./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec1_product26.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec1_product26.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1c7cb2243c6731bf722079adc6952447a998ab6b938202887231d0b533119871 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:55:32,973 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:55:32,974 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:55:33,019 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:55:33,019 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:55:33,023 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:55:33,024 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:55:33,031 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:55:33,033 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:55:33,033 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:55:33,034 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:55:33,035 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:55:33,035 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:55:33,036 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:55:33,037 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:55:33,038 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:55:33,039 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:55:33,040 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:55:33,041 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:55:33,042 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:55:33,044 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:55:33,044 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:55:33,045 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:55:33,046 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:55:33,048 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:55:33,048 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:55:33,049 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:55:33,049 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:55:33,051 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:55:33,052 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:55:33,052 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:55:33,052 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:55:33,053 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:55:33,054 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:55:33,054 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:55:33,055 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:55:33,056 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:55:33,056 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:55:33,056 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:55:33,057 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:55:33,058 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:55:33,059 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:55:33,082 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:55:33,083 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:55:33,083 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:55:33,083 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:55:33,084 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:55:33,084 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:55:33,085 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:55:33,085 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:55:33,085 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:55:33,085 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:55:33,085 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:55:33,086 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:55:33,086 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:55:33,086 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:55:33,086 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:55:33,086 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:55:33,087 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:55:33,087 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:55:33,087 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:55:33,087 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:55:33,087 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:55:33,088 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:55:33,088 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:55:33,088 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:55:33,088 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:33,089 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:55:33,089 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:55:33,089 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:55:33,089 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:55:33,089 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:55:33,090 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:55:33,090 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:55:33,090 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:55:33,090 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1c7cb2243c6731bf722079adc6952447a998ab6b938202887231d0b533119871 [2022-02-20 17:55:33,353 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:55:33,379 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:55:33,381 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:55:33,382 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:55:33,383 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:55:33,384 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec1_product26.cil.c [2022-02-20 17:55:33,451 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/abc9bdb35/8175c913ed834af992dbfac87b4f2f72/FLAGd04e45855 [2022-02-20 17:55:33,959 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:55:33,960 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product26.cil.c [2022-02-20 17:55:33,977 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/abc9bdb35/8175c913ed834af992dbfac87b4f2f72/FLAGd04e45855 [2022-02-20 17:55:34,225 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/abc9bdb35/8175c913ed834af992dbfac87b4f2f72 [2022-02-20 17:55:34,227 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:55:34,228 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:55:34,229 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:34,229 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:55:34,233 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:55:34,234 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:34" (1/1) ... [2022-02-20 17:55:34,235 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@2558bb4c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:34, skipping insertion in model container [2022-02-20 17:55:34,235 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:34" (1/1) ... [2022-02-20 17:55:34,241 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:55:34,290 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:55:34,660 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product26.cil.c[21785,21798] [2022-02-20 17:55:34,851 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:34,876 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:55:34,950 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product26.cil.c[21785,21798] [2022-02-20 17:55:35,022 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:35,057 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:55:35,058 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35 WrapperNode [2022-02-20 17:55:35,058 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:35,060 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:35,060 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:55:35,060 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:55:35,066 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,100 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,177 INFO L137 Inliner]: procedures = 131, calls = 225, calls flagged for inlining = 60, calls inlined = 57, statements flattened = 1095 [2022-02-20 17:55:35,180 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:35,181 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:55:35,181 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:55:35,181 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:55:35,188 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,189 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,203 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,204 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,234 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,252 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,260 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,291 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:55:35,292 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:55:35,293 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:55:35,293 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:55:35,294 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (1/1) ... [2022-02-20 17:55:35,304 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:35,316 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:35,336 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:55:35,349 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:55:35,377 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:55:35,377 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:55:35,378 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:55:35,378 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:55:35,378 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:55:35,378 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:55:35,378 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:55:35,379 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:55:35,380 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:55:35,380 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:55:35,380 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__AutoResponder [2022-02-20 17:55:35,381 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__AutoResponder [2022-02-20 17:55:35,381 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:55:35,381 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:55:35,381 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:55:35,381 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:55:35,381 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:55:35,382 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:55:35,382 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:55:35,382 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:55:35,382 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:55:35,382 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:55:35,382 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:55:35,383 INFO L130 BoogieDeclarations]: Found specification of procedure queue [2022-02-20 17:55:35,383 INFO L138 BoogieDeclarations]: Found implementation of procedure queue [2022-02-20 17:55:35,383 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:55:35,383 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:55:35,383 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:55:35,383 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:55:35,384 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:55:35,384 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:55:35,384 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:55:35,384 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:55:35,384 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:55:35,384 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:55:35,385 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:55:35,385 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:55:35,385 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:55:35,385 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:55:35,385 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:55:35,385 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:55:35,386 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:55:35,386 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:55:35,386 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:55:35,386 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:55:35,387 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:55:35,387 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:55:35,387 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:55:35,387 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:55:35,387 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:55:35,387 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:55:35,642 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:55:35,643 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:55:36,428 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:55:36,447 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:55:36,448 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:55:36,450 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:36 BoogieIcfgContainer [2022-02-20 17:55:36,451 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:55:36,452 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:55:36,453 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:55:36,455 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:55:36,456 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:55:34" (1/3) ... [2022-02-20 17:55:36,457 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3e44d520 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:36, skipping insertion in model container [2022-02-20 17:55:36,457 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:35" (2/3) ... [2022-02-20 17:55:36,457 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3e44d520 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:36, skipping insertion in model container [2022-02-20 17:55:36,457 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:36" (3/3) ... [2022-02-20 17:55:36,461 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec1_product26.cil.c [2022-02-20 17:55:36,466 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:55:36,466 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:55:36,514 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:55:36,520 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:55:36,520 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:55:36,550 INFO L276 IsEmpty]: Start isEmpty. Operand has 399 states, 312 states have (on average 1.564102564102564) internal successors, (488), 317 states have internal predecessors, (488), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (62), 61 states have call predecessors, (62), 62 states have call successors, (62) [2022-02-20 17:55:36,564 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-02-20 17:55:36,565 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:36,565 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:36,566 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:36,570 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:36,570 INFO L85 PathProgramCache]: Analyzing trace with hash -1736972103, now seen corresponding path program 1 times [2022-02-20 17:55:36,578 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:36,578 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1617065734] [2022-02-20 17:55:36,579 