-20 17:55:40,290 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {15830#true} is VALID [2022-02-20 17:55:40,291 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,291 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15830#true} {15831#false} #1053#return; {15831#false} is VALID [2022-02-20 17:55:40,291 INFO L290 TraceCheckUtils]: 0: Hoare triple {15830#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {15830#true} is VALID [2022-02-20 17:55:40,291 INFO L290 TraceCheckUtils]: 1: Hoare triple {15830#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {15830#true} is VALID [2022-02-20 17:55:40,291 INFO L290 TraceCheckUtils]: 2: Hoare triple {15830#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15830#true} is VALID [2022-02-20 17:55:40,291 INFO L290 TraceCheckUtils]: 3: Hoare triple {15830#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {15830#true} is VALID [2022-02-20 17:55:40,292 INFO L290 TraceCheckUtils]: 4: Hoare triple {15830#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {15830#true} is VALID [2022-02-20 17:55:40,292 INFO L290 TraceCheckUtils]: 5: Hoare triple {15830#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15830#true} is VALID [2022-02-20 17:55:40,292 INFO L272 TraceCheckUtils]: 6: Hoare triple {15830#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15884#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:40,293 INFO L290 TraceCheckUtils]: 7: Hoare triple {15884#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,293 INFO L290 TraceCheckUtils]: 8: Hoare triple {15830#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,293 INFO L290 TraceCheckUtils]: 9: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,293 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15830#true} {15830#true} #1079#return; {15830#true} is VALID [2022-02-20 17:55:40,293 INFO L290 TraceCheckUtils]: 11: Hoare triple {15830#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15830#true} is VALID [2022-02-20 17:55:40,294 INFO L272 TraceCheckUtils]: 12: Hoare triple {15830#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15885#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:40,294 INFO L290 TraceCheckUtils]: 13: Hoare triple {15885#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,294 INFO L290 TraceCheckUtils]: 14: Hoare triple {15830#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,294 INFO L290 TraceCheckUtils]: 15: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,294 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15830#true} {15830#true} #1081#return; {15830#true} is VALID [2022-02-20 17:55:40,294 INFO L290 TraceCheckUtils]: 17: Hoare triple {15830#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15830#true} is VALID [2022-02-20 17:55:40,295 INFO L272 TraceCheckUtils]: 18: Hoare triple {15830#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15884#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:40,295 INFO L290 TraceCheckUtils]: 19: Hoare triple {15884#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,295 INFO L290 TraceCheckUtils]: 20: Hoare triple {15830#true} assume !(1 == ~handle); {15830#true} is VALID [2022-02-20 17:55:40,295 INFO L290 TraceCheckUtils]: 21: Hoare triple {15830#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,296 INFO L290 TraceCheckUtils]: 22: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,296 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15830#true} {15830#true} #1083#return; {15830#true} is VALID [2022-02-20 17:55:40,296 INFO L290 TraceCheckUtils]: 24: Hoare triple {15830#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15830#true} is VALID [2022-02-20 17:55:40,296 INFO L272 TraceCheckUtils]: 25: Hoare triple {15830#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15885#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:40,297 INFO L290 TraceCheckUtils]: 26: Hoare triple {15885#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,297 INFO L290 TraceCheckUtils]: 27: Hoare triple {15830#true} assume !(1 == ~handle); {15830#true} is VALID [2022-02-20 17:55:40,297 INFO L290 TraceCheckUtils]: 28: Hoare triple {15830#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,297 INFO L290 TraceCheckUtils]: 29: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,297 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15830#true} {15830#true} #1085#return; {15830#true} is VALID [2022-02-20 17:55:40,298 INFO L290 TraceCheckUtils]: 31: Hoare triple {15830#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15850#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:55:40,298 INFO L272 TraceCheckUtils]: 32: Hoare triple {15850#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15884#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:40,299 INFO L290 TraceCheckUtils]: 33: Hoare triple {15884#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15886#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,299 INFO L290 TraceCheckUtils]: 34: Hoare triple {15886#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {15886#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,299 INFO L290 TraceCheckUtils]: 35: Hoare triple {15886#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15887#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,300 INFO L290 TraceCheckUtils]: 36: Hoare triple {15887#(= 2 |setClientId_#in~handle|)} assume true; {15887#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:40,300 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {15887#(= 2 |setClientId_#in~handle|)} {15850#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1087#return; {15831#false} is VALID [2022-02-20 17:55:40,300 INFO L290 TraceCheckUtils]: 38: Hoare triple {15831#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15831#false} is VALID [2022-02-20 17:55:40,300 INFO L272 TraceCheckUtils]: 39: Hoare triple {15831#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15885#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:40,301 INFO L290 TraceCheckUtils]: 40: Hoare triple {15885#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,301 INFO L290 TraceCheckUtils]: 41: Hoare triple {15830#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,301 INFO L290 TraceCheckUtils]: 42: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,301 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {15830#true} {15831#false} #1089#return; {15831#false} is VALID [2022-02-20 17:55:40,301 INFO L290 TraceCheckUtils]: 44: Hoare triple {15831#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {15831#false} is VALID [2022-02-20 17:55:40,301 INFO L290 TraceCheckUtils]: 45: Hoare triple {15831#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15831#false} is VALID [2022-02-20 17:55:40,301 INFO L290 TraceCheckUtils]: 46: Hoare triple {15831#false} assume !false; {15831#false} is VALID [2022-02-20 17:55:40,301 INFO L290 TraceCheckUtils]: 47: Hoare triple {15831#false} assume test_~splverifierCounter~0#1 < 4; {15831#false} is VALID [2022-02-20 17:55:40,302 INFO L290 TraceCheckUtils]: 48: Hoare triple {15831#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15831#false} is VALID [2022-02-20 17:55:40,302 INFO L290 TraceCheckUtils]: 49: Hoare triple {15831#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {15831#false} is VALID [2022-02-20 17:55:40,302 INFO L290 TraceCheckUtils]: 50: Hoare triple {15831#false} assume !(0 != test_~tmp___9~0#1); {15831#false} is VALID [2022-02-20 17:55:40,302 INFO L290 TraceCheckUtils]: 51: Hoare triple {15831#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {15831#false} is VALID [2022-02-20 17:55:40,302 INFO L290 TraceCheckUtils]: 52: Hoare triple {15831#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {15831#false} is VALID [2022-02-20 17:55:40,302 INFO L290 TraceCheckUtils]: 53: Hoare triple {15831#false} assume !false; {15831#false} is VALID [2022-02-20 17:55:40,302 INFO L290 TraceCheckUtils]: 54: Hoare triple {15831#false} assume !(test_~splverifierCounter~0#1 < 4); {15831#false} is VALID [2022-02-20 17:55:40,302 INFO L290 TraceCheckUtils]: 55: Hoare triple {15831#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {15831#false} is VALID [2022-02-20 17:55:40,303 INFO L272 TraceCheckUtils]: 56: Hoare triple {15831#false} call sendEmail(~bob~0, ~rjh~0); {15831#false} is VALID [2022-02-20 17:55:40,303 INFO L290 TraceCheckUtils]: 57: Hoare triple {15831#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15831#false} is VALID [2022-02-20 17:55:40,303 INFO L272 TraceCheckUtils]: 58: Hoare triple {15831#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15888#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:40,303 INFO L290 TraceCheckUtils]: 59: Hoare triple {15888#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,303 INFO L290 TraceCheckUtils]: 60: Hoare triple {15830#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,303 INFO L290 TraceCheckUtils]: 61: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,303 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {15830#true} {15831#false} #1065#return; {15831#false} is VALID [2022-02-20 17:55:40,304 INFO L272 TraceCheckUtils]: 63: Hoare triple {15831#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {15889#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:40,304 INFO L290 TraceCheckUtils]: 64: Hoare triple {15889#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,304 INFO L290 TraceCheckUtils]: 65: Hoare triple {15830#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,304 INFO L290 TraceCheckUtils]: 66: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,304 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {15830#true} {15831#false} #1067#return; {15831#false} is VALID [2022-02-20 17:55:40,304 INFO L290 TraceCheckUtils]: 68: Hoare triple {15831#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {15831#false} is VALID [2022-02-20 17:55:40,304 INFO L290 TraceCheckUtils]: 69: Hoare triple {15831#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {15831#false} is VALID [2022-02-20 17:55:40,304 INFO L272 TraceCheckUtils]: 70: Hoare triple {15831#false} call outgoing(~sender#1, ~email~0#1); {15831#false} is VALID [2022-02-20 17:55:40,305 INFO L290 TraceCheckUtils]: 71: Hoare triple {15831#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {15831#false} is VALID [2022-02-20 17:55:40,305 INFO L272 TraceCheckUtils]: 72: Hoare triple {15831#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {15830#true} is VALID [2022-02-20 17:55:40,305 INFO L290 TraceCheckUtils]: 73: Hoare triple {15830#true} ~handle := #in~handle;havoc ~retValue_acc~3; {15830#true} is VALID [2022-02-20 17:55:40,305 INFO L290 TraceCheckUtils]: 74: Hoare triple {15830#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {15830#true} is VALID [2022-02-20 17:55:40,305 INFO L290 TraceCheckUtils]: 75: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,305 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {15830#true} {15831#false} #1025#return; {15831#false} is VALID [2022-02-20 17:55:40,305 INFO L290 TraceCheckUtils]: 77: Hoare triple {15831#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {15831#false} is VALID [2022-02-20 17:55:40,305 INFO L290 TraceCheckUtils]: 78: Hoare triple {15831#false} assume !(0 != ~size~2#1); {15831#false} is VALID [2022-02-20 17:55:40,306 INFO L272 TraceCheckUtils]: 79: Hoare triple {15831#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {15831#false} is VALID [2022-02-20 17:55:40,306 INFO L290 TraceCheckUtils]: 80: Hoare triple {15831#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {15831#false} is VALID [2022-02-20 17:55:40,306 INFO L272 TraceCheckUtils]: 81: Hoare triple {15831#false} call #t~ret12#1 := getEmailTo(~msg#1); {15830#true} is VALID [2022-02-20 17:55:40,306 INFO L290 TraceCheckUtils]: 82: Hoare triple {15830#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15830#true} is VALID [2022-02-20 17:55:40,306 INFO L290 TraceCheckUtils]: 83: Hoare triple {15830#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {15830#true} is VALID [2022-02-20 17:55:40,306 INFO L290 TraceCheckUtils]: 84: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,306 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {15830#true} {15831#false} #1043#return; {15831#false} is VALID [2022-02-20 17:55:40,306 INFO L290 TraceCheckUtils]: 86: Hoare triple {15831#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {15831#false} is VALID [2022-02-20 17:55:40,307 INFO L290 TraceCheckUtils]: 87: Hoare triple {15831#false} assume 1 == findPublicKey_~handle#1; {15831#false} is VALID [2022-02-20 17:55:40,307 INFO L290 TraceCheckUtils]: 88: Hoare triple {15831#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {15831#false} is VALID [2022-02-20 17:55:40,307 INFO L290 TraceCheckUtils]: 89: Hoare triple {15831#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {15831#false} is VALID [2022-02-20 17:55:40,307 INFO L290 TraceCheckUtils]: 90: Hoare triple {15831#false} assume !(0 != ~pubkey~0#1); {15831#false} is VALID [2022-02-20 17:55:40,307 INFO L290 TraceCheckUtils]: 91: Hoare triple {15831#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {15831#false} is VALID [2022-02-20 17:55:40,307 INFO L290 TraceCheckUtils]: 92: Hoare triple {15831#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {15831#false} is VALID [2022-02-20 17:55:40,307 INFO L290 TraceCheckUtils]: 93: Hoare triple {15831#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {15831#false} is VALID [2022-02-20 17:55:40,308 INFO L272 TraceCheckUtils]: 94: Hoare triple {15831#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {15888#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:40,308 INFO L290 TraceCheckUtils]: 95: Hoare triple {15888#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15830#true} is VALID [2022-02-20 17:55:40,308 INFO L290 TraceCheckUtils]: 96: Hoare triple {15830#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15830#true} is VALID [2022-02-20 17:55:40,308 INFO L290 TraceCheckUtils]: 97: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,308 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {15830#true} {15831#false} #1049#return; {15831#false} is VALID [2022-02-20 17:55:40,308 INFO L290 TraceCheckUtils]: 99: Hoare triple {15831#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {15831#false} is VALID [2022-02-20 17:55:40,308 INFO L290 TraceCheckUtils]: 100: Hoare triple {15831#false} assume !(-1 == ~mail_is_sensitive~0); {15831#false} is VALID [2022-02-20 17:55:40,308 INFO L272 TraceCheckUtils]: 101: Hoare triple {15831#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {15830#true} is VALID [2022-02-20 17:55:40,309 INFO L290 TraceCheckUtils]: 102: Hoare triple {15830#true} ~handle := #in~handle;havoc ~retValue_acc~39; {15830#true} is VALID [2022-02-20 17:55:40,309 INFO L290 TraceCheckUtils]: 103: Hoare triple {15830#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {15830#true} is VALID [2022-02-20 17:55:40,309 INFO L290 TraceCheckUtils]: 104: Hoare triple {15830#true} assume true; {15830#true} is VALID [2022-02-20 17:55:40,309 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {15830#true} {15831#false} #1053#return; {15831#false} is VALID [2022-02-20 17:55:40,309 INFO L290 TraceCheckUtils]: 106: Hoare triple {15831#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {15831#false} is VALID [2022-02-20 17:55:40,309 INFO L290 TraceCheckUtils]: 107: Hoare triple {15831#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {15831#false} is VALID [2022-02-20 17:55:40,309 INFO L290 TraceCheckUtils]: 108: Hoare triple {15831#false} assume !false; {15831#false} is VALID [2022-02-20 17:55:40,310 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:40,310 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:40,310 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2125779809] [2022-02-20 17:55:40,310 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2125779809] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:40,310 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:40,310 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:55:40,311 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1483479357] [2022-02-20 17:55:40,311 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:40,312 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 17:55:40,312 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:40,312 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:40,378 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 98 edges. 98 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:40,378 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:55:40,378 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:40,379 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:55:40,379 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:40,379 INFO L87 Difference]: Start difference. First operand 403 states and 635 transitions. Second operand has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:46,289 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:46,289 INFO L93 Difference]: Finished difference Result 866 states and 1386 transitions. [2022-02-20 17:55:46,289 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:55:46,290 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 17:55:46,290 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:46,290 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:46,323 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1148 transitions. [2022-02-20 17:55:46,323 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:46,337 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1148 transitions. [2022-02-20 17:55:46,337 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1148 transitions. [2022-02-20 17:55:47,299 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1148 edges. 