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:36,579 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:36,802 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:36,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:36,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:36,960 INFO L290 TraceCheckUtils]: 0: Hoare triple {453#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:36,961 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:36,961 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:36,961 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {402#true} #1247#return; {402#true} is VALID [2022-02-20 17:55:36,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:36,976 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:36,985 INFO L290 TraceCheckUtils]: 0: Hoare triple {454#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:36,986 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:36,987 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:36,987 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {402#true} #1249#return; {402#true} is VALID [2022-02-20 17:55:36,988 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:36,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,024 INFO L290 TraceCheckUtils]: 0: Hoare triple {453#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {455#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:37,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {455#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {456#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:37,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {456#(= |setClientId_#in~handle| 1)} assume true; {456#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:37,026 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {456#(= |setClientId_#in~handle| 1)} {412#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1251#return; {403#false} is VALID [2022-02-20 17:55:37,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:37,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,036 INFO L290 TraceCheckUtils]: 0: Hoare triple {454#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,036 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,037 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,037 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {403#false} #1253#return; {403#false} is VALID [2022-02-20 17:55:37,037 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:37,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,048 INFO L290 TraceCheckUtils]: 0: Hoare triple {453#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,048 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,049 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {403#false} #1255#return; {403#false} is VALID [2022-02-20 17:55:37,049 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:37,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,059 INFO L290 TraceCheckUtils]: 0: Hoare triple {454#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,060 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,060 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,060 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {403#false} #1257#return; {403#false} is VALID [2022-02-20 17:55:37,075 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:55:37,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,087 INFO L290 TraceCheckUtils]: 0: Hoare triple {457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,088 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,088 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,089 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {403#false} #1191#return; {403#false} is VALID [2022-02-20 17:55:37,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:55:37,112 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,124 INFO L290 TraceCheckUtils]: 0: Hoare triple {458#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,124 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,125 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,125 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {403#false} #1193#return; {403#false} is VALID [2022-02-20 17:55:37,125 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:55:37,127 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,130 INFO L290 TraceCheckUtils]: 0: Hoare triple {402#true} ~handle := #in~handle;havoc ~retValue_acc~15; {402#true} is VALID [2022-02-20 17:55:37,131 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {402#true} is VALID [2022-02-20 17:55:37,131 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,132 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {403#false} #1173#return; {403#false} is VALID [2022-02-20 17:55:37,132 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:55:37,135 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,138 INFO L290 TraceCheckUtils]: 0: Hoare triple {402#true} ~handle := #in~handle;havoc ~retValue_acc~33; {402#true} is VALID [2022-02-20 17:55:37,138 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {402#true} is VALID [2022-02-20 17:55:37,139 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,139 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {403#false} #1205#return; {403#false} is VALID [2022-02-20 17:55:37,139 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:55:37,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,151 INFO L290 TraceCheckUtils]: 0: Hoare triple {457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,151 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,152 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,152 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {403#false} #1211#return; {403#false} is VALID [2022-02-20 17:55:37,152 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:55:37,153 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,160 INFO L290 TraceCheckUtils]: 0: Hoare triple {402#true} ~handle := #in~handle;havoc ~retValue_acc~36; {402#true} is VALID [2022-02-20 17:55:37,160 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {402#true} is VALID [2022-02-20 17:55:37,161 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,164 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {402#true} {403#false} #1215#return; {403#false} is VALID [2022-02-20 17:55:37,168 INFO L290 TraceCheckUtils]: 0: Hoare triple {402#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {402#true} is VALID [2022-02-20 17:55:37,169 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {402#true} is VALID [2022-02-20 17:55:37,169 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {402#true} is VALID [2022-02-20 17:55:37,170 INFO L290 TraceCheckUtils]: 3: Hoare triple {402#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {402#true} is VALID [2022-02-20 17:55:37,171 INFO L290 TraceCheckUtils]: 4: Hoare triple {402#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {402#true} is VALID [2022-02-20 17:55:37,172 INFO L290 TraceCheckUtils]: 5: Hoare triple {402#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {402#true} is VALID [2022-02-20 17:55:37,173 INFO L272 TraceCheckUtils]: 6: Hoare triple {402#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {453#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:37,174 INFO L290 TraceCheckUtils]: 7: Hoare triple {453#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,174 INFO L290 TraceCheckUtils]: 8: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,174 INFO L290 TraceCheckUtils]: 9: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,174 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {402#true} {402#true} #1247#return; {402#true} is VALID [2022-02-20 17:55:37,175 INFO L290 TraceCheckUtils]: 11: Hoare triple {402#true} assume { :end_inline_setup_bob__wrappee__Base } true; {402#true} is VALID [2022-02-20 17:55:37,176 INFO L272 TraceCheckUtils]: 12: Hoare triple {402#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {454#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:37,176 INFO L290 TraceCheckUtils]: 13: Hoare triple {454#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,176 INFO L290 TraceCheckUtils]: 14: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,176 INFO L290 TraceCheckUtils]: 15: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,177 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {402#true} {402#true} #1249#return; {402#true} is VALID [2022-02-20 17:55:37,177 INFO L290 TraceCheckUtils]: 17: Hoare triple {402#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {412#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:37,179 INFO L272 TraceCheckUtils]: 18: Hoare triple {412#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {453#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:37,180 INFO L290 TraceCheckUtils]: 19: Hoare triple {453#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {455#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:37,180 INFO L290 TraceCheckUtils]: 20: Hoare triple {455#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {456#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:37,181 INFO L290 TraceCheckUtils]: 21: Hoare triple {456#(= |setClientId_#in~handle| 1)} assume true; {456#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:37,182 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {456#(= |setClientId_#in~handle| 1)} {412#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1251#return; {403#false} is VALID [2022-02-20 17:55:37,182 INFO L290 TraceCheckUtils]: 23: Hoare triple {403#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {403#false} is VALID [2022-02-20 17:55:37,182 INFO L272 TraceCheckUtils]: 24: Hoare triple {403#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {454#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:37,182 INFO L290 TraceCheckUtils]: 25: Hoare triple {454#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,183 INFO L290 TraceCheckUtils]: 26: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,183 INFO L290 TraceCheckUtils]: 27: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,183 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {402#true} {403#false} #1253#return; {403#false} is VALID [2022-02-20 17:55:37,183 INFO L290 TraceCheckUtils]: 29: Hoare triple {403#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {403#false} is VALID [2022-02-20 17:55:37,184 INFO L272 TraceCheckUtils]: 30: Hoare triple {403#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {453#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:37,184 INFO L290 TraceCheckUtils]: 31: Hoare triple {453#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,184 INFO L290 TraceCheckUtils]: 32: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,184 INFO L290 TraceCheckUtils]: 33: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,185 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {402#true} {403#false} #1255#return; {403#false} is VALID [2022-02-20 17:55:37,185 INFO L290 TraceCheckUtils]: 35: Hoare triple {403#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {403#false} is VALID [2022-02-20 17:55:37,185 INFO L272 TraceCheckUtils]: 36: Hoare triple {403#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {454#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:37,185 INFO L290 TraceCheckUtils]: 37: Hoare triple {454#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,185 INFO L290 TraceCheckUtils]: 38: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,186 INFO L290 TraceCheckUtils]: 39: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,186 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {402#true} {403#false} #1257#return; {403#false} is VALID [2022-02-20 17:55:37,186 INFO L290 TraceCheckUtils]: 41: Hoare triple {403#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {403#false} is VALID [2022-02-20 17:55:37,186 INFO L290 TraceCheckUtils]: 42: Hoare triple {403#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {403#false} is VALID [2022-02-20 17:55:37,187 INFO L290 TraceCheckUtils]: 43: Hoare triple {403#false} assume !true; {403#false} is VALID [2022-02-20 17:55:37,187 INFO L290 TraceCheckUtils]: 44: Hoare triple {403#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {403#false} is VALID [2022-02-20 17:55:37,187 INFO L272 TraceCheckUtils]: 45: Hoare triple {403#false} call sendEmail(~bob~0, ~rjh~0); {403#false} is VALID [2022-02-20 17:55:37,187 INFO L290 TraceCheckUtils]: 46: Hoare triple {403#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {403#false} is VALID [2022-02-20 17:55:37,188 INFO L272 TraceCheckUtils]: 47: Hoare triple {403#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:37,188 INFO L290 TraceCheckUtils]: 48: Hoare triple {457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,188 INFO L290 TraceCheckUtils]: 49: Hoare triple {402#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,188 INFO L290 TraceCheckUtils]: 50: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,189 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {402#true} {403#false} #1191#return; {403#false} is VALID [2022-02-20 17:55:37,189 INFO L272 TraceCheckUtils]: 52: Hoare triple {403#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {458#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:37,189 INFO L290 TraceCheckUtils]: 53: Hoare triple {458#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,189 INFO L290 TraceCheckUtils]: 54: Hoare triple {402#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,189 INFO L290 TraceCheckUtils]: 55: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,190 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {402#true} {403#false} #1193#return; {403#false} is VALID [2022-02-20 17:55:37,190 INFO L290 TraceCheckUtils]: 57: Hoare triple {403#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {403#false} is VALID [2022-02-20 17:55:37,190 INFO L290 TraceCheckUtils]: 58: Hoare triple {403#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {403#false} is VALID [2022-02-20 17:55:37,190 INFO L272 TraceCheckUtils]: 59: Hoare triple {403#false} call outgoing(~sender#1, ~email~0#1); {403#false} is VALID [2022-02-20 17:55:37,191 INFO L290 TraceCheckUtils]: 60: Hoare triple {403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {403#false} is VALID [2022-02-20 17:55:37,191 INFO L272 TraceCheckUtils]: 61: Hoare triple {403#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {402#true} is VALID [2022-02-20 17:55:37,191 INFO L290 TraceCheckUtils]: 62: Hoare triple {402#true} ~handle := #in~handle;havoc ~retValue_acc~15; {402#true} is VALID [2022-02-20 17:55:37,191 INFO L290 TraceCheckUtils]: 63: Hoare triple {402#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {402#true} is VALID [2022-02-20 17:55:37,191 INFO L290 TraceCheckUtils]: 64: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,192 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {402#true} {403#false} #1173#return; {403#false} is VALID [2022-02-20 17:55:37,192 INFO L290 TraceCheckUtils]: 66: Hoare triple {403#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {403#false} is VALID [2022-02-20 17:55:37,192 INFO L290 TraceCheckUtils]: 67: Hoare triple {403#false} assume !(0 != ~size~0#1); {403#false} is VALID [2022-02-20 17:55:37,192 INFO L272 TraceCheckUtils]: 68: Hoare triple {403#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {403#false} is VALID [2022-02-20 17:55:37,192 INFO L290 TraceCheckUtils]: 69: Hoare triple {403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {403#false} is VALID [2022-02-20 17:55:37,193 INFO L272 TraceCheckUtils]: 70: Hoare triple {403#false} call #t~ret41#1 := getEmailTo(~msg#1); {402#true} is VALID [2022-02-20 17:55:37,193 INFO L290 TraceCheckUtils]: 71: Hoare triple {402#true} ~handle := #in~handle;havoc ~retValue_acc~33; {402#true} is VALID [2022-02-20 17:55:37,193 INFO L290 TraceCheckUtils]: 72: Hoare triple {402#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {402#true} is VALID [2022-02-20 17:55:37,193 INFO L290 TraceCheckUtils]: 73: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,194 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {402#true} {403#false} #1205#return; {403#false} is VALID [2022-02-20 17:55:37,194 INFO L290 TraceCheckUtils]: 75: Hoare triple {403#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {403#false} is VALID [2022-02-20 17:55:37,194 INFO L290 TraceCheckUtils]: 76: Hoare triple {403#false} assume 1 == findPublicKey_~handle#1; {403#false} is VALID [2022-02-20 17:55:37,194 INFO L290 TraceCheckUtils]: 77: Hoare triple {403#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {403#false} is VALID [2022-02-20 17:55:37,194 INFO L290 TraceCheckUtils]: 78: Hoare triple {403#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {403#false} is VALID [2022-02-20 17:55:37,195 INFO L290 TraceCheckUtils]: 79: Hoare triple {403#false} assume !(0 != ~pubkey~0#1); {403#false} is VALID [2022-02-20 17:55:37,195 INFO L290 TraceCheckUtils]: 80: Hoare triple {403#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {403#false} is VALID [2022-02-20 17:55:37,195 INFO L290 TraceCheckUtils]: 81: Hoare triple {403#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {403#false} is VALID [2022-02-20 17:55:37,195 INFO L290 TraceCheckUtils]: 82: Hoare triple {403#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {403#false} is VALID [2022-02-20 17:55:37,196 INFO L272 TraceCheckUtils]: 83: Hoare triple {403#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:37,196 INFO L290 TraceCheckUtils]: 84: Hoare triple {457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,196 INFO L290 TraceCheckUtils]: 85: Hoare triple {402#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,196 INFO L290 TraceCheckUtils]: 86: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,196 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {402#true} {403#false} #1211#return; {403#false} is VALID [2022-02-20 17:55:37,197 INFO L290 TraceCheckUtils]: 88: Hoare triple {403#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {403#false} is VALID [2022-02-20 17:55:37,197 INFO L290 TraceCheckUtils]: 89: Hoare triple {403#false} assume !(-1 == ~mail_is_sensitive~0); {403#false} is VALID [2022-02-20 17:55:37,197 INFO L272 TraceCheckUtils]: 90: Hoare triple {403#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {402#true} is VALID [2022-02-20 17:55:37,197 INFO L290 TraceCheckUtils]: 91: Hoare triple {402#true} ~handle := #in~handle;havoc ~retValue_acc~36; {402#true} is VALID [2022-02-20 17:55:37,198 INFO L290 TraceCheckUtils]: 92: Hoare triple {402#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {402#true} is VALID [2022-02-20 17:55:37,198 INFO L290 TraceCheckUtils]: 93: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,198 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {402#true} {403#false} #1215#return; {403#false} is VALID [2022-02-20 17:55:37,198 INFO L290 TraceCheckUtils]: 95: Hoare triple {403#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {403#false} is VALID [2022-02-20 17:55:37,198 INFO L290 TraceCheckUtils]: 96: Hoare triple {403#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {403#false} is VALID [2022-02-20 17:55:37,199 INFO L290 TraceCheckUtils]: 97: Hoare triple {403#false} assume !false; {403#false} is VALID [2022-02-20 17:55:37,199 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:37,200 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:37,200 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1617065734] [2022-02-20 17:55:37,201 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1617065734] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:37,201 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [990824579] [2022-02-20 17:55:37,201 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:37,201 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:37,202 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:37,203 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:37,205 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:55:37,481 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,486 INFO L263 TraceCheckSpWp]: Trace formula consists of 1038 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:55:37,547 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:37,553 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:37,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {402#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {402#true} is VALID [2022-02-20 17:55:37,775 INFO L290 TraceCheckUtils]: 1: Hoare triple {402#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {402#true} is VALID [2022-02-20 17:55:37,775 INFO L290 TraceCheckUtils]: 2: Hoare triple {402#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {402#true} is VALID [2022-02-20 17:55:37,775 INFO L290 TraceCheckUtils]: 3: Hoare triple {402#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {402#true} is VALID [2022-02-20 17:55:37,775 INFO L290 TraceCheckUtils]: 4: Hoare triple {402#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {402#true} is VALID [2022-02-20 17:55:37,775 INFO L290 TraceCheckUtils]: 5: Hoare triple {402#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {402#true} is VALID [2022-02-20 17:55:37,776 INFO L272 TraceCheckUtils]: 6: Hoare triple {402#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {402#true} is VALID [2022-02-20 17:55:37,776 INFO L290 TraceCheckUtils]: 7: Hoare triple {402#true} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,776 INFO L290 TraceCheckUtils]: 8: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,776 INFO L290 TraceCheckUtils]: 9: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,777 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {402#true} {402#true} #1247#return; {402#true} is VALID [2022-02-20 17:55:37,777 INFO L290 TraceCheckUtils]: 11: Hoare triple {402#true} assume { :end_inline_setup_bob__wrappee__Base } true; {402#true} is VALID [2022-02-20 17:55:37,777 INFO L272 TraceCheckUtils]: 12: Hoare triple {402#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {402#true} is VALID [2022-02-20 17:55:37,777 INFO L290 TraceCheckUtils]: 13: Hoare triple {402#true} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,777 INFO L290 TraceCheckUtils]: 14: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,777 INFO L290 TraceCheckUtils]: 15: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,778 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {402#true} {402#true} #1249#return; {402#true} is VALID [2022-02-20 17:55:37,778 INFO L290 TraceCheckUtils]: 17: Hoare triple {402#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {402#true} is VALID [2022-02-20 17:55:37,778 INFO L272 TraceCheckUtils]: 18: Hoare triple {402#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {402#true} is VALID [2022-02-20 17:55:37,778 INFO L290 TraceCheckUtils]: 19: Hoare triple {402#true} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,778 INFO L290 TraceCheckUtils]: 20: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,779 INFO L290 TraceCheckUtils]: 21: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,779 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {402#true} {402#true} #1251#return; {402#true} is VALID [2022-02-20 17:55:37,781 INFO L290 TraceCheckUtils]: 23: Hoare triple {402#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {402#true} is VALID [2022-02-20 17:55:37,782 INFO L272 TraceCheckUtils]: 24: Hoare triple {402#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {402#true} is VALID [2022-02-20 17:55:37,782 INFO L290 TraceCheckUtils]: 25: Hoare triple {402#true} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,782 INFO L290 TraceCheckUtils]: 26: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,782 INFO L290 TraceCheckUtils]: 27: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,783 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {402#true} {402#true} #1253#return; {402#true} is VALID [2022-02-20 17:55:37,783 INFO L290 TraceCheckUtils]: 29: Hoare triple {402#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {402#true} is VALID [2022-02-20 17:55:37,783 INFO L272 TraceCheckUtils]: 30: Hoare triple {402#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {402#true} is VALID [2022-02-20 17:55:37,783 INFO L290 TraceCheckUtils]: 31: Hoare triple {402#true} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,783 INFO L290 TraceCheckUtils]: 32: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,784 INFO L290 TraceCheckUtils]: 33: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,784 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {402#true} {402#true} #1255#return; {402#true} is VALID [2022-02-20 17:55:37,784 INFO L290 TraceCheckUtils]: 35: Hoare triple {402#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {402#true} is VALID [2022-02-20 17:55:37,784 INFO L272 TraceCheckUtils]: 36: Hoare triple {402#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {402#true} is VALID [2022-02-20 17:55:37,784 INFO L290 TraceCheckUtils]: 37: Hoare triple {402#true} ~handle := #in~handle;~value := #in~value; {402#true} is VALID [2022-02-20 17:55:37,784 INFO L290 TraceCheckUtils]: 38: Hoare triple {402#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {402#true} is VALID [2022-02-20 17:55:37,785 INFO L290 TraceCheckUtils]: 39: Hoare triple {402#true} assume true; {402#true} is VALID [2022-02-20 17:55:37,785 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {402#true} {402#true} #1257#return; {402#true} is VALID [2022-02-20 17:55:37,785 INFO L290 TraceCheckUtils]: 41: Hoare triple {402#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {402#true} is VALID [2022-02-20 17:55:37,785 INFO L290 TraceCheckUtils]: 42: Hoare triple {402#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {402#true} is VALID [2022-02-20 17:55:37,786 INFO L290 TraceCheckUtils]: 43: Hoare triple {402#true} assume !true; {403#false} is VALID [2022-02-20 17:55:37,786 INFO L290 TraceCheckUtils]: 44: Hoare triple {403#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {403#false} is VALID [2022-02-20 17:55:37,786 INFO L272 TraceCheckUtils]: 45: Hoare triple {403#false} call sendEmail(~bob~0, ~rjh~0); {403#false} is VALID [2022-02-20 17:55:37,786 INFO L290 TraceCheckUtils]: 46: Hoare triple {403#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {403#false} is VALID [2022-02-20 17:55:37,787 INFO L272 TraceCheckUtils]: 47: Hoare triple {403#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {403#false} is VALID [2022-02-20 17:55:37,787 INFO L290 TraceCheckUtils]: 48: Hoare triple {403#false} ~handle := #in~handle;~value := #in~value; {403#false} is VALID [2022-02-20 17:55:37,787 INFO L290 TraceCheckUtils]: 49: Hoare triple {403#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {403#false} is VALID [2022-02-20 17:55:37,787 INFO L290 TraceCheckUtils]: 50: Hoare triple {403#false} assume true; {403#false} is VALID [2022-02-20 17:55:37,787 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {403#false} {403#false} #1191#return; {403#false} is VALID [2022-02-20 17:55:37,788 INFO L272 TraceCheckUtils]: 52: Hoare triple {403#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {403#false} is VALID [2022-02-20 17:55:37,788 INFO L290 TraceCheckUtils]: 53: Hoare triple {403#false} ~handle := #in~handle;~value := #in~value; {403#false} is VALID [2022-02-20 17:55:37,788 INFO L290 TraceCheckUtils]: 54: Hoare triple {403#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {403#false} is VALID [2022-02-20 17:55:37,788 INFO L290 TraceCheckUtils]: 55: Hoare triple {403#false} assume true; {403#false} is VALID [2022-02-20 17:55:37,788 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {403#false} {403#false} #1193#return; {403#false} is VALID [2022-02-20 17:55:37,788 INFO L290 TraceCheckUtils]: 57: Hoare triple {403#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {403#false} is VALID [2022-02-20 17:55:37,789 INFO L290 TraceCheckUtils]: 58: Hoare triple {403#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {403#false} is VALID [2022-02-20 17:55:37,789 INFO L272 TraceCheckUtils]: 59: Hoare triple {403#false} call outgoing(~sender#1, ~email~0#1); {403#false} is VALID [2022-02-20 17:55:37,789 INFO L290 TraceCheckUtils]: 60: Hoare triple {403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {403#false} is VALID [2022-02-20 17:55:37,789 INFO L272 TraceCheckUtils]: 61: Hoare triple {403#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {403#false} is VALID [2022-02-20 17:55:37,789 INFO L290 TraceCheckUtils]: 62: Hoare triple {403#false} ~handle := #in~handle;havoc ~retValue_acc~15; {403#false} is VALID [2022-02-20 17:55:37,790 INFO L290 TraceCheckUtils]: 63: Hoare triple {403#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {403#false} is VALID [2022-02-20 17:55:37,790 INFO L290 TraceCheckUtils]: 64: Hoare triple {403#false} assume true; {403#false} is VALID [2022-02-20 17:55:37,790 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {403#false} {403#false} #1173#return; {403#false} is VALID [2022-02-20 17:55:37,790 INFO L290 TraceCheckUtils]: 66: Hoare triple {403#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {403#false} is VALID [2022-02-20 17:55:37,790 INFO L290 TraceCheckUtils]: 67: Hoare triple {403#false} assume !(0 != ~size~0#1); {403#false} is VALID [2022-02-20 17:55:37,790 INFO L272 TraceCheckUtils]: 68: Hoare triple {403#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {403#false} is VALID [2022-02-20 17:55:37,791 INFO L290 TraceCheckUtils]: 69: Hoare triple {403#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {403#false} is VALID [2022-02-20 17:55:37,791 INFO L272 TraceCheckUtils]: 70: Hoare triple {403#false} call #t~ret41#1 := getEmailTo(~msg#1); {403#false} is VALID [2022-02-20 17:55:37,791 INFO L290 TraceCheckUtils]: 71: Hoare triple {403#false} ~handle := #in~handle;havoc ~retValue_acc~33; {403#false} is VALID [2022-02-20 17:55:37,791 INFO L290 TraceCheckUtils]: 72: Hoare triple {403#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {403#false} is VALID [2022-02-20 17:55:37,791 INFO L290 TraceCheckUtils]: 73: Hoare triple {403#false} assume true; {403#false} is VALID [2022-02-20 17:55:37,791 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {403#false} {403#false} #1205#return; {403#false} is VALID [2022-02-20 17:55:37,792 INFO L290 TraceCheckUtils]: 75: Hoare triple {403#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {403#false} is VALID [2022-02-20 17:55:37,792 INFO L290 TraceCheckUtils]: 76: Hoare triple {403#false} assume 1 == findPublicKey_~handle#1; {403#false} is VALID [2022-02-20 17:55:37,792 INFO L290 TraceCheckUtils]: 77: Hoare triple {403#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {403#false} is VALID [2022-02-20 17:55:37,792 INFO L290 TraceCheckUtils]: 78: Hoare triple {403#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {403#false} is VALID [2022-02-20 17:55:37,792 INFO L290 TraceCheckUtils]: 79: Hoare triple {403#false} assume !