1148 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:47,318 INFO L225 Difference]: With dead ends: 866 [2022-02-20 17:55:47,318 INFO L226 Difference]: Without dead ends: 486 [2022-02-20 17:55:47,319 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:55:47,320 INFO L933 BasicCegarLoop]: 550 mSDtfsCounter, 1198 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 1754 mSolverCounterSat, 405 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1218 SdHoareTripleChecker+Valid, 1488 SdHoareTripleChecker+Invalid, 2159 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 405 IncrementalHoareTripleChecker+Valid, 1754 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:47,320 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1218 Valid, 1488 Invalid, 2159 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [405 Valid, 1754 Invalid, 0 Unknown, 0 Unchecked, 2.6s Time] [2022-02-20 17:55:47,321 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 486 states. [2022-02-20 17:55:47,412 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 486 to 405. [2022-02-20 17:55:47,412 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:47,413 INFO L82 GeneralOperation]: Start isEquivalent. First operand 486 states. Second operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) [2022-02-20 17:55:47,414 INFO L74 IsIncluded]: Start isIncluded. First operand 486 states. Second operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) [2022-02-20 17:55:47,415 INFO L87 Difference]: Start difference. First operand 486 states. Second operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) [2022-02-20 17:55:47,432 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:47,432 INFO L93 Difference]: Finished difference Result 486 states and 781 transitions. [2022-02-20 17:55:47,432 INFO L276 IsEmpty]: Start isEmpty. Operand 486 states and 781 transitions. [2022-02-20 17:55:47,435 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:47,435 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:47,436 INFO L74 IsIncluded]: Start isIncluded. First operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) Second operand 486 states. [2022-02-20 17:55:47,437 INFO L87 Difference]: Start difference. First operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) Second operand 486 states. [2022-02-20 17:55:47,454 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:47,454 INFO L93 Difference]: Finished difference Result 486 states and 781 transitions. [2022-02-20 17:55:47,455 INFO L276 IsEmpty]: Start isEmpty. Operand 486 states and 781 transitions. [2022-02-20 17:55:47,457 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:47,457 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:47,458 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:47,458 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:47,459 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (73), 64 states have call predecessors, (73), 65 states have call successors, (73) [2022-02-20 17:55:47,473 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 405 states to 405 states and 638 transitions. [2022-02-20 17:55:47,473 INFO L78 Accepts]: Start accepts. Automaton has 405 states and 638 transitions. Word has length 109 [2022-02-20 17:55:47,473 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:47,473 INFO L470 AbstractCegarLoop]: Abstraction has 405 states and 638 transitions. [2022-02-20 17:55:47,474 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 8.875) internal successors, (71), 5 states have internal predecessors, (71), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:47,474 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 638 transitions. [2022-02-20 17:55:47,476 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2022-02-20 17:55:47,476 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:47,476 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:47,476 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:55:47,477 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:47,477 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:47,477 INFO L85 PathProgramCache]: Analyzing trace with hash -110676752, now seen corresponding path program 1 times [2022-02-20 17:55:47,477 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:47,477 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1359137045] [2022-02-20 17:55:47,478 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:47,478 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:47,504 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,533 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:47,535 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,537 INFO L290 TraceCheckUtils]: 0: Hoare triple {18694#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,537 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,538 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,538 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18638#true} {18638#true} #1079#return; {18638#true} is VALID [2022-02-20 17:55:47,543 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:47,545 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {18695#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,547 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,547 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,547 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18638#true} {18638#true} #1081#return; {18638#true} is VALID [2022-02-20 17:55:47,547 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:47,548 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,550 INFO L290 TraceCheckUtils]: 0: Hoare triple {18694#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,550 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume !(1 == ~handle); {18638#true} is VALID [2022-02-20 17:55:47,550 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,550 INFO L290 TraceCheckUtils]: 3: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,550 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18638#true} {18638#true} #1083#return; {18638#true} is VALID [2022-02-20 17:55:47,551 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:47,552 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,556 INFO L290 TraceCheckUtils]: 0: Hoare triple {18695#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,557 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume !(1 == ~handle); {18638#true} is VALID [2022-02-20 17:55:47,557 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,557 INFO L290 TraceCheckUtils]: 3: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,557 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18638#true} {18638#true} #1085#return; {18638#true} is VALID [2022-02-20 17:55:47,557 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:47,560 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {18694#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18696#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {18696#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18696#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {18696#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {18696#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,575 INFO L290 TraceCheckUtils]: 3: Hoare triple {18696#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18697#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,575 INFO L290 TraceCheckUtils]: 4: Hoare triple {18697#(= 3 |setClientId_#in~handle|)} assume true; {18697#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,576 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {18697#(= 3 |setClientId_#in~handle|)} {18658#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1087#return; {18665#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:55:47,576 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:55:47,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,598 INFO L290 TraceCheckUtils]: 0: Hoare triple {18695#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18698#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:47,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {18698#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18699#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:47,598 INFO L290 TraceCheckUtils]: 2: Hoare triple {18699#(= |setClientPrivateKey_#in~handle| 1)} assume true; {18699#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:47,599 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18699#(= |setClientPrivateKey_#in~handle| 1)} {18665#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1089#return; {18639#false} is VALID [2022-02-20 17:55:47,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:55:47,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,610 INFO L290 TraceCheckUtils]: 0: Hoare triple {18700#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,610 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,610 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,610 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18638#true} {18639#false} #1065#return; {18639#false} is VALID [2022-02-20 17:55:47,619 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:55:47,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,622 INFO L290 TraceCheckUtils]: 0: Hoare triple {18701#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,623 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,623 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,623 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18638#true} {18639#false} #1067#return; {18639#false} is VALID [2022-02-20 17:55:47,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:55:47,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {18638#true} ~handle := #in~handle;havoc ~retValue_acc~3; {18638#true} is VALID [2022-02-20 17:55:47,625 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {18638#true} is VALID [2022-02-20 17:55:47,625 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,625 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18638#true} {18639#false} #1025#return; {18639#false} is VALID [2022-02-20 17:55:47,626 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:55:47,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,628 INFO L290 TraceCheckUtils]: 0: Hoare triple {18638#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18638#true} is VALID [2022-02-20 17:55:47,628 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {18638#true} is VALID [2022-02-20 17:55:47,628 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,628 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18638#true} {18639#false} #1043#return; {18639#false} is VALID [2022-02-20 17:55:47,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:55:47,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {18700#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,631 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18638#true} {18639#false} #1049#return; {18639#false} is VALID [2022-02-20 17:55:47,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:55:47,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:47,633 INFO L290 TraceCheckUtils]: 0: Hoare triple {18638#true} ~handle := #in~handle;havoc ~retValue_acc~39; {18638#true} is VALID [2022-02-20 17:55:47,633 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {18638#true} is VALID [2022-02-20 17:55:47,633 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,634 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18638#true} {18639#false} #1053#return; {18639#false} is VALID [2022-02-20 17:55:47,634 INFO L290 TraceCheckUtils]: 0: Hoare triple {18638#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {18638#true} is VALID [2022-02-20 17:55:47,634 INFO L290 TraceCheckUtils]: 1: Hoare triple {18638#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {18638#true} is VALID [2022-02-20 17:55:47,634 INFO L290 TraceCheckUtils]: 2: Hoare triple {18638#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18638#true} is VALID [2022-02-20 17:55:47,634 INFO L290 TraceCheckUtils]: 3: Hoare triple {18638#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {18638#true} is VALID [2022-02-20 17:55:47,634 INFO L290 TraceCheckUtils]: 4: Hoare triple {18638#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {18638#true} is VALID [2022-02-20 17:55:47,635 INFO L290 TraceCheckUtils]: 5: Hoare triple {18638#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18638#true} is VALID [2022-02-20 17:55:47,635 INFO L272 TraceCheckUtils]: 6: Hoare triple {18638#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18694#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,635 INFO L290 TraceCheckUtils]: 7: Hoare triple {18694#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,635 INFO L290 TraceCheckUtils]: 8: Hoare triple {18638#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,636 INFO L290 TraceCheckUtils]: 9: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,636 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18638#true} {18638#true} #1079#return; {18638#true} is VALID [2022-02-20 17:55:47,636 INFO L290 TraceCheckUtils]: 11: Hoare triple {18638#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18638#true} is VALID [2022-02-20 17:55:47,637 INFO L272 TraceCheckUtils]: 12: Hoare triple {18638#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18695#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:47,637 INFO L290 TraceCheckUtils]: 13: Hoare triple {18695#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,637 INFO L290 TraceCheckUtils]: 14: Hoare triple {18638#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,637 INFO L290 TraceCheckUtils]: 15: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,637 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18638#true} {18638#true} #1081#return; {18638#true} is VALID [2022-02-20 17:55:47,637 INFO L290 TraceCheckUtils]: 17: Hoare triple {18638#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18638#true} is VALID [2022-02-20 17:55:47,638 INFO L272 TraceCheckUtils]: 18: Hoare triple {18638#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18694#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,638 INFO L290 TraceCheckUtils]: 19: Hoare triple {18694#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,638 INFO L290 TraceCheckUtils]: 20: Hoare triple {18638#true} assume !(1 == ~handle); {18638#true} is VALID [2022-02-20 17:55:47,638 INFO L290 TraceCheckUtils]: 21: Hoare triple {18638#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,638 INFO L290 TraceCheckUtils]: 22: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,639 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18638#true} {18638#true} #1083#return; {18638#true} is VALID [2022-02-20 17:55:47,639 INFO L290 TraceCheckUtils]: 24: Hoare triple {18638#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18638#true} is VALID [2022-02-20 17:55:47,639 INFO L272 TraceCheckUtils]: 25: Hoare triple {18638#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18695#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:47,639 INFO L290 TraceCheckUtils]: 26: Hoare triple {18695#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,640 INFO L290 TraceCheckUtils]: 27: Hoare triple {18638#true} assume !