(0 != ~pubkey~0#1); {403#false} is VALID [2022-02-20 17:55:37,793 INFO L290 TraceCheckUtils]: 80: Hoare triple {403#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {403#false} is VALID [2022-02-20 17:55:37,793 INFO L290 TraceCheckUtils]: 81: Hoare triple {403#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {403#false} is VALID [2022-02-20 17:55:37,793 INFO L290 TraceCheckUtils]: 82: Hoare triple {403#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {403#false} is VALID [2022-02-20 17:55:37,793 INFO L272 TraceCheckUtils]: 83: Hoare triple {403#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {403#false} is VALID [2022-02-20 17:55:37,793 INFO L290 TraceCheckUtils]: 84: Hoare triple {403#false} ~handle := #in~handle;~value := #in~value; {403#false} is VALID [2022-02-20 17:55:37,793 INFO L290 TraceCheckUtils]: 85: Hoare triple {403#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {403#false} is VALID [2022-02-20 17:55:37,794 INFO L290 TraceCheckUtils]: 86: Hoare triple {403#false} assume true; {403#false} is VALID [2022-02-20 17:55:37,794 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {403#false} {403#false} #1211#return; {403#false} is VALID [2022-02-20 17:55:37,794 INFO L290 TraceCheckUtils]: 88: Hoare triple {403#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {403#false} is VALID [2022-02-20 17:55:37,794 INFO L290 TraceCheckUtils]: 89: Hoare triple {403#false} assume !(-1 == ~mail_is_sensitive~0); {403#false} is VALID [2022-02-20 17:55:37,794 INFO L272 TraceCheckUtils]: 90: Hoare triple {403#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {403#false} is VALID [2022-02-20 17:55:37,795 INFO L290 TraceCheckUtils]: 91: Hoare triple {403#false} ~handle := #in~handle;havoc ~retValue_acc~36; {403#false} is VALID [2022-02-20 17:55:37,795 INFO L290 TraceCheckUtils]: 92: Hoare triple {403#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {403#false} is VALID [2022-02-20 17:55:37,795 INFO L290 TraceCheckUtils]: 93: Hoare triple {403#false} assume true; {403#false} is VALID [2022-02-20 17:55:37,795 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {403#false} {403#false} #1215#return; {403#false} is VALID [2022-02-20 17:55:37,795 INFO L290 TraceCheckUtils]: 95: Hoare triple {403#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {403#false} is VALID [2022-02-20 17:55:37,795 INFO L290 TraceCheckUtils]: 96: Hoare triple {403#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {403#false} is VALID [2022-02-20 17:55:37,796 INFO L290 TraceCheckUtils]: 97: Hoare triple {403#false} assume !false; {403#false} is VALID [2022-02-20 17:55:37,796 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:37,796 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:37,797 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [990824579] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:37,797 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:37,797 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:55:37,799 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1780922878] [2022-02-20 17:55:37,799 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:37,804 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2022-02-20 17:55:37,806 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:37,809 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:37,876 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:37,877 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:55:37,877 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:37,916 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:55:37,917 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:37,923 INFO L87 Difference]: Start difference. First operand has 399 states, 312 states have (on average 1.564102564102564) internal successors, (488), 317 states have internal predecessors, (488), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (62), 61 states have call predecessors, (62), 62 states have call successors, (62) Second operand has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:38,351 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:38,351 INFO L93 Difference]: Finished difference Result 600 states and 906 transitions. [2022-02-20 17:55:38,352 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:55:38,352 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 98 [2022-02-20 17:55:38,353 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:38,354 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:38,381 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 906 transitions. [2022-02-20 17:55:38,381 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:38,400 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 906 transitions. [2022-02-20 17:55:38,400 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 906 transitions. [2022-02-20 17:55:39,145 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 906 edges. 906 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:39,180 INFO L225 Difference]: With dead ends: 600 [2022-02-20 17:55:39,180 INFO L226 Difference]: Without dead ends: 392 [2022-02-20 17:55:39,185 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 125 GetRequests, 118 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:39,188 INFO L933 BasicCegarLoop]: 608 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 608 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:39,189 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 608 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:39,205 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 392 states. [2022-02-20 17:55:39,236 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 392 to 392. [2022-02-20 17:55:39,237 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:39,240 INFO L82 GeneralOperation]: Start isEquivalent. First operand 392 states. Second operand has 392 states, 306 states have (on average 1.5588235294117647) internal successors, (477), 310 states have internal predecessors, (477), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:55:39,243 INFO L74 IsIncluded]: Start isIncluded. First operand 392 states. Second operand has 392 states, 306 states have (on average 1.5588235294117647) internal successors, (477), 310 states have internal predecessors, (477), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:55:39,245 INFO L87 Difference]: Start difference. First operand 392 states. Second operand has 392 states, 306 states have (on average 1.5588235294117647) internal successors, (477), 310 states have internal predecessors, (477), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:55:39,273 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:39,274 INFO L93 Difference]: Finished difference Result 392 states and 600 transitions. [2022-02-20 17:55:39,274 INFO L276 IsEmpty]: Start isEmpty. Operand 392 states and 600 transitions. [2022-02-20 17:55:39,278 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:39,278 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:39,280 INFO L74 IsIncluded]: Start isIncluded. First operand has 392 states, 306 states have (on average 1.5588235294117647) internal successors, (477), 310 states have internal predecessors, (477), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 392 states. [2022-02-20 17:55:39,282 INFO L87 Difference]: Start difference. First operand has 392 states, 306 states have (on average 1.5588235294117647) internal successors, (477), 310 states have internal predecessors, (477), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 392 states. [2022-02-20 17:55:39,308 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:39,309 INFO L93 Difference]: Finished difference Result 392 states and 600 transitions. [2022-02-20 17:55:39,309 INFO L276 IsEmpty]: Start isEmpty. Operand 392 states and 600 transitions. [2022-02-20 17:55:39,311 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:39,311 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:39,311 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:39,311 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:39,313 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 392 states, 306 states have (on average 1.5588235294117647) internal successors, (477), 310 states have internal predecessors, (477), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:55:39,340 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 392 states to 392 states and 600 transitions. [2022-02-20 17:55:39,341 INFO L78 Accepts]: Start accepts. Automaton has 392 states and 600 transitions. Word has length 98 [2022-02-20 17:55:39,342 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:39,342 INFO L470 AbstractCegarLoop]: Abstraction has 392 states and 600 transitions. [2022-02-20 17:55:39,343 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 28.0) internal successors, (56), 2 states have internal predecessors, (56), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:39,343 INFO L276 IsEmpty]: Start isEmpty. Operand 392 states and 600 transitions. [2022-02-20 17:55:39,346 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 100 [2022-02-20 17:55:39,346 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:39,346 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:39,375 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:39,563 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:55:39,564 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:39,564 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:39,564 INFO L85 PathProgramCache]: Analyzing trace with hash 635129965, now seen corresponding path program 1 times [2022-02-20 17:55:39,564 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:39,564 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1662763508] [2022-02-20 17:55:39,564 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:39,565 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:39,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:39,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,645 INFO L290 TraceCheckUtils]: 0: Hoare triple {2958#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,645 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,645 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,645 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2907#true} #1247#return; {2907#true} is VALID [2022-02-20 17:55:39,651 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:39,653 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {2959#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,657 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2907#true} #1249#return; {2907#true} is VALID [2022-02-20 17:55:39,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:39,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,673 INFO L290 TraceCheckUtils]: 0: Hoare triple {2958#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2960#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:39,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {2960#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2961#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:39,675 INFO L290 TraceCheckUtils]: 2: Hoare triple {2961#(= |setClientId_#in~handle| 1)} assume true; {2961#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:39,675 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2961#(= |setClientId_#in~handle| 1)} {2917#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1251#return; {2908#false} is VALID [2022-02-20 17:55:39,676 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:39,678 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,680 INFO L290 TraceCheckUtils]: 0: Hoare triple {2959#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,681 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,681 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2908#false} #1253#return; {2908#false} is VALID [2022-02-20 17:55:39,681 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:39,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {2958#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,687 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,687 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,687 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2908#false} #1255#return; {2908#false} is VALID [2022-02-20 17:55:39,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:39,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,693 INFO L290 TraceCheckUtils]: 0: Hoare triple {2959#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,693 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,693 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,693 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2908#false} #1257#return; {2908#false} is VALID [2022-02-20 17:55:39,700 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:55:39,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,709 INFO L290 TraceCheckUtils]: 0: Hoare triple {2962#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,709 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,709 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,709 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2908#false} #1191#return; {2908#false} is VALID [2022-02-20 17:55:39,724 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:55:39,729 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,732 INFO L290 TraceCheckUtils]: 0: Hoare triple {2963#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,732 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,733 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,733 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2908#false} #1193#return; {2908#false} is VALID [2022-02-20 17:55:39,733 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:55:39,734 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {2907#true} ~handle := #in~handle;havoc ~retValue_acc~15; {2907#true} is VALID [2022-02-20 17:55:39,740 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {2907#true} is VALID [2022-02-20 17:55:39,740 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,741 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2908#false} #1173#return; {2908#false} is VALID [2022-02-20 17:55:39,742 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:55:39,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,751 INFO L290 TraceCheckUtils]: 0: Hoare triple {2907#true} ~handle := #in~handle;havoc ~retValue_acc~33; {2907#true} is VALID [2022-02-20 17:55:39,751 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {2907#true} is VALID [2022-02-20 17:55:39,752 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,752 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2908#false} #1205#return; {2908#false} is VALID [2022-02-20 17:55:39,752 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:55:39,754 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,759 INFO L290 TraceCheckUtils]: 0: Hoare triple {2962#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,760 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,760 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,760 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2908#false} #1211#return; {2908#false} is VALID [2022-02-20 17:55:39,760 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:55:39,762 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:39,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {2907#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2907#true} is VALID [2022-02-20 17:55:39,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {2907#true} is VALID [2022-02-20 17:55:39,765 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,766 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2907#true} {2908#false} #1215#return; {2908#false} is VALID [2022-02-20 17:55:39,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {2907#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {2907#true} is VALID [2022-02-20 17:55:39,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2907#true} is VALID [2022-02-20 17:55:39,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2907#true} is VALID [2022-02-20 17:55:39,767 INFO L290 TraceCheckUtils]: 3: Hoare triple {2907#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {2907#true} is VALID [2022-02-20 17:55:39,767 INFO L290 TraceCheckUtils]: 4: Hoare triple {2907#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2907#true} is VALID [2022-02-20 17:55:39,767 INFO L290 TraceCheckUtils]: 5: Hoare triple {2907#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2907#true} is VALID [2022-02-20 17:55:39,768 INFO L272 TraceCheckUtils]: 6: Hoare triple {2907#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2958#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:39,769 INFO L290 TraceCheckUtils]: 7: Hoare triple {2958#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,769 INFO L290 TraceCheckUtils]: 8: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,769 INFO L290 TraceCheckUtils]: 9: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,771 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2907#true} {2907#true} #1247#return; {2907#true} is VALID [2022-02-20 17:55:39,773 INFO L290 TraceCheckUtils]: 11: Hoare triple {2907#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2907#true} is VALID [2022-02-20 17:55:39,774 INFO L272 TraceCheckUtils]: 12: Hoare triple {2907#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2959#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:39,774 INFO L290 TraceCheckUtils]: 13: Hoare triple {2959#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,775 INFO L290 TraceCheckUtils]: 14: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,776 INFO L290 TraceCheckUtils]: 15: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,776 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2907#true} {2907#true} #1249#return; {2907#true} is VALID [2022-02-20 17:55:39,776 INFO L290 TraceCheckUtils]: 17: Hoare triple {2907#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2917#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:39,777 INFO L272 TraceCheckUtils]: 18: Hoare triple {2917#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2958#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:39,778 INFO L290 TraceCheckUtils]: 19: Hoare triple {2958#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2960#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:39,778 INFO L290 TraceCheckUtils]: 20: Hoare triple {2960#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2961#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:39,779 INFO L290 TraceCheckUtils]: 21: Hoare triple {2961#(= |setClientId_#in~handle| 1)} assume true; {2961#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:39,779 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2961#(= |setClientId_#in~handle| 1)} {2917#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1251#return; {2908#false} is VALID [2022-02-20 17:55:39,779 INFO L290 TraceCheckUtils]: 23: Hoare triple {2908#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2908#false} is VALID [2022-02-20 17:55:39,780 INFO L272 TraceCheckUtils]: 24: Hoare triple {2908#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2959#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:39,780 INFO L290 TraceCheckUtils]: 25: Hoare triple {2959#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,780 INFO L290 TraceCheckUtils]: 26: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,780 INFO L290 TraceCheckUtils]: 27: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,780 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2907#true} {2908#false} #1253#return; {2908#false} is VALID [2022-02-20 17:55:39,780 INFO L290 TraceCheckUtils]: 29: Hoare triple {2908#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2908#false} is VALID [2022-02-20 17:55:39,781 INFO L272 TraceCheckUtils]: 30: Hoare triple {2908#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2958#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:39,781 INFO L290 TraceCheckUtils]: 31: Hoare triple {2958#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,781 INFO L290 TraceCheckUtils]: 32: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,781 INFO L290 TraceCheckUtils]: 33: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,781 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2907#true} {2908#false} #1255#return; {2908#false} is VALID [2022-02-20 17:55:39,781 INFO L290 TraceCheckUtils]: 35: Hoare triple {2908#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2908#false} is VALID [2022-02-20 17:55:39,782 INFO L272 TraceCheckUtils]: 36: Hoare triple {2908#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2959#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:39,782 INFO L290 TraceCheckUtils]: 37: Hoare triple {2959#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,782 INFO L290 TraceCheckUtils]: 38: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,782 INFO L290 TraceCheckUtils]: 39: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,782 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2907#true} {2908#false} #1257#return; {2908#false} is VALID [2022-02-20 17:55:39,782 INFO L290 TraceCheckUtils]: 41: Hoare triple {2908#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2908#false} is VALID [2022-02-20 17:55:39,782 INFO L290 TraceCheckUtils]: 42: Hoare triple {2908#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2908#false} is VALID [2022-02-20 17:55:39,783 INFO L290 TraceCheckUtils]: 43: Hoare triple {2908#false} assume !false; {2908#false} is VALID [2022-02-20 17:55:39,783 INFO L290 TraceCheckUtils]: 44: Hoare triple {2908#false} assume !(test_~splverifierCounter~0#1 < 4); {2908#false} is VALID [2022-02-20 17:55:39,783 INFO L290 TraceCheckUtils]: 45: Hoare triple {2908#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2908#false} is VALID [2022-02-20 17:55:39,783 INFO L272 TraceCheckUtils]: 46: Hoare triple {2908#false} call sendEmail(~bob~0, ~rjh~0); {2908#false} is VALID [2022-02-20 17:55:39,783 INFO L290 TraceCheckUtils]: 47: Hoare triple {2908#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2908#false} is VALID [2022-02-20 17:55:39,784 INFO L272 TraceCheckUtils]: 48: Hoare triple {2908#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2962#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:39,784 INFO L290 TraceCheckUtils]: 49: Hoare triple {2962#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,784 INFO L290 TraceCheckUtils]: 50: Hoare triple {2907#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,784 INFO L290 TraceCheckUtils]: 51: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,784 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2907#true} {2908#false} #1191#return; {2908#false} is VALID [2022-02-20 17:55:39,784 INFO L272 TraceCheckUtils]: 53: Hoare triple {2908#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2963#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:39,785 INFO L290 TraceCheckUtils]: 54: Hoare triple {2963#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,785 INFO L290 TraceCheckUtils]: 55: Hoare triple {2907#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,785 INFO L290 TraceCheckUtils]: 56: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,785 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2907#true} {2908#false} #1193#return; {2908#false} is VALID [2022-02-20 17:55:39,785 INFO L290 TraceCheckUtils]: 58: Hoare triple {2908#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {2908#false} is VALID [2022-02-20 17:55:39,786 INFO L290 TraceCheckUtils]: 59: Hoare triple {2908#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {2908#false} is VALID [2022-02-20 17:55:39,786 INFO L272 TraceCheckUtils]: 60: Hoare triple {2908#false} call outgoing(~sender#1, ~email~0#1); {2908#false} is VALID [2022-02-20 17:55:39,786 INFO L290 TraceCheckUtils]: 61: Hoare triple {2908#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {2908#false} is VALID [2022-02-20 17:55:39,786 INFO L272 TraceCheckUtils]: 62: Hoare triple {2908#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {2907#true} is VALID [2022-02-20 17:55:39,786 INFO L290 TraceCheckUtils]: 63: Hoare triple {2907#true} ~handle := #in~handle;havoc ~retValue_acc~15; {2907#true} is VALID [2022-02-20 17:55:39,786 INFO L290 TraceCheckUtils]: 64: Hoare triple {2907#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {2907#true} is VALID [2022-02-20 17:55:39,787 INFO L290 TraceCheckUtils]: 65: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,787 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2907#true} {2908#false} #1173#return; {2908#false} is VALID [2022-02-20 17:55:39,787 INFO L290 TraceCheckUtils]: 67: Hoare triple {2908#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {2908#false} is VALID [2022-02-20 17:55:39,787 INFO L290 TraceCheckUtils]: 68: Hoare triple {2908#false} assume !(0 != ~size~0#1); {2908#false} is VALID [2022-02-20 17:55:39,787 INFO L272 TraceCheckUtils]: 69: Hoare triple {2908#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {2908#false} is VALID [2022-02-20 17:55:39,787 INFO L290 TraceCheckUtils]: 70: Hoare triple {2908#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {2908#false} is VALID [2022-02-20 17:55:39,788 INFO L272 TraceCheckUtils]: 71: Hoare triple {2908#false} call #t~ret41#1 := getEmailTo(~msg#1); {2907#true} is VALID [2022-02-20 17:55:39,788 INFO L290 TraceCheckUtils]: 72: Hoare triple {2907#true} ~handle := #in~handle;havoc ~retValue_acc~33; {2907#true} is VALID [2022-02-20 17:55:39,788 INFO L290 TraceCheckUtils]: 73: Hoare triple {2907#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {2907#true} is VALID [2022-02-20 17:55:39,788 INFO L290 TraceCheckUtils]: 74: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,793 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {2907#true} {2908#false} #1205#return; {2908#false} is VALID [2022-02-20 17:55:39,794 INFO L290 TraceCheckUtils]: 76: Hoare triple {2908#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {2908#false} is VALID [2022-02-20 17:55:39,794 INFO L290 TraceCheckUtils]: 77: Hoare triple {2908#false} assume 1 == findPublicKey_~handle#1; {2908#false} is VALID [2022-02-20 17:55:39,795 INFO L290 TraceCheckUtils]: 78: Hoare triple {2908#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {2908#false} is VALID [2022-02-20 17:55:39,798 INFO L290 TraceCheckUtils]: 79: Hoare triple {2908#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {2908#false} is VALID [2022-02-20 17:55:39,799 INFO L290 TraceCheckUtils]: 80: Hoare triple {2908#false} assume !(0 != ~pubkey~0#1); {2908#false} is VALID [2022-02-20 17:55:39,799 INFO L290 TraceCheckUtils]: 81: Hoare triple {2908#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {2908#false} is VALID [2022-02-20 17:55:39,799 INFO L290 TraceCheckUtils]: 82: Hoare triple {2908#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {2908#false} is VALID [2022-02-20 17:55:39,800 INFO L290 TraceCheckUtils]: 83: Hoare triple {2908#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {2908#false} is VALID [2022-02-20 17:55:39,800 INFO L272 TraceCheckUtils]: 84: Hoare triple {2908#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {2962#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:39,801 INFO L290 TraceCheckUtils]: 85: Hoare triple {2962#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:39,801 INFO L290 TraceCheckUtils]: 86: Hoare triple {2907#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:39,801 INFO L290 TraceCheckUtils]: 87: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,802 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2907#true} {2908#false} #1211#return; {2908#false} is VALID [2022-02-20 17:55:39,802 INFO L290 TraceCheckUtils]: 89: Hoare triple {2908#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {2908#false} is VALID [2022-02-20 17:55:39,803 INFO L290 TraceCheckUtils]: 90: Hoare triple {2908#false} assume !(-1 == ~mail_is_sensitive~0); {2908#false} is VALID [2022-02-20 17:55:39,803 INFO L272 TraceCheckUtils]: 91: Hoare triple {2908#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {2907#true} is VALID [2022-02-20 17:55:39,806 INFO L290 TraceCheckUtils]: 92: Hoare triple {2907#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2907#true} is VALID [2022-02-20 17:55:39,806 INFO L290 TraceCheckUtils]: 93: Hoare triple {2907#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {2907#true} is VALID [2022-02-20 17:55:39,806 INFO L290 TraceCheckUtils]: 94: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:39,807 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {2907#true} {2908#false} #1215#return; {2908#false} is VALID [2022-02-20 17:55:39,807 INFO L290 TraceCheckUtils]: 96: Hoare triple {2908#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {2908#false} is VALID [2022-02-20 17:55:39,807 INFO L290 TraceCheckUtils]: 97: Hoare triple {2908#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {2908#false} is VALID [2022-02-20 17:55:39,807 INFO L290 TraceCheckUtils]: 98: Hoare triple {2908#false} assume !false; {2908#false} is VALID [2022-02-20 17:55:39,807 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:39,808 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:39,809 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1662763508] [2022-02-20 17:55:39,809 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1662763508] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:39,809 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [375716285] [2022-02-20 17:55:39,810 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:39,810 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:39,810 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:39,812 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:39,823 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:55:40,071 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,076 INFO L263 TraceCheckSpWp]: Trace formula consists of 1039 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:55:40,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:40,128 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:40,400 INFO L290 TraceCheckUtils]: 0: Hoare triple {2907#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {2907#true} is VALID [2022-02-20 17:55:40,401 INFO L290 TraceCheckUtils]: 1: Hoare triple {2907#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2907#true} is VALID [2022-02-20 17:55:40,401 INFO L290 TraceCheckUtils]: 2: Hoare triple {2907#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2907#true} is VALID [2022-02-20 17:55:40,401 INFO L290 TraceCheckUtils]: 3: Hoare triple {2907#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {2907#true} is VALID [2022-02-20 17:55:40,401 INFO L290 TraceCheckUtils]: 4: Hoare triple {2907#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2907#true} is VALID [2022-02-20 17:55:40,405 INFO L290 TraceCheckUtils]: 5: Hoare triple {2907#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2907#true} is VALID [2022-02-20 17:55:40,406 INFO L272 TraceCheckUtils]: 6: Hoare triple {2907#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2907#true} is VALID [2022-02-20 17:55:40,406 INFO L290 TraceCheckUtils]: 7: Hoare triple {2907#true} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:40,406 INFO L290 TraceCheckUtils]: 8: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:40,406 INFO L290 TraceCheckUtils]: 9: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:40,406 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2907#true} {2907#true} #1247#return; {2907#true} is VALID [2022-02-20 17:55:40,406 INFO L290 TraceCheckUtils]: 11: Hoare triple {2907#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2907#true} is VALID [2022-02-20 17:55:40,407 INFO L272 TraceCheckUtils]: 12: Hoare triple {2907#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2907#true} is VALID [2022-02-20 17:55:40,407 INFO L290 TraceCheckUtils]: 13: Hoare triple {2907#true} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:40,407 INFO L290 TraceCheckUtils]: 14: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:40,407 INFO L290 TraceCheckUtils]: 15: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:40,407 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2907#true} {2907#true} #1249#return; {2907#true} is VALID [2022-02-20 17:55:40,407 INFO L290 TraceCheckUtils]: 17: Hoare triple {2907#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2907#true} is VALID [2022-02-20 17:55:40,408 INFO L272 TraceCheckUtils]: 18: Hoare triple {2907#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2907#true} is VALID [2022-02-20 17:55:40,408 INFO L290 TraceCheckUtils]: 19: Hoare triple {2907#true} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:40,408 INFO L290 TraceCheckUtils]: 20: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:40,408 INFO L290 TraceCheckUtils]: 21: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:40,408 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2907#true} {2907#true} #1251#return; {2907#true} is VALID [2022-02-20 17:55:40,408 INFO L290 TraceCheckUtils]: 23: Hoare triple {2907#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2907#true} is VALID [2022-02-20 17:55:40,408 INFO L272 TraceCheckUtils]: 24: Hoare triple {2907#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2907#true} is VALID [2022-02-20 17:55:40,409 INFO L290 TraceCheckUtils]: 25: Hoare triple {2907#true} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:40,409 INFO L290 TraceCheckUtils]: 26: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:40,409 INFO L290 TraceCheckUtils]: 27: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:40,409 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2907#true} {2907#true} #1253#return; {2907#true} is VALID [2022-02-20 17:55:40,409 INFO L290 TraceCheckUtils]: 29: Hoare triple {2907#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2907#true} is VALID [2022-02-20 17:55:40,409 INFO L272 TraceCheckUtils]: 30: Hoare triple {2907#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2907#true} is VALID [2022-02-20 17:55:40,410 INFO L290 TraceCheckUtils]: 31: Hoare triple {2907#true} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:40,410 INFO L290 TraceCheckUtils]: 32: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:40,410 INFO L290 TraceCheckUtils]: 33: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:40,410 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2907#true} {2907#true} #1255#return; {2907#true} is VALID [2022-02-20 17:55:40,410 INFO L290 TraceCheckUtils]: 35: Hoare triple {2907#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2907#true} is VALID [2022-02-20 17:55:40,410 INFO L272 TraceCheckUtils]: 36: Hoare triple {2907#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2907#true} is VALID [2022-02-20 17:55:40,410 INFO L290 TraceCheckUtils]: 37: Hoare triple {2907#true} ~handle := #in~handle;~value := #in~value; {2907#true} is VALID [2022-02-20 17:55:40,411 INFO L290 TraceCheckUtils]: 38: Hoare triple {2907#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2907#true} is VALID [2022-02-20 17:55:40,411 INFO L290 TraceCheckUtils]: 39: Hoare triple {2907#true} assume true; {2907#true} is VALID [2022-02-20 17:55:40,411 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2907#true} {2907#true} #1257#return; {2907#true} is VALID [2022-02-20 17:55:40,411 INFO L290 TraceCheckUtils]: 41: Hoare triple {2907#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2907#true} is VALID [2022-02-20 17:55:40,412 INFO L290 TraceCheckUtils]: 42: Hoare triple {2907#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3093#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:40,413 INFO L290 TraceCheckUtils]: 43: Hoare triple {3093#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3093#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:40,413 INFO L290 TraceCheckUtils]: 44: Hoare triple {3093#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2908#false} is VALID [2022-02-20 17:55:40,413 INFO L290 TraceCheckUtils]: 45: Hoare triple {2908#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2908#false} is VALID [2022-02-20 17:55:40,414 INFO L272 TraceCheckUtils]: 46: Hoare triple {2908#false} call sendEmail(~bob~0, ~rjh~0); {2908#false} is VALID [2022-02-20 17:55:40,414 INFO L290 TraceCheckUtils]: 47: Hoare triple {2908#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2908#false} is VALID [2022-02-20 17:55:40,414 INFO L272 TraceCheckUtils]: 48: Hoare triple {2908#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2908#false} is VALID [2022-02-20 17:55:40,414 INFO L290 TraceCheckUtils]: 49: Hoare triple {2908#false} ~handle := #in~handle;~value := #in~value; {2908#false} is VALID [2022-02-20 17:55:40,414 INFO L290 TraceCheckUtils]: 50: Hoare triple {2908#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2908#false} is VALID [2022-02-20 17:55:40,414 INFO L290 TraceCheckUtils]: 51: Hoare triple {2908#false} assume true; {2908#false} is VALID [2022-02-20 17:55:40,415 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2908#false} {2908#false} #1191#return; {2908#false} is VALID [2022-02-20 17:55:40,415 INFO L272 TraceCheckUtils]: 53: Hoare triple {2908#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2908#false} is VALID [2022-02-20 17:55:40,415 INFO L290 TraceCheckUtils]: 54: Hoare triple {2908#false} ~handle := #in~handle;~value := #in~value; {2908#false} is VALID [2022-02-20 17:55:40,415 INFO L290 TraceCheckUtils]: 55: Hoare triple {2908#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2908#false} is VALID [2022-02-20 17:55:40,415 INFO L290 TraceCheckUtils]: 56: Hoare triple {2908#false} assume true; {2908#false} is VALID [2022-02-20 17:55:40,416 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2908#false} {2908#false} #1193#return; {2908#false} is VALID [2022-02-20 17:55:40,416 INFO L290 TraceCheckUtils]: 58: Hoare triple {2908#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {2908#false} is VALID [2022-02-20 17:55:40,416 INFO L290 TraceCheckUtils]: 59: Hoare triple {2908#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {2908#false} is VALID [2022-02-20 17:55:40,416 INFO L272 TraceCheckUtils]: 60: Hoare triple {2908#false} call outgoing(~sender#1, ~email~0#1); {2908#false} is VALID [2022-02-20 17:55:40,416 INFO L290 TraceCheckUtils]: 61: Hoare triple {2908#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {2908#false} is VALID [2022-02-20 17:55:40,416 INFO L272 TraceCheckUtils]: 62: Hoare triple {2908#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {2908#false} is VALID [2022-02-20 17:55:40,416 INFO L290 TraceCheckUtils]: 63: Hoare triple {2908#false} ~handle := #in~handle;havoc ~retValue_acc~15; {2908#false} is VALID [2022-02-20 17:55:40,417 INFO L290 TraceCheckUtils]: 64: Hoare triple {2908#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {2908#false} is VALID [2022-02-20 17:55:40,417 INFO L290 TraceCheckUtils]: 65: Hoare triple {2908#false} assume true; {2908#false} is VALID [2022-02-20 17:55:40,417 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2908#false} {2908#false} #1173#return; {2908#false} is VALID [2022-02-20 17:55:40,417 INFO L290 TraceCheckUtils]: 67: Hoare triple {2908#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {2908#false} is VALID [2022-02-20 17:55:40,417 INFO L290 TraceCheckUtils]: 68: Hoare triple {2908#false} assume !(0 != ~size~0#1); {2908#false} is VALID [2022-02-20 17:55:40,417 INFO L272 TraceCheckUtils]: 69: Hoare triple {2908#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {2908#false} is VALID [2022-02-20 17:55:40,418 INFO L290 TraceCheckUtils]: 70: Hoare triple {2908#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {2908#false} is VALID [2022-02-20 17:55:40,418 INFO L272 TraceCheckUtils]: 71: Hoare triple {2908#false} call #t~ret41#1 := getEmailTo(~msg#1); {2908#false} is VALID [2022-02-20 17:55:40,418 INFO L290 TraceCheckUtils]: 72: Hoare triple {2908#false} ~handle := #in~handle;havoc ~retValue_acc~33; {2908#false} is VALID [2022-02-20 17:55:40,418 INFO L290 TraceCheckUtils]: 73: Hoare triple {2908#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {2908#false} is VALID [2022-02-20 17:55:40,418 INFO L290 TraceCheckUtils]: 74: Hoare triple {2908#false} assume true; {2908#false} is VALID [2022-02-20 17:55:40,418 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {2908#false} {2908#false} #1205#return; {2908#false} is VALID [2022-02-20 17:55:40,418 INFO L290 TraceCheckUtils]: 76: Hoare triple {2908#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {2908#false} is VALID [2022-02-20 17:55:40,435 INFO L290 TraceCheckUtils]: 77: Hoare triple {2908#false} assume 1 == findPublicKey_~handle#1; {2908#false} is VALID [2022-02-20 17:55:40,435 INFO L290 TraceCheckUtils]: 78: Hoare triple {2908#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {2908#false} is VALID [2022-02-20 17:55:40,435 INFO L290 TraceCheckUtils]: 79: Hoare triple {2908#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {2908#false} is VALID [2022-02-20 17:55:40,435 INFO L290 TraceCheckUtils]: 80: Hoare triple {2908#false} assume !(0 != ~pubkey~0#1); {2908#false} is VALID [2022-02-20 17:55:40,435 INFO L290 TraceCheckUtils]: 81: Hoare triple {2908#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {2908#false} is VALID [2022-02-20 17:55:40,436 INFO L290 TraceCheckUtils]: 82: Hoare triple {2908#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {2908#false} is VALID [2022-02-20 17:55:40,436 INFO L290 TraceCheckUtils]: 83: Hoare triple {2908#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {2908#false} is VALID [2022-02-20 17:55:40,436 INFO L272 TraceCheckUtils]: 84: Hoare triple {2908#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {2908#false} is VALID [2022-02-20 17:55:40,436 INFO L290 TraceCheckUtils]: 85: Hoare triple {2908#false} ~handle := #in~handle;~value := #in~value; {2908#false} is VALID [2022-02-20 17:55:40,436 INFO L290 TraceCheckUtils]: 86: Hoare triple {2908#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2908#false} is VALID [2022-02-20 17:55:40,436 INFO L290 TraceCheckUtils]: 87: Hoare triple {2908#false} assume true; {2908#false} is VALID [2022-02-20 17:55:40,437 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {2908#false} {2908#false} #1211#return; {2908#false} is VALID [2022-02-20 17:55:40,437 INFO L290 TraceCheckUtils]: 89: Hoare triple {2908#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {2908#false} is VALID [2022-02-20 17:55:40,437 INFO L290 TraceCheckUtils]: 90: Hoare triple {2908#false} assume !(-1 == ~mail_is_sensitive~0); {2908#false} is VALID [2022-02-20 17:55:40,437 INFO L272 TraceCheckUtils]: 91: Hoare triple {2908#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {2908#false} is VALID [2022-02-20 17:55:40,437 INFO L290 TraceCheckUtils]: 92: Hoare triple {2908#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2908#false} is VALID [2022-02-20 17:55:40,437 INFO L290 TraceCheckUtils]: 93: Hoare triple {2908#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {2908#false} is VALID [2022-02-20 17:55:40,438 INFO L290 TraceCheckUtils]: 94: Hoare triple {2908#false} assume true; {2908#false} is VALID [2022-02-20 17:55:40,438 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {2908#false} {2908#false} #1215#return; {2908#false} is VALID [2022-02-20 17:55:40,438 INFO L290 TraceCheckUtils]: 96: Hoare triple {2908#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {2908#false} is VALID [2022-02-20 17:55:40,438 INFO L290 TraceCheckUtils]: 97: Hoare triple {2908#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {2908#false} is VALID [2022-02-20 17:55:40,438 INFO L290 TraceCheckUtils]: 98: Hoare triple {2908#false} assume !false; {2908#false} is VALID [2022-02-20 17:55:40,439 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:40,439 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:40,439 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [375716285] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:40,440 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:40,446 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:55:40,446 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [674478323] [2022-02-20 17:55:40,447 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:40,450 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2022-02-20 17:55:40,450 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:40,450 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:40,526 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 84 edges. 84 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:40,526 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:40,526 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:40,527 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:40,527 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:40,528 INFO L87 Difference]: Start difference. First operand 392 states and 600 transitions. Second operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:41,119 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:41,120 INFO L93 Difference]: Finished difference Result 590 states and 884 transitions. [2022-02-20 17:55:41,120 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:41,120 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 99 [2022-02-20 17:55:41,120 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:41,121 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:41,133 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 884 transitions. [2022-02-20 17:55:41,133 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:41,175 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 884 transitions. [2022-02-20 17:55:41,181 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 884 transitions. [2022-02-20 17:55:41,800 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 884 edges. 