(1 == ~handle); {18638#true} is VALID [2022-02-20 17:55:47,640 INFO L290 TraceCheckUtils]: 28: Hoare triple {18638#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,640 INFO L290 TraceCheckUtils]: 29: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,640 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18638#true} {18638#true} #1085#return; {18638#true} is VALID [2022-02-20 17:55:47,640 INFO L290 TraceCheckUtils]: 31: Hoare triple {18638#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18658#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:55:47,641 INFO L272 TraceCheckUtils]: 32: Hoare triple {18658#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18694#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:47,641 INFO L290 TraceCheckUtils]: 33: Hoare triple {18694#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18696#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,642 INFO L290 TraceCheckUtils]: 34: Hoare triple {18696#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18696#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,642 INFO L290 TraceCheckUtils]: 35: Hoare triple {18696#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {18696#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,642 INFO L290 TraceCheckUtils]: 36: Hoare triple {18696#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {18697#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,643 INFO L290 TraceCheckUtils]: 37: Hoare triple {18697#(= 3 |setClientId_#in~handle|)} assume true; {18697#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:47,643 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {18697#(= 3 |setClientId_#in~handle|)} {18658#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1087#return; {18665#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:55:47,644 INFO L290 TraceCheckUtils]: 39: Hoare triple {18665#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {18665#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:55:47,644 INFO L272 TraceCheckUtils]: 40: Hoare triple {18665#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18695#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:47,645 INFO L290 TraceCheckUtils]: 41: Hoare triple {18695#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18698#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:47,645 INFO L290 TraceCheckUtils]: 42: Hoare triple {18698#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18699#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:47,645 INFO L290 TraceCheckUtils]: 43: Hoare triple {18699#(= |setClientPrivateKey_#in~handle| 1)} assume true; {18699#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:47,646 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {18699#(= |setClientPrivateKey_#in~handle| 1)} {18665#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1089#return; {18639#false} is VALID [2022-02-20 17:55:47,646 INFO L290 TraceCheckUtils]: 45: Hoare triple {18639#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {18639#false} is VALID [2022-02-20 17:55:47,646 INFO L290 TraceCheckUtils]: 46: Hoare triple {18639#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18639#false} is VALID [2022-02-20 17:55:47,646 INFO L290 TraceCheckUtils]: 47: Hoare triple {18639#false} assume !false; {18639#false} is VALID [2022-02-20 17:55:47,646 INFO L290 TraceCheckUtils]: 48: Hoare triple {18639#false} assume test_~splverifierCounter~0#1 < 4; {18639#false} is VALID [2022-02-20 17:55:47,647 INFO L290 TraceCheckUtils]: 49: Hoare triple {18639#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18639#false} is VALID [2022-02-20 17:55:47,647 INFO L290 TraceCheckUtils]: 50: Hoare triple {18639#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {18639#false} is VALID [2022-02-20 17:55:47,647 INFO L290 TraceCheckUtils]: 51: Hoare triple {18639#false} assume !(0 != test_~tmp___9~0#1); {18639#false} is VALID [2022-02-20 17:55:47,647 INFO L290 TraceCheckUtils]: 52: Hoare triple {18639#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {18639#false} is VALID [2022-02-20 17:55:47,647 INFO L290 TraceCheckUtils]: 53: Hoare triple {18639#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18639#false} is VALID [2022-02-20 17:55:47,647 INFO L290 TraceCheckUtils]: 54: Hoare triple {18639#false} assume !false; {18639#false} is VALID [2022-02-20 17:55:47,647 INFO L290 TraceCheckUtils]: 55: Hoare triple {18639#false} assume !(test_~splverifierCounter~0#1 < 4); {18639#false} is VALID [2022-02-20 17:55:47,648 INFO L290 TraceCheckUtils]: 56: Hoare triple {18639#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {18639#false} is VALID [2022-02-20 17:55:47,648 INFO L272 TraceCheckUtils]: 57: Hoare triple {18639#false} call sendEmail(~bob~0, ~rjh~0); {18639#false} is VALID [2022-02-20 17:55:47,648 INFO L290 TraceCheckUtils]: 58: Hoare triple {18639#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18639#false} is VALID [2022-02-20 17:55:47,648 INFO L272 TraceCheckUtils]: 59: Hoare triple {18639#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18700#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:47,648 INFO L290 TraceCheckUtils]: 60: Hoare triple {18700#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,648 INFO L290 TraceCheckUtils]: 61: Hoare triple {18638#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,648 INFO L290 TraceCheckUtils]: 62: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,649 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {18638#true} {18639#false} #1065#return; {18639#false} is VALID [2022-02-20 17:55:47,649 INFO L272 TraceCheckUtils]: 64: Hoare triple {18639#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18701#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:47,649 INFO L290 TraceCheckUtils]: 65: Hoare triple {18701#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,649 INFO L290 TraceCheckUtils]: 66: Hoare triple {18638#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,649 INFO L290 TraceCheckUtils]: 67: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,649 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {18638#true} {18639#false} #1067#return; {18639#false} is VALID [2022-02-20 17:55:47,649 INFO L290 TraceCheckUtils]: 69: Hoare triple {18639#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {18639#false} is VALID [2022-02-20 17:55:47,650 INFO L290 TraceCheckUtils]: 70: Hoare triple {18639#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {18639#false} is VALID [2022-02-20 17:55:47,650 INFO L272 TraceCheckUtils]: 71: Hoare triple {18639#false} call outgoing(~sender#1, ~email~0#1); {18639#false} is VALID [2022-02-20 17:55:47,650 INFO L290 TraceCheckUtils]: 72: Hoare triple {18639#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {18639#false} is VALID [2022-02-20 17:55:47,650 INFO L272 TraceCheckUtils]: 73: Hoare triple {18639#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {18638#true} is VALID [2022-02-20 17:55:47,650 INFO L290 TraceCheckUtils]: 74: Hoare triple {18638#true} ~handle := #in~handle;havoc ~retValue_acc~3; {18638#true} is VALID [2022-02-20 17:55:47,650 INFO L290 TraceCheckUtils]: 75: Hoare triple {18638#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {18638#true} is VALID [2022-02-20 17:55:47,650 INFO L290 TraceCheckUtils]: 76: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,651 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {18638#true} {18639#false} #1025#return; {18639#false} is VALID [2022-02-20 17:55:47,651 INFO L290 TraceCheckUtils]: 78: Hoare triple {18639#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {18639#false} is VALID [2022-02-20 17:55:47,651 INFO L290 TraceCheckUtils]: 79: Hoare triple {18639#false} assume !(0 != ~size~2#1); {18639#false} is VALID [2022-02-20 17:55:47,651 INFO L272 TraceCheckUtils]: 80: Hoare triple {18639#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {18639#false} is VALID [2022-02-20 17:55:47,651 INFO L290 TraceCheckUtils]: 81: Hoare triple {18639#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {18639#false} is VALID [2022-02-20 17:55:47,651 INFO L272 TraceCheckUtils]: 82: Hoare triple {18639#false} call #t~ret12#1 := getEmailTo(~msg#1); {18638#true} is VALID [2022-02-20 17:55:47,651 INFO L290 TraceCheckUtils]: 83: Hoare triple {18638#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18638#true} is VALID [2022-02-20 17:55:47,652 INFO L290 TraceCheckUtils]: 84: Hoare triple {18638#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {18638#true} is VALID [2022-02-20 17:55:47,652 INFO L290 TraceCheckUtils]: 85: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,652 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {18638#true} {18639#false} #1043#return; {18639#false} is VALID [2022-02-20 17:55:47,652 INFO L290 TraceCheckUtils]: 87: Hoare triple {18639#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {18639#false} is VALID [2022-02-20 17:55:47,652 INFO L290 TraceCheckUtils]: 88: Hoare triple {18639#false} assume 1 == findPublicKey_~handle#1; {18639#false} is VALID [2022-02-20 17:55:47,652 INFO L290 TraceCheckUtils]: 89: Hoare triple {18639#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {18639#false} is VALID [2022-02-20 17:55:47,652 INFO L290 TraceCheckUtils]: 90: Hoare triple {18639#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {18639#false} is VALID [2022-02-20 17:55:47,653 INFO L290 TraceCheckUtils]: 91: Hoare triple {18639#false} assume !(0 != ~pubkey~0#1); {18639#false} is VALID [2022-02-20 17:55:47,653 INFO L290 TraceCheckUtils]: 92: Hoare triple {18639#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {18639#false} is VALID [2022-02-20 17:55:47,653 INFO L290 TraceCheckUtils]: 93: Hoare triple {18639#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {18639#false} is VALID [2022-02-20 17:55:47,653 INFO L290 TraceCheckUtils]: 94: Hoare triple {18639#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {18639#false} is VALID [2022-02-20 17:55:47,653 INFO L272 TraceCheckUtils]: 95: Hoare triple {18639#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {18700#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:47,653 INFO L290 TraceCheckUtils]: 96: Hoare triple {18700#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18638#true} is VALID [2022-02-20 17:55:47,653 INFO L290 TraceCheckUtils]: 97: Hoare triple {18638#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18638#true} is VALID [2022-02-20 17:55:47,654 INFO L290 TraceCheckUtils]: 98: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,654 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {18638#true} {18639#false} #1049#return; {18639#false} is VALID [2022-02-20 17:55:47,654 INFO L290 TraceCheckUtils]: 100: Hoare triple {18639#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {18639#false} is VALID [2022-02-20 17:55:47,654 INFO L290 TraceCheckUtils]: 101: Hoare triple {18639#false} assume !(-1 == ~mail_is_sensitive~0); {18639#false} is VALID [2022-02-20 17:55:47,654 INFO L272 TraceCheckUtils]: 102: Hoare triple {18639#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {18638#true} is VALID [2022-02-20 17:55:47,654 INFO L290 TraceCheckUtils]: 103: Hoare triple {18638#true} ~handle := #in~handle;havoc ~retValue_acc~39; {18638#true} is VALID [2022-02-20 17:55:47,654 INFO L290 TraceCheckUtils]: 104: Hoare triple {18638#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {18638#true} is VALID [2022-02-20 17:55:47,655 INFO L290 TraceCheckUtils]: 105: Hoare triple {18638#true} assume true; {18638#true} is VALID [2022-02-20 17:55:47,655 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {18638#true} {18639#false} #1053#return; {18639#false} is VALID [2022-02-20 17:55:47,655 INFO L290 TraceCheckUtils]: 107: Hoare triple {18639#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {18639#false} is VALID [2022-02-20 17:55:47,655 INFO L290 TraceCheckUtils]: 108: Hoare triple {18639#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {18639#false} is VALID [2022-02-20 17:55:47,655 INFO L290 TraceCheckUtils]: 109: Hoare triple {18639#false} assume !false; {18639#false} is VALID [2022-02-20 17:55:47,656 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:55:47,656 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:47,656 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1359137045] [2022-02-20 17:55:47,656 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1359137045] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:47,656 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:47,656 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:55:47,656 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1094394828] [2022-02-20 17:55:47,657 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:47,657 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 110 [2022-02-20 17:55:47,657 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:47,658 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:55:47,728 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:47,728 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:55:47,728 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:47,729 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:55:47,730 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:55:47,732 INFO L87 Difference]: Start difference. First operand 405 states and 638 transitions. Second operand has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:55:55,995 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:55,995 INFO L93 Difference]: Finished difference Result 864 states and 1381 transitions. [2022-02-20 17:55:55,995 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:55:55,995 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 110 [2022-02-20 17:55:55,995 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:55,995 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:55:56,005 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1149 transitions. [2022-02-20 17:55:56,006 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:55:56,016 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1149 transitions. [2022-02-20 17:55:56,016 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1149 transitions. [2022-02-20 17:55:56,974 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1149 edges. 1149 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:56,989 INFO L225 Difference]: With dead ends: 864 [2022-02-20 17:55:56,989 INFO L226 Difference]: Without dead ends: 486 [2022-02-20 17:55:56,990 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:55:56,991 INFO L933 BasicCegarLoop]: 534 mSDtfsCounter, 1331 mSDsluCounter, 1302 mSDsCounter, 0 mSdLazyCounter, 3135 mSolverCounterSat, 471 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1331 SdHoareTripleChecker+Valid, 1836 SdHoareTripleChecker+Invalid, 3606 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 471 IncrementalHoareTripleChecker+Valid, 3135 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:56,991 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1331 Valid, 1836 Invalid, 3606 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [471 Valid, 3135 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-02-20 17:55:56,991 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 486 states. [2022-02-20 17:55:57,112 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 486 to 405. [2022-02-20 17:55:57,112 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:57,114 INFO L82 GeneralOperation]: Start isEquivalent. First operand 486 states. Second operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) [2022-02-20 17:55:57,116 INFO L74 IsIncluded]: Start isIncluded. First operand 486 states. Second operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) [2022-02-20 17:55:57,117 INFO L87 Difference]: Start difference. First operand 486 states. Second operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) [2022-02-20 17:55:57,132 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:57,133 INFO L93 Difference]: Finished difference Result 486 states and 780 transitions. [2022-02-20 17:55:57,133 INFO L276 IsEmpty]: Start isEmpty. Operand 486 states and 780 transitions. [2022-02-20 17:55:57,135 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:57,136 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:57,137 INFO L74 IsIncluded]: Start isIncluded. First operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) Second operand 486 states. [2022-02-20 17:55:57,138 INFO L87 Difference]: Start difference. First operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) Second operand 486 states. [2022-02-20 17:55:57,155 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:57,155 INFO L93 Difference]: Finished difference Result 486 states and 780 transitions. [2022-02-20 17:55:57,155 INFO L276 IsEmpty]: Start isEmpty. Operand 486 states and 780 transitions. [2022-02-20 17:55:57,158 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:57,158 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:57,158 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:57,158 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:57,159 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 405 states, 314 states have (on average 1.589171974522293) internal successors, (499), 321 states have internal predecessors, (499), 66 states have call successors, (66), 21 states have call predecessors, (66), 24 states have return successors, (72), 64 states have call predecessors, (72), 65 states have call successors, (72) [2022-02-20 17:55:57,172 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 405 states to 405 states and 637 transitions. [2022-02-20 17:55:57,173 INFO L78 Accepts]: Start accepts. Automaton has 405 states and 637 transitions. Word has length 110 [2022-02-20 17:55:57,173 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:57,173 INFO L470 AbstractCegarLoop]: Abstraction has 405 states and 637 transitions. [2022-02-20 17:55:57,173 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.818181818181818) internal successors, (75), 8 states have internal predecessors, (75), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:55:57,173 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 637 transitions. [2022-02-20 17:55:57,175 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 17:55:57,176 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:57,176 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:57,176 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:55:57,176 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:57,176 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:57,177 INFO L85 PathProgramCache]: Analyzing trace with hash -1214733079, now seen corresponding path program 2 times [2022-02-20 17:55:57,177 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:57,177 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [530567638] [2022-02-20 17:55:57,177 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:57,177 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:57,202 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,230 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:57,232 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {21512#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,234 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,234 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,234 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21455#true} {21455#true} #1079#return; {21455#true} is VALID [2022-02-20 17:55:57,241 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:57,242 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,244 INFO L290 TraceCheckUtils]: 0: Hoare triple {21513#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,244 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,244 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21455#true} {21455#true} #1081#return; {21455#true} is VALID [2022-02-20 17:55:57,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:57,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,247 INFO L290 TraceCheckUtils]: 0: Hoare triple {21512#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,247 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume !(1 == ~handle); {21455#true} is VALID [2022-02-20 17:55:57,247 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,247 INFO L290 TraceCheckUtils]: 3: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,248 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21455#true} {21455#true} #1083#return; {21455#true} is VALID [2022-02-20 17:55:57,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:57,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,251 INFO L290 TraceCheckUtils]: 0: Hoare triple {21513#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,251 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume !(1 == ~handle); {21455#true} is VALID [2022-02-20 17:55:57,251 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,251 INFO L290 TraceCheckUtils]: 3: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,251 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21455#true} {21455#true} #1085#return; {21455#true} is VALID [2022-02-20 17:55:57,251 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:57,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,271 INFO L290 TraceCheckUtils]: 0: Hoare triple {21512#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21514#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {21514#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21514#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {21514#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21514#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,273 INFO L290 TraceCheckUtils]: 3: Hoare triple {21514#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21515#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,273 INFO L290 TraceCheckUtils]: 4: Hoare triple {21515#(= 3 |setClientId_#in~handle|)} assume true; {21515#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,274 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21515#(= 3 |setClientId_#in~handle|)} {21475#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1087#return; {21482#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:55:57,274 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:55:57,276 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {21513#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21516#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:57,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {21516#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {21516#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:57,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {21516#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21517#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:57,294 INFO L290 TraceCheckUtils]: 3: Hoare triple {21517#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {21517#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:57,295 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21517#(= 2 |setClientPrivateKey_#in~handle|)} {21482#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1089#return; {21456#false} is VALID [2022-02-20 17:55:57,304 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:55:57,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,307 INFO L290 TraceCheckUtils]: 0: Hoare triple {21518#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,308 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21455#true} {21456#false} #1065#return; {21456#false} is VALID [2022-02-20 17:55:57,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:55:57,320 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,322 INFO L290 TraceCheckUtils]: 0: Hoare triple {21519#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,322 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,322 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,322 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21455#true} {21456#false} #1067#return; {21456#false} is VALID [2022-02-20 17:55:57,322 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:55:57,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {21455#true} ~handle := #in~handle;havoc ~retValue_acc~3; {21455#true} is VALID [2022-02-20 17:55:57,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {21455#true} is VALID [2022-02-20 17:55:57,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,325 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21455#true} {21456#false} #1025#return; {21456#false} is VALID [2022-02-20 17:55:57,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:55:57,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,332 INFO L290 TraceCheckUtils]: 0: Hoare triple {21455#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21455#true} is VALID [2022-02-20 17:55:57,332 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {21455#true} is VALID [2022-02-20 17:55:57,332 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,332 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21455#true} {21456#false} #1043#return; {21456#false} is VALID [2022-02-20 17:55:57,333 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:55:57,333 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,335 INFO L290 TraceCheckUtils]: 0: Hoare triple {21518#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,335 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,335 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,335 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21455#true} {21456#false} #1049#return; {21456#false} is VALID [2022-02-20 17:55:57,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:55:57,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {21455#true} ~handle := #in~handle;havoc ~retValue_acc~39; {21455#true} is VALID [2022-02-20 17:55:57,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {21455#true} is VALID [2022-02-20 17:55:57,338 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,338 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21455#true} {21456#false} #1053#return; {21456#false} is VALID [2022-02-20 17:55:57,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {21455#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {21455#true} is VALID [2022-02-20 17:55:57,339 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {21455#true} is VALID [2022-02-20 17:55:57,339 INFO L290 TraceCheckUtils]: 2: Hoare triple {21455#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21455#true} is VALID [2022-02-20 17:55:57,339 INFO L290 TraceCheckUtils]: 3: Hoare triple {21455#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {21455#true} is VALID [2022-02-20 17:55:57,339 INFO L290 TraceCheckUtils]: 4: Hoare triple {21455#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {21455#true} is VALID [2022-02-20 17:55:57,339 INFO L290 TraceCheckUtils]: 5: Hoare triple {21455#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21455#true} is VALID [2022-02-20 17:55:57,340 INFO L272 TraceCheckUtils]: 6: Hoare triple {21455#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21512#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:57,340 INFO L290 TraceCheckUtils]: 7: Hoare triple {21512#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,340 INFO L290 TraceCheckUtils]: 8: Hoare triple {21455#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,340 INFO L290 TraceCheckUtils]: 9: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,340 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21455#true} {21455#true} #1079#return; {21455#true} is VALID [2022-02-20 17:55:57,341 INFO L290 TraceCheckUtils]: 11: Hoare triple {21455#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21455#true} is VALID [2022-02-20 17:55:57,341 INFO L272 TraceCheckUtils]: 12: Hoare triple {21455#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21513#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:57,341 INFO L290 TraceCheckUtils]: 13: Hoare triple {21513#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,342 INFO L290 TraceCheckUtils]: 14: Hoare triple {21455#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,342 INFO L290 TraceCheckUtils]: 15: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,342 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21455#true} {21455#true} #1081#return; {21455#true} is VALID [2022-02-20 17:55:57,342 INFO L290 TraceCheckUtils]: 17: Hoare triple {21455#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21455#true} is VALID [2022-02-20 17:55:57,343 INFO L272 TraceCheckUtils]: 18: Hoare triple {21455#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21512#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:57,343 INFO L290 TraceCheckUtils]: 19: Hoare triple {21512#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,343 INFO L290 TraceCheckUtils]: 20: Hoare triple {21455#true} assume !(1 == ~handle); {21455#true} is VALID [2022-02-20 17:55:57,343 INFO L290 TraceCheckUtils]: 21: Hoare triple {21455#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,343 INFO L290 TraceCheckUtils]: 22: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,343 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21455#true} {21455#true} #1083#return; {21455#true} is VALID [2022-02-20 17:55:57,344 INFO L290 TraceCheckUtils]: 24: Hoare triple {21455#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21455#true} is VALID [2022-02-20 17:55:57,344 INFO L272 TraceCheckUtils]: 25: Hoare triple {21455#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21513#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:57,344 INFO L290 TraceCheckUtils]: 26: Hoare triple {21513#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,344 INFO L290 TraceCheckUtils]: 27: Hoare triple {21455#true} assume !(1 == ~handle); {21455#true} is VALID [2022-02-20 17:55:57,345 INFO L290 TraceCheckUtils]: 28: Hoare triple {21455#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,345 INFO L290 TraceCheckUtils]: 29: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,345 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21455#true} {21455#true} #1085#return; {21455#true} is VALID [2022-02-20 17:55:57,345 INFO L290 TraceCheckUtils]: 31: Hoare triple {21455#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21475#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:55:57,346 INFO L272 TraceCheckUtils]: 32: Hoare triple {21475#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21512#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:57,346 INFO L290 TraceCheckUtils]: 33: Hoare triple {21512#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21514#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,347 INFO L290 TraceCheckUtils]: 34: Hoare triple {21514#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21514#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,347 INFO L290 TraceCheckUtils]: 35: Hoare triple {21514#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21514#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,348 INFO L290 TraceCheckUtils]: 36: Hoare triple {21514#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21515#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,348 INFO L290 TraceCheckUtils]: 37: Hoare triple {21515#(= 3 |setClientId_#in~handle|)} assume true; {21515#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:57,348 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {21515#(= 3 |setClientId_#in~handle|)} {21475#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1087#return; {21482#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:55:57,349 INFO L290 TraceCheckUtils]: 39: Hoare triple {21482#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21482#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:55:57,350 INFO L272 TraceCheckUtils]: 40: Hoare triple {21482#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21513#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:57,350 INFO L290 TraceCheckUtils]: 41: Hoare triple {21513#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21516#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:57,350 INFO L290 TraceCheckUtils]: 42: Hoare triple {21516#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {21516#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:57,351 INFO L290 TraceCheckUtils]: 43: Hoare triple {21516#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21517#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:57,351 INFO L290 TraceCheckUtils]: 44: Hoare triple {21517#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {21517#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:57,351 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {21517#(= 2 |setClientPrivateKey_#in~handle|)} {21482#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1089#return; {21456#false} is VALID [2022-02-20 17:55:57,352 INFO L290 TraceCheckUtils]: 46: Hoare triple {21456#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {21456#false} is VALID [2022-02-20 17:55:57,352 INFO L290 TraceCheckUtils]: 47: Hoare triple {21456#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21456#false} is VALID [2022-02-20 17:55:57,352 INFO L290 TraceCheckUtils]: 48: Hoare triple {21456#false} assume !false; {21456#false} is VALID [2022-02-20 17:55:57,352 INFO L290 TraceCheckUtils]: 49: Hoare triple {21456#false} assume test_~splverifierCounter~0#1 < 4; {21456#false} is VALID [2022-02-20 17:55:57,352 INFO L290 TraceCheckUtils]: 50: Hoare triple {21456#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21456#false} is VALID [2022-02-20 17:55:57,352 INFO L290 TraceCheckUtils]: 51: Hoare triple {21456#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {21456#false} is VALID [2022-02-20 17:55:57,352 INFO L290 TraceCheckUtils]: 52: Hoare triple {21456#false} assume !(0 != test_~tmp___9~0#1); {21456#false} is VALID [2022-02-20 17:55:57,353 INFO L290 TraceCheckUtils]: 53: Hoare triple {21456#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {21456#false} is VALID [2022-02-20 17:55:57,353 INFO L290 TraceCheckUtils]: 54: Hoare triple {21456#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {21456#false} is VALID [2022-02-20 17:55:57,353 INFO L290 TraceCheckUtils]: 55: Hoare triple {21456#false} assume !false; {21456#false} is VALID [2022-02-20 17:55:57,353 INFO L290 TraceCheckUtils]: 56: Hoare triple {21456#false} assume !(test_~splverifierCounter~0#1 < 4); {21456#false} is VALID [2022-02-20 17:55:57,353 INFO L290 TraceCheckUtils]: 57: Hoare triple {21456#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {21456#false} is VALID [2022-02-20 17:55:57,353 INFO L272 TraceCheckUtils]: 58: Hoare triple {21456#false} call sendEmail(~bob~0, ~rjh~0); {21456#false} is VALID [2022-02-20 17:55:57,353 INFO L290 TraceCheckUtils]: 59: Hoare triple {21456#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21456#false} is VALID [2022-02-20 17:55:57,354 INFO L272 TraceCheckUtils]: 60: Hoare triple {21456#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21518#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:57,354 INFO L290 TraceCheckUtils]: 61: Hoare triple {21518#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,354 INFO L290 TraceCheckUtils]: 62: Hoare triple {21455#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,354 INFO L290 TraceCheckUtils]: 63: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,354 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {21455#true} {21456#false} #1065#return; {21456#false} is VALID [2022-02-20 17:55:57,354 INFO L272 TraceCheckUtils]: 65: Hoare triple {21456#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21519#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:57,354 INFO L290 TraceCheckUtils]: 66: Hoare triple {21519#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,355 INFO L290 TraceCheckUtils]: 67: Hoare triple {21455#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,355 INFO L290 TraceCheckUtils]: 68: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,355 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {21455#true} {21456#false} #1067#return; {21456#false} is VALID [2022-02-20 17:55:57,355 INFO L290 TraceCheckUtils]: 70: Hoare triple {21456#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {21456#false} is VALID [2022-02-20 17:55:57,355 INFO L290 TraceCheckUtils]: 71: Hoare triple {21456#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {21456#false} is VALID [2022-02-20 17:55:57,355 INFO L272 TraceCheckUtils]: 72: Hoare triple {21456#false} call outgoing(~sender#1, ~email~0#1); {21456#false} is VALID [2022-02-20 17:55:57,355 INFO L290 TraceCheckUtils]: 73: Hoare triple {21456#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {21456#false} is VALID [2022-02-20 17:55:57,356 INFO L272 TraceCheckUtils]: 74: Hoare triple {21456#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {21455#true} is VALID [2022-02-20 17:55:57,356 INFO L290 TraceCheckUtils]: 75: Hoare triple {21455#true} ~handle := #in~handle;havoc ~retValue_acc~3; {21455#true} is VALID [2022-02-20 17:55:57,356 INFO L290 TraceCheckUtils]: 76: Hoare triple {21455#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {21455#true} is VALID [2022-02-20 17:55:57,356 INFO L290 TraceCheckUtils]: 77: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,356 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {21455#true} {21456#false} #1025#return; {21456#false} is VALID [2022-02-20 17:55:57,356 INFO L290 TraceCheckUtils]: 79: Hoare triple {21456#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {21456#false} is VALID [2022-02-20 17:55:57,356 INFO L290 TraceCheckUtils]: 80: Hoare triple {21456#false} assume !(0 != ~size~2#1); {21456#false} is VALID [2022-02-20 17:55:57,356 INFO L272 TraceCheckUtils]: 81: Hoare triple {21456#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {21456#false} is VALID [2022-02-20 17:55:57,357 INFO L290 TraceCheckUtils]: 82: Hoare triple {21456#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {21456#false} is VALID [2022-02-20 17:55:57,357 INFO L272 TraceCheckUtils]: 83: Hoare triple {21456#false} call #t~ret12#1 := getEmailTo(~msg#1); {21455#true} is VALID [2022-02-20 17:55:57,357 INFO L290 TraceCheckUtils]: 84: Hoare triple {21455#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21455#true} is VALID [2022-02-20 17:55:57,357 INFO L290 TraceCheckUtils]: 85: Hoare triple {21455#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {21455#true} is VALID [2022-02-20 17:55:57,357 INFO L290 TraceCheckUtils]: 86: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,357 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {21455#true} {21456#false} #1043#return; {21456#false} is VALID [2022-02-20 17:55:57,357 INFO L290 TraceCheckUtils]: 88: Hoare triple {21456#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {21456#false} is VALID [2022-02-20 17:55:57,358 INFO L290 TraceCheckUtils]: 89: Hoare triple {21456#false} assume 1 == findPublicKey_~handle#1; {21456#false} is VALID [2022-02-20 17:55:57,358 INFO L290 TraceCheckUtils]: 90: Hoare triple {21456#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {21456#false} is VALID [2022-02-20 17:55:57,358 INFO L290 TraceCheckUtils]: 91: Hoare triple {21456#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {21456#false} is VALID [2022-02-20 17:55:57,358 INFO L290 TraceCheckUtils]: 92: Hoare triple {21456#false} assume !(0 != ~pubkey~0#1); {21456#false} is VALID [2022-02-20 17:55:57,358 INFO L290 TraceCheckUtils]: 93: Hoare triple {21456#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {21456#false} is VALID [2022-02-20 17:55:57,358 INFO L290 TraceCheckUtils]: 94: Hoare triple {21456#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {21456#false} is VALID [2022-02-20 17:55:57,358 INFO L290 TraceCheckUtils]: 95: Hoare triple {21456#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {21456#false} is VALID [2022-02-20 17:55:57,359 INFO L272 TraceCheckUtils]: 96: Hoare triple {21456#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {21518#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:57,359 INFO L290 TraceCheckUtils]: 97: Hoare triple {21518#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21455#true} is VALID [2022-02-20 17:55:57,359 INFO L290 TraceCheckUtils]: 98: Hoare triple {21455#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21455#true} is VALID [2022-02-20 17:55:57,359 INFO L290 TraceCheckUtils]: 99: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,359 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {21455#true} {21456#false} #1049#return; {21456#false} is VALID [2022-02-20 17:55:57,359 INFO L290 TraceCheckUtils]: 101: Hoare triple {21456#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {21456#false} is VALID [2022-02-20 17:55:57,359 INFO L290 TraceCheckUtils]: 102: Hoare triple {21456#false} assume !(-1 == ~mail_is_sensitive~0); {21456#false} is VALID [2022-02-20 17:55:57,360 INFO L272 TraceCheckUtils]: 103: Hoare triple {21456#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {21455#true} is VALID [2022-02-20 17:55:57,360 INFO L290 TraceCheckUtils]: 104: Hoare triple {21455#true} ~handle := #in~handle;havoc ~retValue_acc~39; {21455#true} is VALID [2022-02-20 17:55:57,360 INFO L290 TraceCheckUtils]: 105: Hoare triple {21455#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {21455#true} is VALID [2022-02-20 17:55:57,360 INFO L290 TraceCheckUtils]: 106: Hoare triple {21455#true} assume true; {21455#true} is VALID [2022-02-20 17:55:57,360 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {21455#true} {21456#false} #1053#return; {21456#false} is VALID [2022-02-20 17:55:57,360 INFO L290 TraceCheckUtils]: 108: Hoare triple {21456#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {21456#false} is VALID [2022-02-20 17:55:57,360 INFO L290 TraceCheckUtils]: 109: Hoare triple {21456#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {21456#false} is VALID [2022-02-20 17:55:57,361 INFO L290 TraceCheckUtils]: 110: Hoare triple {21456#false} assume !false; {21456#false} is VALID [2022-02-20 17:55:57,361 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:55:57,361 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:57,361 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [530567638] [2022-02-20 17:55:57,361 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [530567638] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:57,361 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:57,362 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:55:57,362 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1354163179] [2022-02-20 17:55:57,362 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:57,363 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 111 [2022-02-20 17:55:57,363 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:57,363 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:55:57,431 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:57,432 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:55:57,432 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:57,432 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:55:57,433 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:55:57,433 INFO L87 Difference]: Start difference. First operand 405 states and 637 transitions. Second operand has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:56:05,737 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:05,737 INFO L93 Difference]: Finished difference Result 866 states and 1387 transitions. [2022-02-20 17:56:05,737 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:56:05,738 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 111 [2022-02-20 17:56:05,738 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:05,738 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:56:05,746 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1150 transitions. [2022-02-20 17:56:05,746 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:56:05,761 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1150 transitions. [2022-02-20 17:56:05,761 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1150 transitions. [2022-02-20 17:56:06,713 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1150 edges. 1150 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:06,728 INFO L225 Difference]: With dead ends: 866 [2022-02-20 17:56:06,728 INFO L226 Difference]: Without dead ends: 488 [2022-02-20 17:56:06,730 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 49 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:56:06,730 INFO L933 BasicCegarLoop]: 538 mSDtfsCounter, 1324 mSDsluCounter, 1302 mSDsCounter, 0 mSdLazyCounter, 3197 mSolverCounterSat, 454 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1324 SdHoareTripleChecker+Valid, 1840 SdHoareTripleChecker+Invalid, 3651 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 454 IncrementalHoareTripleChecker+Valid, 3197 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:06,730 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1324 Valid, 1840 Invalid, 3651 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [454 Valid, 3197 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-02-20 17:56:06,731 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 488 states. [2022-02-20 17:56:06,842 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 488 to 407. [2022-02-20 17:56:06,842 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:06,843 INFO L82 GeneralOperation]: Start isEquivalent. First operand 488 states. Second operand has 407 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 323 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 25 states have return successors, (77), 64 states have call predecessors, (77), 65 states have call successors, (77) [2022-02-20 17:56:06,844 INFO L74 IsIncluded]: Start isIncluded. First operand 488 states. Second operand has 407 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 323 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 25 states have return successors, (77), 64 states have call predecessors, (77), 65 states have call successors, (77) [2022-02-20 17:56:06,844 INFO L87 Difference]: Start difference. First operand 488 states. Second operand has 407 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 323 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 25 states have return successors, (77), 64 states have call predecessors, (77), 65 states have call successors, (77) [2022-02-20 17:56:06,860 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:06,861 INFO L93 Difference]: Finished difference Result 488 states and 786 transitions. [2022-02-20 17:56:06,861 INFO L276 IsEmpty]: Start isEmpty. Operand 488 states and 786 transitions. [2022-02-20 17:56:06,863 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:06,863 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:06,864 INFO L74 IsIncluded]: Start isIncluded. First operand has 407 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 323 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 25 states have return successors, (77), 64 states have call predecessors, (77), 65 states have call successors, (77) Second operand 488 states. [2022-02-20 17:56:06,865 INFO L87 Difference]: Start difference. First operand has 407 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 323 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 25 states have return successors, (77), 64 states have call predecessors, (77), 65 states have call successors, (77) Second operand 488 states. [2022-02-20 17:56:06,881 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:06,882 INFO L93 Difference]: Finished difference Result 488 states and 786 transitions. [2022-02-20 17:56:06,882 INFO L276 IsEmpty]: Start isEmpty. Operand 488 states and 786 transitions. [2022-02-20 17:56:06,884 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:06,884 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:06,884 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:06,885 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:06,886 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 407 states, 315 states have (on average 1.5873015873015872) internal successors, (500), 323 states have internal predecessors, (500), 66 states have call successors, (66), 21 states have call predecessors, (66), 25 states have return successors, (77), 64 states have call predecessors, (77), 65 states have call successors, (77) [2022-02-20 17:56:06,899 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 407 states to 407 states and 643 transitions. [2022-02-20 17:56:06,900 INFO L78 Accepts]: Start accepts. Automaton has 407 states and 643 transitions. Word has length 111 [2022-02-20 17:56:06,900 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:06,900 INFO L470 AbstractCegarLoop]: Abstraction has 407 states and 643 transitions. [2022-02-20 17:56:06,900 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 6.909090909090909) internal successors, (76), 8 states have internal predecessors, (76), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:56:06,900 INFO L276 IsEmpty]: Start isEmpty. Operand 407 states and 643 transitions. [2022-02-20 17:56:06,904 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 17:56:06,904 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:06,904 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:06,904 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 17:56:06,904 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__EncryptErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:06,905 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:06,905 INFO L85 PathProgramCache]: Analyzing trace with hash -843374101, now seen corresponding path program 1 times [2022-02-20 17:56:06,905 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:06,905 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1033889846] [2022-02-20 17:56:06,905 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:06,905 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:06,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:06,986 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:06,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:06,989 INFO L290 TraceCheckUtils]: 0: Hoare triple {24339#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:06,990 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:06,990 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:06,990 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24281#true} {24281#true} #1079#return; {24281#true} is VALID [2022-02-20 17:56:06,995 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:06,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:06,998 INFO L290 TraceCheckUtils]: 0: Hoare triple {24340#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:06,998 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:06,998 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:06,999 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24281#true} {24281#true} #1081#return; {24281#true} is VALID [2022-02-20 17:56:06,999 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:07,000 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,002 INFO L290 TraceCheckUtils]: 0: Hoare triple {24339#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,003 INFO L290 TraceCheckUtils]: 3: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,003 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24281#true} {24281#true} #1083#return; {24281#true} is VALID [2022-02-20 17:56:07,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:07,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,005 INFO L290 TraceCheckUtils]: 0: Hoare triple {24340#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,005 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,006 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,006 INFO L290 TraceCheckUtils]: 3: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,006 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24281#true} {24281#true} #1085#return; {24281#true} is VALID [2022-02-20 17:56:07,006 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:07,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,010 INFO L290 TraceCheckUtils]: 0: Hoare triple {24339#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,010 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,010 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume !(2 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,010 INFO L290 TraceCheckUtils]: 3: Hoare triple {24281#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,011 INFO L290 TraceCheckUtils]: 4: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,011 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24281#true} {24281#true} #1087#return; {24281#true} is VALID [2022-02-20 17:56:07,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:07,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {24340#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,015 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume !(2 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,015 INFO L290 TraceCheckUtils]: 3: Hoare triple {24281#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,015 INFO L290 TraceCheckUtils]: 4: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,015 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24281#true} {24281#true} #1089#return; {24281#true} is VALID [2022-02-20 17:56:07,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:56:07,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,024 INFO L290 TraceCheckUtils]: 0: Hoare triple {24341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,024 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,024 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24281#true} {24282#false} #1065#return; {24282#false} is VALID [2022-02-20 17:56:07,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:56:07,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,032 INFO L290 TraceCheckUtils]: 0: Hoare triple {24342#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,032 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24281#true} {24282#false} #1067#return; {24282#false} is VALID [2022-02-20 17:56:07,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:56:07,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {24281#true} ~handle := #in~handle;havoc ~retValue_acc~3; {24281#true} is VALID [2022-02-20 17:56:07,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {24281#true} is VALID [2022-02-20 17:56:07,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24281#true} {24282#false} #1025#return; {24282#false} is VALID [2022-02-20 17:56:07,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:56:07,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {24281#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24281#true} is VALID [2022-02-20 17:56:07,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {24281#true} is VALID [2022-02-20 17:56:07,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,038 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24281#true} {24282#false} #1043#return; {24282#false} is VALID [2022-02-20 17:56:07,039 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:56:07,039 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {24341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,042 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24281#true} {24282#false} #1049#return; {24282#false} is VALID [2022-02-20 17:56:07,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:56:07,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {24281#true} ~handle := #in~handle;havoc ~retValue_acc~39; {24281#true} is VALID [2022-02-20 17:56:07,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {24281#true} is VALID [2022-02-20 17:56:07,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,045 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24281#true} {24282#false} #1053#return; {24282#false} is VALID [2022-02-20 17:56:07,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {24281#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {24281#true} is VALID [2022-02-20 17:56:07,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {24281#true} is VALID [2022-02-20 17:56:07,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24281#true} is VALID [2022-02-20 17:56:07,045 INFO L290 TraceCheckUtils]: 3: Hoare triple {24281#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {24281#true} is VALID [2022-02-20 17:56:07,045 INFO L290 TraceCheckUtils]: 4: Hoare triple {24281#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {24281#true} is VALID [2022-02-20 17:56:07,046 INFO L290 TraceCheckUtils]: 5: Hoare triple {24281#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24281#true} is VALID [2022-02-20 17:56:07,046 INFO L272 TraceCheckUtils]: 6: Hoare triple {24281#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24339#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:07,046 INFO L290 TraceCheckUtils]: 7: Hoare triple {24339#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,047 INFO L290 TraceCheckUtils]: 8: Hoare triple {24281#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,047 INFO L290 TraceCheckUtils]: 9: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,047 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24281#true} {24281#true} #1079#return; {24281#true} is VALID [2022-02-20 17:56:07,047 INFO L290 TraceCheckUtils]: 11: Hoare triple {24281#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24281#true} is VALID [2022-02-20 17:56:07,048 INFO L272 TraceCheckUtils]: 12: Hoare triple {24281#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24340#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:07,048 INFO L290 TraceCheckUtils]: 13: Hoare triple {24340#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,048 INFO L290 TraceCheckUtils]: 14: Hoare triple {24281#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,048 INFO L290 TraceCheckUtils]: 15: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,048 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24281#true} {24281#true} #1081#return; {24281#true} is VALID [2022-02-20 17:56:07,048 INFO L290 TraceCheckUtils]: 17: Hoare triple {24281#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24281#true} is VALID [2022-02-20 17:56:07,049 INFO L272 TraceCheckUtils]: 18: Hoare triple {24281#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24339#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:07,049 INFO L290 TraceCheckUtils]: 19: Hoare triple {24339#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,049 INFO L290 TraceCheckUtils]: 20: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,049 INFO L290 TraceCheckUtils]: 21: Hoare triple {24281#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,049 INFO L290 TraceCheckUtils]: 22: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,050 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24281#true} {24281#true} #1083#return; {24281#true} is VALID [2022-02-20 17:56:07,050 INFO L290 TraceCheckUtils]: 24: Hoare triple {24281#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24281#true} is VALID [2022-02-20 17:56:07,050 INFO L272 TraceCheckUtils]: 25: Hoare triple {24281#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24340#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:07,050 INFO L290 TraceCheckUtils]: 26: Hoare triple {24340#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,051 INFO L290 TraceCheckUtils]: 27: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,051 INFO L290 TraceCheckUtils]: 28: Hoare triple {24281#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,051 INFO L290 TraceCheckUtils]: 29: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,051 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24281#true} {24281#true} #1085#return; {24281#true} is VALID [2022-02-20 17:56:07,051 INFO L290 TraceCheckUtils]: 31: Hoare triple {24281#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24281#true} is VALID [2022-02-20 17:56:07,052 INFO L272 TraceCheckUtils]: 32: Hoare triple {24281#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24339#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:07,052 INFO L290 TraceCheckUtils]: 33: Hoare triple {24339#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,052 INFO L290 TraceCheckUtils]: 34: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,052 INFO L290 TraceCheckUtils]: 35: Hoare triple {24281#true} assume !(2 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,052 INFO L290 TraceCheckUtils]: 36: Hoare triple {24281#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,052 INFO L290 TraceCheckUtils]: 37: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,053 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24281#true} {24281#true} #1087#return; {24281#true} is VALID [2022-02-20 17:56:07,053 INFO L290 TraceCheckUtils]: 39: Hoare triple {24281#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {24281#true} is VALID [2022-02-20 17:56:07,053 INFO L272 TraceCheckUtils]: 40: Hoare triple {24281#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24340#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:07,053 INFO L290 TraceCheckUtils]: 41: Hoare triple {24340#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,054 INFO L290 TraceCheckUtils]: 42: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,054 INFO L290 TraceCheckUtils]: 43: Hoare triple {24281#true} assume !(2 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,054 INFO L290 TraceCheckUtils]: 44: Hoare triple {24281#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,054 INFO L290 TraceCheckUtils]: 45: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,054 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24281#true} {24281#true} #1089#return; {24281#true} is VALID [2022-02-20 17:56:07,054 INFO L290 TraceCheckUtils]: 47: Hoare triple {24281#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {24281#true} is VALID [2022-02-20 17:56:07,055 INFO L290 TraceCheckUtils]: 48: Hoare triple {24281#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24313#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:07,055 INFO L290 TraceCheckUtils]: 49: Hoare triple {24313#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {24313#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:07,055 INFO L290 TraceCheckUtils]: 50: Hoare triple {24313#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {24313#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:07,056 INFO L290 TraceCheckUtils]: 51: Hoare triple {24313#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,056 INFO L290 TraceCheckUtils]: 52: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,056 INFO L290 TraceCheckUtils]: 53: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,057 INFO L290 TraceCheckUtils]: 54: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,057 INFO L290 TraceCheckUtils]: 55: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,057 INFO L290 TraceCheckUtils]: 56: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,058 INFO L290 TraceCheckUtils]: 57: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {24282#false} is VALID [2022-02-20 17:56:07,058 INFO L290 TraceCheckUtils]: 58: Hoare triple {24282#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {24282#false} is VALID [2022-02-20 17:56:07,058 INFO L272 TraceCheckUtils]: 59: Hoare triple {24282#false} call sendEmail(~bob~0, ~rjh~0); {24282#false} is VALID [2022-02-20 17:56:07,058 INFO L290 TraceCheckUtils]: 60: Hoare triple {24282#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24282#false} is VALID [2022-02-20 17:56:07,058 INFO L272 TraceCheckUtils]: 61: Hoare triple {24282#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:07,058 INFO L290 TraceCheckUtils]: 62: Hoare triple {24341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,058 INFO L290 TraceCheckUtils]: 63: Hoare triple {24281#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,059 INFO L290 TraceCheckUtils]: 64: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,059 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {24281#true} {24282#false} #1065#return; {24282#false} is VALID [2022-02-20 17:56:07,059 INFO L272 TraceCheckUtils]: 66: Hoare triple {24282#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24342#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:07,059 INFO L290 TraceCheckUtils]: 67: Hoare triple {24342#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,059 INFO L290 TraceCheckUtils]: 68: Hoare triple {24281#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,059 INFO L290 TraceCheckUtils]: 69: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,059 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {24281#true} {24282#false} #1067#return; {24282#false} is VALID [2022-02-20 17:56:07,059 INFO L290 TraceCheckUtils]: 71: Hoare triple {24282#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {24282#false} is VALID [2022-02-20 17:56:07,060 INFO L290 TraceCheckUtils]: 72: Hoare triple {24282#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {24282#false} is VALID [2022-02-20 17:56:07,060 INFO L272 TraceCheckUtils]: 73: Hoare triple {24282#false} call outgoing(~sender#1, ~email~0#1); {24282#false} is VALID [2022-02-20 17:56:07,060 INFO L290 TraceCheckUtils]: 74: Hoare triple {24282#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {24282#false} is VALID [2022-02-20 17:56:07,060 INFO L272 TraceCheckUtils]: 75: Hoare triple {24282#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {24281#true} is VALID [2022-02-20 17:56:07,060 INFO L290 TraceCheckUtils]: 76: Hoare triple {24281#true} ~handle := #in~handle;havoc ~retValue_acc~3; {24281#true} is VALID [2022-02-20 17:56:07,060 INFO L290 TraceCheckUtils]: 77: Hoare triple {24281#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {24281#true} is VALID [2022-02-20 17:56:07,061 INFO L290 TraceCheckUtils]: 78: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,061 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {24281#true} {24282#false} #1025#return; {24282#false} is VALID [2022-02-20 17:56:07,061 INFO L290 TraceCheckUtils]: 80: Hoare triple {24282#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {24282#false} is VALID [2022-02-20 17:56:07,061 INFO L290 TraceCheckUtils]: 81: Hoare triple {24282#false} assume !(0 != ~size~2#1); {24282#false} is VALID [2022-02-20 17:56:07,061 INFO L272 TraceCheckUtils]: 82: Hoare triple {24282#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {24282#false} is VALID [2022-02-20 17:56:07,061 INFO L290 TraceCheckUtils]: 83: Hoare triple {24282#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {24282#false} is VALID [2022-02-20 17:56:07,061 INFO L272 TraceCheckUtils]: 84: Hoare triple {24282#false} call #t~ret12#1 := getEmailTo(~msg#1); {24281#true} is VALID [2022-02-20 17:56:07,061 INFO L290 TraceCheckUtils]: 85: Hoare triple {24281#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24281#true} is VALID [2022-02-20 17:56:07,062 INFO L290 TraceCheckUtils]: 86: Hoare triple {24281#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {24281#true} is VALID [2022-02-20 17:56:07,062 INFO L290 TraceCheckUtils]: 87: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,062 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {24281#true} {24282#false} #1043#return; {24282#false} is VALID [2022-02-20 17:56:07,062 INFO L290 TraceCheckUtils]: 89: Hoare triple {24282#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {24282#false} is VALID [2022-02-20 17:56:07,062 INFO L290 TraceCheckUtils]: 90: Hoare triple {24282#false} assume 1 == findPublicKey_~handle#1; {24282#false} is VALID [2022-02-20 17:56:07,062 INFO L290 TraceCheckUtils]: 91: Hoare triple {24282#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {24282#false} is VALID [2022-02-20 17:56:07,062 INFO L290 TraceCheckUtils]: 92: Hoare triple {24282#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {24282#false} is VALID [2022-02-20 17:56:07,063 INFO L290 TraceCheckUtils]: 93: Hoare triple {24282#false} assume !(0 != ~pubkey~0#1); {24282#false} is VALID [2022-02-20 17:56:07,063 INFO L290 TraceCheckUtils]: 94: Hoare triple {24282#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {24282#false} is VALID [2022-02-20 17:56:07,063 INFO L290 TraceCheckUtils]: 95: Hoare triple {24282#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {24282#false} is VALID [2022-02-20 17:56:07,063 INFO L290 TraceCheckUtils]: 96: Hoare triple {24282#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {24282#false} is VALID [2022-02-20 17:56:07,063 INFO L272 TraceCheckUtils]: 97: Hoare triple {24282#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {24341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:07,063 INFO L290 TraceCheckUtils]: 98: Hoare triple {24341#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,063 INFO L290 TraceCheckUtils]: 99: Hoare triple {24281#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,063 INFO L290 TraceCheckUtils]: 100: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,064 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {24281#true} {24282#false} #1049#return; {24282#false} is VALID [2022-02-20 17:56:07,064 INFO L290 TraceCheckUtils]: 102: Hoare triple {24282#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {24282#false} is VALID [2022-02-20 17:56:07,064 INFO L290 TraceCheckUtils]: 103: Hoare triple {24282#false} assume !