884 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:41,816 INFO L225 Difference]: With dead ends: 590 [2022-02-20 17:55:41,816 INFO L226 Difference]: Without dead ends: 395 [2022-02-20 17:55:41,817 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 126 GetRequests, 118 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:41,818 INFO L933 BasicCegarLoop]: 598 mSDtfsCounter, 1 mSDsluCounter, 596 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1194 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:41,818 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1194 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:41,825 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 395 states. [2022-02-20 17:55:41,852 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 395 to 394. [2022-02-20 17:55:41,852 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:41,853 INFO L82 GeneralOperation]: Start isEquivalent. First operand 395 states. Second operand has 394 states, 308 states have (on average 1.5551948051948052) internal successors, (479), 312 states have internal predecessors, (479), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:55:41,854 INFO L74 IsIncluded]: Start isIncluded. First operand 395 states. Second operand has 394 states, 308 states have (on average 1.5551948051948052) internal successors, (479), 312 states have internal predecessors, (479), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:55:41,856 INFO L87 Difference]: Start difference. First operand 395 states. Second operand has 394 states, 308 states have (on average 1.5551948051948052) internal successors, (479), 312 states have internal predecessors, (479), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:55:41,871 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:41,872 INFO L93 Difference]: Finished difference Result 395 states and 603 transitions. [2022-02-20 17:55:41,872 INFO L276 IsEmpty]: Start isEmpty. Operand 395 states and 603 transitions. [2022-02-20 17:55:41,873 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:41,874 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:41,875 INFO L74 IsIncluded]: Start isIncluded. First operand has 394 states, 308 states have (on average 1.5551948051948052) internal successors, (479), 312 states have internal predecessors, (479), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 395 states. [2022-02-20 17:55:41,876 INFO L87 Difference]: Start difference. First operand has 394 states, 308 states have (on average 1.5551948051948052) internal successors, (479), 312 states have internal predecessors, (479), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) Second operand 395 states. [2022-02-20 17:55:41,891 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:41,892 INFO L93 Difference]: Finished difference Result 395 states and 603 transitions. [2022-02-20 17:55:41,892 INFO L276 IsEmpty]: Start isEmpty. Operand 395 states and 603 transitions. [2022-02-20 17:55:41,893 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:41,893 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:41,894 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:41,894 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:41,895 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 394 states, 308 states have (on average 1.5551948051948052) internal successors, (479), 312 states have internal predecessors, (479), 62 states have call successors, (62), 23 states have call predecessors, (62), 23 states have return successors, (61), 60 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:55:41,924 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 394 states to 394 states and 602 transitions. [2022-02-20 17:55:41,924 INFO L78 Accepts]: Start accepts. Automaton has 394 states and 602 transitions. Word has length 99 [2022-02-20 17:55:41,924 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:41,925 INFO L470 AbstractCegarLoop]: Abstraction has 394 states and 602 transitions. [2022-02-20 17:55:41,925 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.0) internal successors, (57), 3 states have internal predecessors, (57), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:41,925 INFO L276 IsEmpty]: Start isEmpty. Operand 394 states and 602 transitions. [2022-02-20 17:55:41,927 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2022-02-20 17:55:41,927 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:41,927 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:41,949 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:42,139 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:55:42,140 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:42,140 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:42,140 INFO L85 PathProgramCache]: Analyzing trace with hash -417428784, now seen corresponding path program 1 times [2022-02-20 17:55:42,141 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:42,141 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [444597702] [2022-02-20 17:55:42,141 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:42,141 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:42,177 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:42,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,223 INFO L290 TraceCheckUtils]: 0: Hoare triple {5460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,227 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,227 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,227 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5409#true} #1247#return; {5409#true} is VALID [2022-02-20 17:55:42,233 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:42,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,239 INFO L290 TraceCheckUtils]: 0: Hoare triple {5461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,239 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,240 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,240 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5409#true} #1249#return; {5409#true} is VALID [2022-02-20 17:55:42,240 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:42,244 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {5460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5462#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:42,264 INFO L290 TraceCheckUtils]: 1: Hoare triple {5462#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5463#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:42,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {5463#(= |setClientId_#in~handle| 1)} assume true; {5463#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:42,265 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5463#(= |setClientId_#in~handle| 1)} {5419#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1251#return; {5410#false} is VALID [2022-02-20 17:55:42,265 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:42,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,272 INFO L290 TraceCheckUtils]: 0: Hoare triple {5461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,273 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,273 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,273 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5410#false} #1253#return; {5410#false} is VALID [2022-02-20 17:55:42,273 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:42,276 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,278 INFO L290 TraceCheckUtils]: 0: Hoare triple {5460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,278 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,279 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5410#false} #1255#return; {5410#false} is VALID [2022-02-20 17:55:42,279 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:42,281 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,283 INFO L290 TraceCheckUtils]: 0: Hoare triple {5461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,283 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,284 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,284 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5410#false} #1257#return; {5410#false} is VALID [2022-02-20 17:55:42,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:55:42,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,294 INFO L290 TraceCheckUtils]: 0: Hoare triple {5464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,295 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,295 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5410#false} #1191#return; {5410#false} is VALID [2022-02-20 17:55:42,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:55:42,303 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,316 INFO L290 TraceCheckUtils]: 0: Hoare triple {5465#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,317 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,317 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,317 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5410#false} #1193#return; {5410#false} is VALID [2022-02-20 17:55:42,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:55:42,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,323 INFO L290 TraceCheckUtils]: 0: Hoare triple {5409#true} ~handle := #in~handle;havoc ~retValue_acc~15; {5409#true} is VALID [2022-02-20 17:55:42,324 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {5409#true} is VALID [2022-02-20 17:55:42,324 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,324 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5410#false} #1173#return; {5410#false} is VALID [2022-02-20 17:55:42,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:55:42,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,329 INFO L290 TraceCheckUtils]: 0: Hoare triple {5409#true} ~handle := #in~handle;havoc ~retValue_acc~33; {5409#true} is VALID [2022-02-20 17:55:42,329 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {5409#true} is VALID [2022-02-20 17:55:42,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,329 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5410#false} #1205#return; {5410#false} is VALID [2022-02-20 17:55:42,330 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:55:42,331 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,335 INFO L290 TraceCheckUtils]: 0: Hoare triple {5464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,335 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,336 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,336 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5410#false} #1211#return; {5410#false} is VALID [2022-02-20 17:55:42,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:55:42,337 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,339 INFO L290 TraceCheckUtils]: 0: Hoare triple {5409#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5409#true} is VALID [2022-02-20 17:55:42,340 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {5409#true} is VALID [2022-02-20 17:55:42,340 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,340 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5409#true} {5410#false} #1215#return; {5410#false} is VALID [2022-02-20 17:55:42,340 INFO L290 TraceCheckUtils]: 0: Hoare triple {5409#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {5409#true} is VALID [2022-02-20 17:55:42,340 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5409#true} is VALID [2022-02-20 17:55:42,340 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5409#true} is VALID [2022-02-20 17:55:42,341 INFO L290 TraceCheckUtils]: 3: Hoare triple {5409#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {5409#true} is VALID [2022-02-20 17:55:42,341 INFO L290 TraceCheckUtils]: 4: Hoare triple {5409#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5409#true} is VALID [2022-02-20 17:55:42,341 INFO L290 TraceCheckUtils]: 5: Hoare triple {5409#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5409#true} is VALID [2022-02-20 17:55:42,342 INFO L272 TraceCheckUtils]: 6: Hoare triple {5409#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:42,342 INFO L290 TraceCheckUtils]: 7: Hoare triple {5460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,342 INFO L290 TraceCheckUtils]: 8: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,342 INFO L290 TraceCheckUtils]: 9: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,342 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5409#true} {5409#true} #1247#return; {5409#true} is VALID [2022-02-20 17:55:42,342 INFO L290 TraceCheckUtils]: 11: Hoare triple {5409#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5409#true} is VALID [2022-02-20 17:55:42,343 INFO L272 TraceCheckUtils]: 12: Hoare triple {5409#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:42,343 INFO L290 TraceCheckUtils]: 13: Hoare triple {5461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,343 INFO L290 TraceCheckUtils]: 14: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,343 INFO L290 TraceCheckUtils]: 15: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,344 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5409#true} {5409#true} #1249#return; {5409#true} is VALID [2022-02-20 17:55:42,344 INFO L290 TraceCheckUtils]: 17: Hoare triple {5409#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5419#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:42,345 INFO L272 TraceCheckUtils]: 18: Hoare triple {5419#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:42,345 INFO L290 TraceCheckUtils]: 19: Hoare triple {5460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5462#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:42,346 INFO L290 TraceCheckUtils]: 20: Hoare triple {5462#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5463#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:42,346 INFO L290 TraceCheckUtils]: 21: Hoare triple {5463#(= |setClientId_#in~handle| 1)} assume true; {5463#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:42,347 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5463#(= |setClientId_#in~handle| 1)} {5419#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1251#return; {5410#false} is VALID [2022-02-20 17:55:42,347 INFO L290 TraceCheckUtils]: 23: Hoare triple {5410#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5410#false} is VALID [2022-02-20 17:55:42,347 INFO L272 TraceCheckUtils]: 24: Hoare triple {5410#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:42,347 INFO L290 TraceCheckUtils]: 25: Hoare triple {5461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,347 INFO L290 TraceCheckUtils]: 26: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,347 INFO L290 TraceCheckUtils]: 27: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,347 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5409#true} {5410#false} #1253#return; {5410#false} is VALID [2022-02-20 17:55:42,348 INFO L290 TraceCheckUtils]: 29: Hoare triple {5410#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5410#false} is VALID [2022-02-20 17:55:42,348 INFO L272 TraceCheckUtils]: 30: Hoare triple {5410#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:42,348 INFO L290 TraceCheckUtils]: 31: Hoare triple {5460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,348 INFO L290 TraceCheckUtils]: 32: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,348 INFO L290 TraceCheckUtils]: 33: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,348 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5409#true} {5410#false} #1255#return; {5410#false} is VALID [2022-02-20 17:55:42,348 INFO L290 TraceCheckUtils]: 35: Hoare triple {5410#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5410#false} is VALID [2022-02-20 17:55:42,349 INFO L272 TraceCheckUtils]: 36: Hoare triple {5410#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:42,349 INFO L290 TraceCheckUtils]: 37: Hoare triple {5461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,349 INFO L290 TraceCheckUtils]: 38: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,349 INFO L290 TraceCheckUtils]: 39: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,349 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5409#true} {5410#false} #1257#return; {5410#false} is VALID [2022-02-20 17:55:42,349 INFO L290 TraceCheckUtils]: 41: Hoare triple {5410#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5410#false} is VALID [2022-02-20 17:55:42,349 INFO L290 TraceCheckUtils]: 42: Hoare triple {5410#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5410#false} is VALID [2022-02-20 17:55:42,350 INFO L290 TraceCheckUtils]: 43: Hoare triple {5410#false} assume !false; {5410#false} is VALID [2022-02-20 17:55:42,350 INFO L290 TraceCheckUtils]: 44: Hoare triple {5410#false} assume test_~splverifierCounter~0#1 < 4; {5410#false} is VALID [2022-02-20 17:55:42,350 INFO L290 TraceCheckUtils]: 45: Hoare triple {5410#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5410#false} is VALID [2022-02-20 17:55:42,350 INFO L290 TraceCheckUtils]: 46: Hoare triple {5410#false} assume !