(-1 == ~mail_is_sensitive~0); {24282#false} is VALID [2022-02-20 17:56:07,064 INFO L272 TraceCheckUtils]: 104: Hoare triple {24282#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {24281#true} is VALID [2022-02-20 17:56:07,064 INFO L290 TraceCheckUtils]: 105: Hoare triple {24281#true} ~handle := #in~handle;havoc ~retValue_acc~39; {24281#true} is VALID [2022-02-20 17:56:07,064 INFO L290 TraceCheckUtils]: 106: Hoare triple {24281#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {24281#true} is VALID [2022-02-20 17:56:07,064 INFO L290 TraceCheckUtils]: 107: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,065 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {24281#true} {24282#false} #1053#return; {24282#false} is VALID [2022-02-20 17:56:07,065 INFO L290 TraceCheckUtils]: 109: Hoare triple {24282#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {24282#false} is VALID [2022-02-20 17:56:07,065 INFO L290 TraceCheckUtils]: 110: Hoare triple {24282#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {24282#false} is VALID [2022-02-20 17:56:07,065 INFO L290 TraceCheckUtils]: 111: Hoare triple {24282#false} assume !false; {24282#false} is VALID [2022-02-20 17:56:07,065 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:56:07,066 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:07,066 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1033889846] [2022-02-20 17:56:07,066 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1033889846] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:56:07,066 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1148094713] [2022-02-20 17:56:07,066 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:07,066 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:56:07,066 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:56:07,068 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:56:07,097 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 17:56:07,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,277 INFO L263 TraceCheckSpWp]: Trace formula consists of 1014 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:56:07,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,331 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:56:07,561 INFO L290 TraceCheckUtils]: 0: Hoare triple {24281#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 3: Hoare triple {24281#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 4: Hoare triple {24281#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 5: Hoare triple {24281#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L272 TraceCheckUtils]: 6: Hoare triple {24281#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 7: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 8: Hoare triple {24281#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 9: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24281#true} {24281#true} #1079#return; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 11: Hoare triple {24281#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L272 TraceCheckUtils]: 12: Hoare triple {24281#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 13: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 14: Hoare triple {24281#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,562 INFO L290 TraceCheckUtils]: 15: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,563 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24281#true} {24281#true} #1081#return; {24281#true} is VALID [2022-02-20 17:56:07,563 INFO L290 TraceCheckUtils]: 17: Hoare triple {24281#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24281#true} is VALID [2022-02-20 17:56:07,563 INFO L272 TraceCheckUtils]: 18: Hoare triple {24281#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24281#true} is VALID [2022-02-20 17:56:07,563 INFO L290 TraceCheckUtils]: 19: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,563 INFO L290 TraceCheckUtils]: 20: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,563 INFO L290 TraceCheckUtils]: 21: Hoare triple {24281#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,563 INFO L290 TraceCheckUtils]: 22: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,563 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24281#true} {24281#true} #1083#return; {24281#true} is VALID [2022-02-20 17:56:07,564 INFO L290 TraceCheckUtils]: 24: Hoare triple {24281#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24281#true} is VALID [2022-02-20 17:56:07,564 INFO L272 TraceCheckUtils]: 25: Hoare triple {24281#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24281#true} is VALID [2022-02-20 17:56:07,564 INFO L290 TraceCheckUtils]: 26: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,564 INFO L290 TraceCheckUtils]: 27: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,564 INFO L290 TraceCheckUtils]: 28: Hoare triple {24281#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,564 INFO L290 TraceCheckUtils]: 29: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,564 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24281#true} {24281#true} #1085#return; {24281#true} is VALID [2022-02-20 17:56:07,564 INFO L290 TraceCheckUtils]: 31: Hoare triple {24281#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24281#true} is VALID [2022-02-20 17:56:07,565 INFO L272 TraceCheckUtils]: 32: Hoare triple {24281#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24281#true} is VALID [2022-02-20 17:56:07,565 INFO L290 TraceCheckUtils]: 33: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,565 INFO L290 TraceCheckUtils]: 34: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,565 INFO L290 TraceCheckUtils]: 35: Hoare triple {24281#true} assume !(2 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,565 INFO L290 TraceCheckUtils]: 36: Hoare triple {24281#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,565 INFO L290 TraceCheckUtils]: 37: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,565 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24281#true} {24281#true} #1087#return; {24281#true} is VALID [2022-02-20 17:56:07,566 INFO L290 TraceCheckUtils]: 39: Hoare triple {24281#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {24281#true} is VALID [2022-02-20 17:56:07,566 INFO L272 TraceCheckUtils]: 40: Hoare triple {24281#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24281#true} is VALID [2022-02-20 17:56:07,566 INFO L290 TraceCheckUtils]: 41: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,566 INFO L290 TraceCheckUtils]: 42: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,566 INFO L290 TraceCheckUtils]: 43: Hoare triple {24281#true} assume !(2 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,566 INFO L290 TraceCheckUtils]: 44: Hoare triple {24281#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,566 INFO L290 TraceCheckUtils]: 45: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,566 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24281#true} {24281#true} #1089#return; {24281#true} is VALID [2022-02-20 17:56:07,567 INFO L290 TraceCheckUtils]: 47: Hoare triple {24281#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {24281#true} is VALID [2022-02-20 17:56:07,567 INFO L290 TraceCheckUtils]: 48: Hoare triple {24281#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24490#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:07,568 INFO L290 TraceCheckUtils]: 49: Hoare triple {24490#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {24490#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:07,568 INFO L290 TraceCheckUtils]: 50: Hoare triple {24490#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {24490#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:07,569 INFO L290 TraceCheckUtils]: 51: Hoare triple {24490#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,569 INFO L290 TraceCheckUtils]: 52: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,570 INFO L290 TraceCheckUtils]: 53: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,570 INFO L290 TraceCheckUtils]: 54: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,570 INFO L290 TraceCheckUtils]: 55: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,571 INFO L290 TraceCheckUtils]: 56: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:07,571 INFO L290 TraceCheckUtils]: 57: Hoare triple {24314#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {24282#false} is VALID [2022-02-20 17:56:07,572 INFO L290 TraceCheckUtils]: 58: Hoare triple {24282#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {24282#false} is VALID [2022-02-20 17:56:07,572 INFO L272 TraceCheckUtils]: 59: Hoare triple {24282#false} call sendEmail(~bob~0, ~rjh~0); {24282#false} is VALID [2022-02-20 17:56:07,572 INFO L290 TraceCheckUtils]: 60: Hoare triple {24282#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24282#false} is VALID [2022-02-20 17:56:07,572 INFO L272 TraceCheckUtils]: 61: Hoare triple {24282#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24282#false} is VALID [2022-02-20 17:56:07,572 INFO L290 TraceCheckUtils]: 62: Hoare triple {24282#false} ~handle := #in~handle;~value := #in~value; {24282#false} is VALID [2022-02-20 17:56:07,572 INFO L290 TraceCheckUtils]: 63: Hoare triple {24282#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24282#false} is VALID [2022-02-20 17:56:07,572 INFO L290 TraceCheckUtils]: 64: Hoare triple {24282#false} assume true; {24282#false} is VALID [2022-02-20 17:56:07,573 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {24282#false} {24282#false} #1065#return; {24282#false} is VALID [2022-02-20 17:56:07,573 INFO L272 TraceCheckUtils]: 66: Hoare triple {24282#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24282#false} is VALID [2022-02-20 17:56:07,573 INFO L290 TraceCheckUtils]: 67: Hoare triple {24282#false} ~handle := #in~handle;~value := #in~value; {24282#false} is VALID [2022-02-20 17:56:07,573 INFO L290 TraceCheckUtils]: 68: Hoare triple {24282#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24282#false} is VALID [2022-02-20 17:56:07,573 INFO L290 TraceCheckUtils]: 69: Hoare triple {24282#false} assume true; {24282#false} is VALID [2022-02-20 17:56:07,573 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {24282#false} {24282#false} #1067#return; {24282#false} is VALID [2022-02-20 17:56:07,573 INFO L290 TraceCheckUtils]: 71: Hoare triple {24282#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {24282#false} is VALID [2022-02-20 17:56:07,573 INFO L290 TraceCheckUtils]: 72: Hoare triple {24282#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {24282#false} is VALID [2022-02-20 17:56:07,574 INFO L272 TraceCheckUtils]: 73: Hoare triple {24282#false} call outgoing(~sender#1, ~email~0#1); {24282#false} is VALID [2022-02-20 17:56:07,574 INFO L290 TraceCheckUtils]: 74: Hoare triple {24282#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {24282#false} is VALID [2022-02-20 17:56:07,574 INFO L272 TraceCheckUtils]: 75: Hoare triple {24282#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {24282#false} is VALID [2022-02-20 17:56:07,574 INFO L290 TraceCheckUtils]: 76: Hoare triple {24282#false} ~handle := #in~handle;havoc ~retValue_acc~3; {24282#false} is VALID [2022-02-20 17:56:07,574 INFO L290 TraceCheckUtils]: 77: Hoare triple {24282#false} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {24282#false} is VALID [2022-02-20 17:56:07,574 INFO L290 TraceCheckUtils]: 78: Hoare triple {24282#false} assume true; {24282#false} is VALID [2022-02-20 17:56:07,574 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {24282#false} {24282#false} #1025#return; {24282#false} is VALID [2022-02-20 17:56:07,575 INFO L290 TraceCheckUtils]: 80: Hoare triple {24282#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {24282#false} is VALID [2022-02-20 17:56:07,575 INFO L290 TraceCheckUtils]: 81: Hoare triple {24282#false} assume !(0 != ~size~2#1); {24282#false} is VALID [2022-02-20 17:56:07,575 INFO L272 TraceCheckUtils]: 82: Hoare triple {24282#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {24282#false} is VALID [2022-02-20 17:56:07,575 INFO L290 TraceCheckUtils]: 83: Hoare triple {24282#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {24282#false} is VALID [2022-02-20 17:56:07,575 INFO L272 TraceCheckUtils]: 84: Hoare triple {24282#false} call #t~ret12#1 := getEmailTo(~msg#1); {24282#false} is VALID [2022-02-20 17:56:07,575 INFO L290 TraceCheckUtils]: 85: Hoare triple {24282#false} ~handle := #in~handle;havoc ~retValue_acc~36; {24282#false} is VALID [2022-02-20 17:56:07,575 INFO L290 TraceCheckUtils]: 86: Hoare triple {24282#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {24282#false} is VALID [2022-02-20 17:56:07,575 INFO L290 TraceCheckUtils]: 87: Hoare triple {24282#false} assume true; {24282#false} is VALID [2022-02-20 17:56:07,576 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {24282#false} {24282#false} #1043#return; {24282#false} is VALID [2022-02-20 17:56:07,576 INFO L290 TraceCheckUtils]: 89: Hoare triple {24282#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {24282#false} is VALID [2022-02-20 17:56:07,576 INFO L290 TraceCheckUtils]: 90: Hoare triple {24282#false} assume 1 == findPublicKey_~handle#1; {24282#false} is VALID [2022-02-20 17:56:07,576 INFO L290 TraceCheckUtils]: 91: Hoare triple {24282#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {24282#false} is VALID [2022-02-20 17:56:07,576 INFO L290 TraceCheckUtils]: 92: Hoare triple {24282#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {24282#false} is VALID [2022-02-20 17:56:07,576 INFO L290 TraceCheckUtils]: 93: Hoare triple {24282#false} assume !(0 != ~pubkey~0#1); {24282#false} is VALID [2022-02-20 17:56:07,576 INFO L290 TraceCheckUtils]: 94: Hoare triple {24282#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {24282#false} is VALID [2022-02-20 17:56:07,577 INFO L290 TraceCheckUtils]: 95: Hoare triple {24282#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {24282#false} is VALID [2022-02-20 17:56:07,577 INFO L290 TraceCheckUtils]: 96: Hoare triple {24282#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {24282#false} is VALID [2022-02-20 17:56:07,577 INFO L272 TraceCheckUtils]: 97: Hoare triple {24282#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {24282#false} is VALID [2022-02-20 17:56:07,577 INFO L290 TraceCheckUtils]: 98: Hoare triple {24282#false} ~handle := #in~handle;~value := #in~value; {24282#false} is VALID [2022-02-20 17:56:07,577 INFO L290 TraceCheckUtils]: 99: Hoare triple {24282#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24282#false} is VALID [2022-02-20 17:56:07,577 INFO L290 TraceCheckUtils]: 100: Hoare triple {24282#false} assume true; {24282#false} is VALID [2022-02-20 17:56:07,577 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {24282#false} {24282#false} #1049#return; {24282#false} is VALID [2022-02-20 17:56:07,578 INFO L290 TraceCheckUtils]: 102: Hoare triple {24282#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {24282#false} is VALID [2022-02-20 17:56:07,578 INFO L290 TraceCheckUtils]: 103: Hoare triple {24282#false} assume !(-1 == ~mail_is_sensitive~0); {24282#false} is VALID [2022-02-20 17:56:07,578 INFO L272 TraceCheckUtils]: 104: Hoare triple {24282#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {24282#false} is VALID [2022-02-20 17:56:07,578 INFO L290 TraceCheckUtils]: 105: Hoare triple {24282#false} ~handle := #in~handle;havoc ~retValue_acc~39; {24282#false} is VALID [2022-02-20 17:56:07,578 INFO L290 TraceCheckUtils]: 106: Hoare triple {24282#false} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {24282#false} is VALID [2022-02-20 17:56:07,578 INFO L290 TraceCheckUtils]: 107: Hoare triple {24282#false} assume true; {24282#false} is VALID [2022-02-20 17:56:07,578 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {24282#false} {24282#false} #1053#return; {24282#false} is VALID [2022-02-20 17:56:07,578 INFO L290 TraceCheckUtils]: 109: Hoare triple {24282#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {24282#false} is VALID [2022-02-20 17:56:07,579 INFO L290 TraceCheckUtils]: 110: Hoare triple {24282#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {24282#false} is VALID [2022-02-20 17:56:07,579 INFO L290 TraceCheckUtils]: 111: Hoare triple {24282#false} assume !false; {24282#false} is VALID [2022-02-20 17:56:07,579 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:56:07,579 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 17:56:07,869 INFO L290 TraceCheckUtils]: 111: Hoare triple {24282#false} assume !false; {24282#false} is VALID [2022-02-20 17:56:07,869 INFO L290 TraceCheckUtils]: 110: Hoare triple {24282#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;assume { :begin_inline___automaton_fail } true; {24282#false} is VALID [2022-02-20 17:56:07,869 INFO L290 TraceCheckUtils]: 109: Hoare triple {24282#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1; {24282#false} is VALID [2022-02-20 17:56:07,869 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {24281#true} {24282#false} #1053#return; {24282#false} is VALID [2022-02-20 17:56:07,869 INFO L290 TraceCheckUtils]: 107: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,869 INFO L290 TraceCheckUtils]: 106: Hoare triple {24281#true} assume 1 == ~handle;~retValue_acc~39 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~39; {24281#true} is VALID [2022-02-20 17:56:07,869 INFO L290 TraceCheckUtils]: 105: Hoare triple {24281#true} ~handle := #in~handle;havoc ~retValue_acc~39; {24281#true} is VALID [2022-02-20 17:56:07,869 INFO L272 TraceCheckUtils]: 104: Hoare triple {24282#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {24281#true} is VALID [2022-02-20 17:56:07,869 INFO L290 TraceCheckUtils]: 103: Hoare triple {24282#false} assume !(-1 == ~mail_is_sensitive~0); {24282#false} is VALID [2022-02-20 17:56:07,869 INFO L290 TraceCheckUtils]: 102: Hoare triple {24282#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret9#1, mail_#t~ret10#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~3#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~3#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret7#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret8#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~2#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 := puts(4, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret6#1; {24282#false} is VALID [2022-02-20 17:56:07,869 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {24281#true} {24282#false} #1049#return; {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 100: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 99: Hoare triple {24281#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 98: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,870 INFO L272 TraceCheckUtils]: 97: Hoare triple {24282#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1); {24281#true} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 96: Hoare triple {24282#false} outgoing__wrappee__Keys_#t~ret11#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret11#1 && outgoing__wrappee__Keys_#t~ret11#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~4#1 := outgoing__wrappee__Keys_#t~ret11#1;havoc outgoing__wrappee__Keys_#t~ret11#1; {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 95: Hoare triple {24282#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 94: Hoare triple {24282#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret11#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~4#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~4#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 93: Hoare triple {24282#false} assume !(0 != ~pubkey~0#1); {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 92: Hoare triple {24282#false} #t~ret13#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret13#1 && #t~ret13#1 <= 2147483647;~tmp___0~0#1 := #t~ret13#1;havoc #t~ret13#1;~pubkey~0#1 := ~tmp___0~0#1; {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 91: Hoare triple {24282#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~14#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~14#1; {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 90: Hoare triple {24282#false} assume 1 == findPublicKey_~handle#1; {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 89: Hoare triple {24282#false} assume -2147483648 <= #t~ret12#1 && #t~ret12#1 <= 2147483647;~tmp~5#1 := #t~ret12#1;havoc #t~ret12#1;~receiver~0#1 := ~tmp~5#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~14#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~14#1; {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {24281#true} {24282#false} #1043#return; {24282#false} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 87: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 86: Hoare triple {24281#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_to0~0;#res := ~retValue_acc~36; {24281#true} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 85: Hoare triple {24281#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24281#true} is VALID [2022-02-20 17:56:07,870 INFO L272 TraceCheckUtils]: 84: Hoare triple {24282#false} call #t~ret12#1 := getEmailTo(~msg#1); {24281#true} is VALID [2022-02-20 17:56:07,870 INFO L290 TraceCheckUtils]: 83: Hoare triple {24282#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~5#1;havoc ~pubkey~0#1;havoc ~tmp___0~0#1; {24282#false} is VALID [2022-02-20 17:56:07,871 INFO L272 TraceCheckUtils]: 82: Hoare triple {24282#false} call outgoing__wrappee__Encrypt(~client#1, ~msg#1); {24282#false} is VALID [2022-02-20 17:56:07,871 INFO L290 TraceCheckUtils]: 81: Hoare triple {24282#false} assume !(0 != ~size~2#1); {24282#false} is VALID [2022-02-20 17:56:07,871 INFO L290 TraceCheckUtils]: 80: Hoare triple {24282#false} assume -2147483648 <= #t~ret14#1 && #t~ret14#1 <= 2147483647;~tmp~6#1 := #t~ret14#1;havoc #t~ret14#1;~size~2#1 := ~tmp~6#1; {24282#false} is VALID [2022-02-20 17:56:07,871 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {24281#true} {24282#false} #1025#return; {24282#false} is VALID [2022-02-20 17:56:07,871 INFO L290 TraceCheckUtils]: 78: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,871 INFO L290 TraceCheckUtils]: 77: Hoare triple {24281#true} assume 1 == ~handle;~retValue_acc~3 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~3; {24281#true} is VALID [2022-02-20 17:56:07,873 INFO L290 TraceCheckUtils]: 76: Hoare triple {24281#true} ~handle := #in~handle;havoc ~retValue_acc~3; {24281#true} is VALID [2022-02-20 17:56:07,873 INFO L272 TraceCheckUtils]: 75: Hoare triple {24282#false} call #t~ret14#1 := getClientAddressBookSize(~client#1); {24281#true} is VALID [2022-02-20 17:56:07,873 INFO L290 TraceCheckUtils]: 74: Hoare triple {24282#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~2#1;havoc ~tmp~6#1;havoc ~receiver~1#1;havoc ~tmp___0~1#1;havoc ~second~0#1;havoc ~tmp___1~0#1;havoc ~tmp___2~0#1; {24282#false} is VALID [2022-02-20 17:56:07,873 INFO L272 TraceCheckUtils]: 73: Hoare triple {24282#false} call outgoing(~sender#1, ~email~0#1); {24282#false} is VALID [2022-02-20 17:56:07,873 INFO L290 TraceCheckUtils]: 72: Hoare triple {24282#false} #t~ret26#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret26#1 && #t~ret26#1 <= 2147483647;~tmp~9#1 := #t~ret26#1;havoc #t~ret26#1;~email~0#1 := ~tmp~9#1; {24282#false} is VALID [2022-02-20 17:56:07,873 INFO L290 TraceCheckUtils]: 71: Hoare triple {24282#false} createEmail_~retValue_acc~25#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~25#1; {24282#false} is VALID [2022-02-20 17:56:07,873 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {24281#true} {24282#false} #1067#return; {24282#false} is VALID [2022-02-20 17:56:07,874 INFO L290 TraceCheckUtils]: 69: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,874 INFO L290 TraceCheckUtils]: 68: Hoare triple {24281#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,874 INFO L290 TraceCheckUtils]: 67: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,874 INFO L272 TraceCheckUtils]: 66: Hoare triple {24282#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24281#true} is VALID [2022-02-20 17:56:07,874 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {24281#true} {24282#false} #1065#return; {24282#false} is VALID [2022-02-20 17:56:07,874 INFO L290 TraceCheckUtils]: 64: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,874 INFO L290 TraceCheckUtils]: 63: Hoare triple {24281#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,874 INFO L290 TraceCheckUtils]: 62: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,874 INFO L272 TraceCheckUtils]: 61: Hoare triple {24282#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24281#true} is VALID [2022-02-20 17:56:07,874 INFO L290 TraceCheckUtils]: 60: Hoare triple {24282#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~9#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~25#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~25#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24282#false} is VALID [2022-02-20 17:56:07,874 INFO L272 TraceCheckUtils]: 59: Hoare triple {24282#false} call sendEmail(~bob~0, ~rjh~0); {24282#false} is VALID [2022-02-20 17:56:07,874 INFO L290 TraceCheckUtils]: 58: Hoare triple {24282#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret78#1, bobToRjh_#t~ret79#1, bobToRjh_#t~ret80#1, bobToRjh_#t~ret81#1, bobToRjh_~tmp~17#1, bobToRjh_~tmp___0~6#1, bobToRjh_~tmp___1~4#1;havoc bobToRjh_~tmp~17#1;havoc bobToRjh_~tmp___0~6#1;havoc bobToRjh_~tmp___1~4#1;call bobToRjh_#t~ret78#1 := puts(29, 0);assume -2147483648 <= bobToRjh_#t~ret78#1 && bobToRjh_#t~ret78#1 <= 2147483647;havoc bobToRjh_#t~ret78#1; {24282#false} is VALID [2022-02-20 17:56:07,876 INFO L290 TraceCheckUtils]: 57: Hoare triple {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {24282#false} is VALID [2022-02-20 17:56:07,877 INFO L290 TraceCheckUtils]: 56: Hoare triple {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:07,877 INFO L290 TraceCheckUtils]: 55: Hoare triple {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:07,877 INFO L290 TraceCheckUtils]: 54: Hoare triple {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:07,878 INFO L290 TraceCheckUtils]: 53: Hoare triple {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:07,878 INFO L290 TraceCheckUtils]: 52: Hoare triple {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:07,878 INFO L290 TraceCheckUtils]: 51: Hoare triple {24861#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24842#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:07,878 INFO L290 TraceCheckUtils]: 50: Hoare triple {24861#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {24861#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:56:07,879 INFO L290 TraceCheckUtils]: 49: Hoare triple {24861#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {24861#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:56:07,879 INFO L290 TraceCheckUtils]: 48: Hoare triple {24281#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~5#1, test_~tmp___1~3#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~3#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24861#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:56:07,879 INFO L290 TraceCheckUtils]: 47: Hoare triple {24281#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 33, 0;havoc setup_#t~nondet85#1; {24281#true} is VALID [2022-02-20 17:56:07,879 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24281#true} {24281#true} #1089#return; {24281#true} is VALID [2022-02-20 17:56:07,879 INFO L290 TraceCheckUtils]: 45: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,879 INFO L290 TraceCheckUtils]: 44: Hoare triple {24281#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,880 INFO L290 TraceCheckUtils]: 43: Hoare triple {24281#true} assume !(2 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,880 INFO L290 TraceCheckUtils]: 42: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,880 INFO L290 TraceCheckUtils]: 41: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,880 INFO L272 TraceCheckUtils]: 40: Hoare triple {24281#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24281#true} is VALID [2022-02-20 17:56:07,880 INFO L290 TraceCheckUtils]: 39: Hoare triple {24281#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {24281#true} is VALID [2022-02-20 17:56:07,880 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24281#true} {24281#true} #1087#return; {24281#true} is VALID [2022-02-20 17:56:07,880 INFO L290 TraceCheckUtils]: 37: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 36: Hoare triple {24281#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 35: Hoare triple {24281#true} assume !(2 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 34: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 33: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L272 TraceCheckUtils]: 32: Hoare triple {24281#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 31: Hoare triple {24281#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 32, 0;havoc setup_#t~nondet84#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24281#true} {24281#true} #1085#return; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 29: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 28: Hoare triple {24281#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 27: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 26: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L272 TraceCheckUtils]: 25: Hoare triple {24281#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 24: Hoare triple {24281#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24281#true} {24281#true} #1083#return; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 22: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 21: Hoare triple {24281#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 20: Hoare triple {24281#true} assume !(1 == ~handle); {24281#true} is VALID [2022-02-20 17:56:07,881 INFO L290 TraceCheckUtils]: 19: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,882 INFO L272 TraceCheckUtils]: 18: Hoare triple {24281#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24281#true} is VALID [2022-02-20 17:56:07,882 INFO L290 TraceCheckUtils]: 17: Hoare triple {24281#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 31, 0;havoc setup_#t~nondet83#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24281#true} is VALID [2022-02-20 17:56:07,882 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24281#true} {24281#true} #1081#return; {24281#true} is VALID [2022-02-20 17:56:07,882 INFO L290 TraceCheckUtils]: 15: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,882 INFO L290 TraceCheckUtils]: 14: Hoare triple {24281#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,882 INFO L290 TraceCheckUtils]: 13: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,882 INFO L272 TraceCheckUtils]: 12: Hoare triple {24281#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24281#true} is VALID [2022-02-20 17:56:07,882 INFO L290 TraceCheckUtils]: 11: Hoare triple {24281#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24281#true} {24281#true} #1079#return; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L290 TraceCheckUtils]: 9: Hoare triple {24281#true} assume true; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L290 TraceCheckUtils]: 8: Hoare triple {24281#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L290 TraceCheckUtils]: 7: Hoare triple {24281#true} ~handle := #in~handle;~value := #in~value; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L272 TraceCheckUtils]: 6: Hoare triple {24281#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L290 TraceCheckUtils]: 5: Hoare triple {24281#true} assume 0 != main_~tmp~18#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet83#1, setup_#t~nondet84#1, setup_#t~nondet85#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L290 TraceCheckUtils]: 4: Hoare triple {24281#true} main_#t~ret86#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret86#1 && main_#t~ret86#1 <= 2147483647;main_~tmp~18#1 := main_#t~ret86#1;havoc main_#t~ret86#1; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L290 TraceCheckUtils]: 3: Hoare triple {24281#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~28#1;havoc valid_product_~retValue_acc~28#1;valid_product_~retValue_acc~28#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~28#1; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L290 TraceCheckUtils]: 2: Hoare triple {24281#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L290 TraceCheckUtils]: 1: Hoare triple {24281#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret86#1, main_~retValue_acc~32#1, main_~tmp~18#1;havoc main_~retValue_acc~32#1;havoc main_~tmp~18#1;assume { :begin_inline_select_helpers } true; {24281#true} is VALID [2022-02-20 17:56:07,883 INFO L290 TraceCheckUtils]: 0: Hoare triple {24281#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(10, 5);call #Ultimate.allocInit(34, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(20, 9);call #Ultimate.allocInit(10, 10);call #Ultimate.allocInit(12, 11);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(18, 13);call #Ultimate.allocInit(16, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(4, 16);call write~init~int(37, 16, 0, 1);call write~init~int(115, 16, 1, 1);call write~init~int(10, 16, 2, 1);call write~init~int(0, 16, 3, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);call #Ultimate.allocInit(44, 29);call #Ultimate.allocInit(44, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(11, 33);call #Ultimate.allocInit(19, 34);call #Ultimate.allocInit(4, 35);call write~init~int(37, 35, 0, 1);call write~init~int(100, 35, 1, 1);call write~init~int(10, 35, 2, 1);call write~init~int(0, 35, 3, 1);call #Ultimate.allocInit(4, 36);call write~init~int(37, 36, 0, 1);call write~init~int(100, 36, 1, 1);call write~init~int(10, 36, 2, 1);call write~init~int(0, 36, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {24281#true} is VALID [2022-02-20 17:56:07,887 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:56:07,887 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1148094713] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 17:56:07,888 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 17:56:07,888 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 4, 4] total 11 [2022-02-20 17:56:07,888 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1602443394] [2022-02-20 17:56:07,888 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 17:56:07,889 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 11 states have (on average 9.545454545454545) internal successors, (105), 7 states have internal predecessors, (105), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 112 [2022-02-20 17:56:08,324 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:08,325 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 11 states, 11 states have (on average 9.545454545454545) internal successors, (105), 7 states have internal predecessors, (105), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:56:08,422 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 153 edges. 153 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:08,423 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-02-20 17:56:08,423 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:08,424 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-02-20 17:56:08,424 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=29, Invalid=81, Unknown=0, NotChecked=0, Total=110 [2022-02-20 17:56:08,424 INFO L87 Difference]: Start difference. First operand 407 states and 643 transitions. Second operand has 11 states, 11 states have (on average 9.545454545454545) internal successors, (105), 7 states have internal predecessors, (105), 2 states have call successors, (30), 6 states have call predecessors, (30), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18)