(0 == test_~op1~0#1); {5410#false} is VALID [2022-02-20 17:55:42,350 INFO L290 TraceCheckUtils]: 47: Hoare triple {5410#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {5410#false} is VALID [2022-02-20 17:55:42,350 INFO L290 TraceCheckUtils]: 48: Hoare triple {5410#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5410#false} is VALID [2022-02-20 17:55:42,351 INFO L290 TraceCheckUtils]: 49: Hoare triple {5410#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5410#false} is VALID [2022-02-20 17:55:42,351 INFO L290 TraceCheckUtils]: 50: Hoare triple {5410#false} assume { :end_inline_setClientAutoResponse } true; {5410#false} is VALID [2022-02-20 17:55:42,351 INFO L290 TraceCheckUtils]: 51: Hoare triple {5410#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5410#false} is VALID [2022-02-20 17:55:42,351 INFO L290 TraceCheckUtils]: 52: Hoare triple {5410#false} assume !false; {5410#false} is VALID [2022-02-20 17:55:42,351 INFO L290 TraceCheckUtils]: 53: Hoare triple {5410#false} assume !(test_~splverifierCounter~0#1 < 4); {5410#false} is VALID [2022-02-20 17:55:42,351 INFO L290 TraceCheckUtils]: 54: Hoare triple {5410#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5410#false} is VALID [2022-02-20 17:55:42,351 INFO L272 TraceCheckUtils]: 55: Hoare triple {5410#false} call sendEmail(~bob~0, ~rjh~0); {5410#false} is VALID [2022-02-20 17:55:42,351 INFO L290 TraceCheckUtils]: 56: Hoare triple {5410#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5410#false} is VALID [2022-02-20 17:55:42,352 INFO L272 TraceCheckUtils]: 57: Hoare triple {5410#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:42,352 INFO L290 TraceCheckUtils]: 58: Hoare triple {5464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,352 INFO L290 TraceCheckUtils]: 59: Hoare triple {5409#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,352 INFO L290 TraceCheckUtils]: 60: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,352 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5409#true} {5410#false} #1191#return; {5410#false} is VALID [2022-02-20 17:55:42,352 INFO L272 TraceCheckUtils]: 62: Hoare triple {5410#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5465#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:42,352 INFO L290 TraceCheckUtils]: 63: Hoare triple {5465#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,353 INFO L290 TraceCheckUtils]: 64: Hoare triple {5409#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,353 INFO L290 TraceCheckUtils]: 65: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,353 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5409#true} {5410#false} #1193#return; {5410#false} is VALID [2022-02-20 17:55:42,353 INFO L290 TraceCheckUtils]: 67: Hoare triple {5410#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {5410#false} is VALID [2022-02-20 17:55:42,353 INFO L290 TraceCheckUtils]: 68: Hoare triple {5410#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {5410#false} is VALID [2022-02-20 17:55:42,354 INFO L272 TraceCheckUtils]: 69: Hoare triple {5410#false} call outgoing(~sender#1, ~email~0#1); {5410#false} is VALID [2022-02-20 17:55:42,354 INFO L290 TraceCheckUtils]: 70: Hoare triple {5410#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {5410#false} is VALID [2022-02-20 17:55:42,354 INFO L272 TraceCheckUtils]: 71: Hoare triple {5410#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {5409#true} is VALID [2022-02-20 17:55:42,355 INFO L290 TraceCheckUtils]: 72: Hoare triple {5409#true} ~handle := #in~handle;havoc ~retValue_acc~15; {5409#true} is VALID [2022-02-20 17:55:42,355 INFO L290 TraceCheckUtils]: 73: Hoare triple {5409#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {5409#true} is VALID [2022-02-20 17:55:42,355 INFO L290 TraceCheckUtils]: 74: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,355 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5409#true} {5410#false} #1173#return; {5410#false} is VALID [2022-02-20 17:55:42,355 INFO L290 TraceCheckUtils]: 76: Hoare triple {5410#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {5410#false} is VALID [2022-02-20 17:55:42,355 INFO L290 TraceCheckUtils]: 77: Hoare triple {5410#false} assume !(0 != ~size~0#1); {5410#false} is VALID [2022-02-20 17:55:42,355 INFO L272 TraceCheckUtils]: 78: Hoare triple {5410#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {5410#false} is VALID [2022-02-20 17:55:42,356 INFO L290 TraceCheckUtils]: 79: Hoare triple {5410#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {5410#false} is VALID [2022-02-20 17:55:42,356 INFO L272 TraceCheckUtils]: 80: Hoare triple {5410#false} call #t~ret41#1 := getEmailTo(~msg#1); {5409#true} is VALID [2022-02-20 17:55:42,356 INFO L290 TraceCheckUtils]: 81: Hoare triple {5409#true} ~handle := #in~handle;havoc ~retValue_acc~33; {5409#true} is VALID [2022-02-20 17:55:42,356 INFO L290 TraceCheckUtils]: 82: Hoare triple {5409#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {5409#true} is VALID [2022-02-20 17:55:42,356 INFO L290 TraceCheckUtils]: 83: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,356 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {5409#true} {5410#false} #1205#return; {5410#false} is VALID [2022-02-20 17:55:42,356 INFO L290 TraceCheckUtils]: 85: Hoare triple {5410#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {5410#false} is VALID [2022-02-20 17:55:42,356 INFO L290 TraceCheckUtils]: 86: Hoare triple {5410#false} assume 1 == findPublicKey_~handle#1; {5410#false} is VALID [2022-02-20 17:55:42,357 INFO L290 TraceCheckUtils]: 87: Hoare triple {5410#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {5410#false} is VALID [2022-02-20 17:55:42,357 INFO L290 TraceCheckUtils]: 88: Hoare triple {5410#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {5410#false} is VALID [2022-02-20 17:55:42,357 INFO L290 TraceCheckUtils]: 89: Hoare triple {5410#false} assume !(0 != ~pubkey~0#1); {5410#false} is VALID [2022-02-20 17:55:42,357 INFO L290 TraceCheckUtils]: 90: Hoare triple {5410#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {5410#false} is VALID [2022-02-20 17:55:42,357 INFO L290 TraceCheckUtils]: 91: Hoare triple {5410#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {5410#false} is VALID [2022-02-20 17:55:42,357 INFO L290 TraceCheckUtils]: 92: Hoare triple {5410#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {5410#false} is VALID [2022-02-20 17:55:42,357 INFO L272 TraceCheckUtils]: 93: Hoare triple {5410#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {5464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:42,358 INFO L290 TraceCheckUtils]: 94: Hoare triple {5464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,358 INFO L290 TraceCheckUtils]: 95: Hoare triple {5409#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,358 INFO L290 TraceCheckUtils]: 96: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,358 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5409#true} {5410#false} #1211#return; {5410#false} is VALID [2022-02-20 17:55:42,358 INFO L290 TraceCheckUtils]: 98: Hoare triple {5410#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {5410#false} is VALID [2022-02-20 17:55:42,358 INFO L290 TraceCheckUtils]: 99: Hoare triple {5410#false} assume !(-1 == ~mail_is_sensitive~0); {5410#false} is VALID [2022-02-20 17:55:42,358 INFO L272 TraceCheckUtils]: 100: Hoare triple {5410#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {5409#true} is VALID [2022-02-20 17:55:42,359 INFO L290 TraceCheckUtils]: 101: Hoare triple {5409#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5409#true} is VALID [2022-02-20 17:55:42,359 INFO L290 TraceCheckUtils]: 102: Hoare triple {5409#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {5409#true} is VALID [2022-02-20 17:55:42,359 INFO L290 TraceCheckUtils]: 103: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,359 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {5409#true} {5410#false} #1215#return; {5410#false} is VALID [2022-02-20 17:55:42,359 INFO L290 TraceCheckUtils]: 105: Hoare triple {5410#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {5410#false} is VALID [2022-02-20 17:55:42,359 INFO L290 TraceCheckUtils]: 106: Hoare triple {5410#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {5410#false} is VALID [2022-02-20 17:55:42,359 INFO L290 TraceCheckUtils]: 107: Hoare triple {5410#false} assume !false; {5410#false} is VALID [2022-02-20 17:55:42,360 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:42,360 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:42,360 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [444597702] [2022-02-20 17:55:42,362 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [444597702] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:42,362 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [339118323] [2022-02-20 17:55:42,362 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:42,362 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:42,362 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:42,364 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:42,389 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:55:42,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,611 INFO L263 TraceCheckSpWp]: Trace formula consists of 1066 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:55:42,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:42,667 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:42,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {5409#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {5409#true} is VALID [2022-02-20 17:55:42,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {5409#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L290 TraceCheckUtils]: 2: Hoare triple {5409#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L290 TraceCheckUtils]: 3: Hoare triple {5409#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L290 TraceCheckUtils]: 4: Hoare triple {5409#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L290 TraceCheckUtils]: 5: Hoare triple {5409#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L272 TraceCheckUtils]: 6: Hoare triple {5409#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L290 TraceCheckUtils]: 7: Hoare triple {5409#true} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L290 TraceCheckUtils]: 8: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L290 TraceCheckUtils]: 9: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5409#true} {5409#true} #1247#return; {5409#true} is VALID [2022-02-20 17:55:42,912 INFO L290 TraceCheckUtils]: 11: Hoare triple {5409#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5409#true} is VALID [2022-02-20 17:55:42,913 INFO L272 TraceCheckUtils]: 12: Hoare triple {5409#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5409#true} is VALID [2022-02-20 17:55:42,913 INFO L290 TraceCheckUtils]: 13: Hoare triple {5409#true} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,913 INFO L290 TraceCheckUtils]: 14: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,913 INFO L290 TraceCheckUtils]: 15: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,913 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5409#true} {5409#true} #1249#return; {5409#true} is VALID [2022-02-20 17:55:42,913 INFO L290 TraceCheckUtils]: 17: Hoare triple {5409#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5409#true} is VALID [2022-02-20 17:55:42,913 INFO L272 TraceCheckUtils]: 18: Hoare triple {5409#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5409#true} is VALID [2022-02-20 17:55:42,914 INFO L290 TraceCheckUtils]: 19: Hoare triple {5409#true} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,914 INFO L290 TraceCheckUtils]: 20: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,914 INFO L290 TraceCheckUtils]: 21: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,914 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5409#true} {5409#true} #1251#return; {5409#true} is VALID [2022-02-20 17:55:42,914 INFO L290 TraceCheckUtils]: 23: Hoare triple {5409#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5409#true} is VALID [2022-02-20 17:55:42,914 INFO L272 TraceCheckUtils]: 24: Hoare triple {5409#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5409#true} is VALID [2022-02-20 17:55:42,914 INFO L290 TraceCheckUtils]: 25: Hoare triple {5409#true} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,915 INFO L290 TraceCheckUtils]: 26: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,915 INFO L290 TraceCheckUtils]: 27: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,915 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5409#true} {5409#true} #1253#return; {5409#true} is VALID [2022-02-20 17:55:42,915 INFO L290 TraceCheckUtils]: 29: Hoare triple {5409#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5409#true} is VALID [2022-02-20 17:55:42,915 INFO L272 TraceCheckUtils]: 30: Hoare triple {5409#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5409#true} is VALID [2022-02-20 17:55:42,915 INFO L290 TraceCheckUtils]: 31: Hoare triple {5409#true} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,915 INFO L290 TraceCheckUtils]: 32: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,916 INFO L290 TraceCheckUtils]: 33: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,916 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5409#true} {5409#true} #1255#return; {5409#true} is VALID [2022-02-20 17:55:42,916 INFO L290 TraceCheckUtils]: 35: Hoare triple {5409#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5409#true} is VALID [2022-02-20 17:55:42,916 INFO L272 TraceCheckUtils]: 36: Hoare triple {5409#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5409#true} is VALID [2022-02-20 17:55:42,916 INFO L290 TraceCheckUtils]: 37: Hoare triple {5409#true} ~handle := #in~handle;~value := #in~value; {5409#true} is VALID [2022-02-20 17:55:42,916 INFO L290 TraceCheckUtils]: 38: Hoare triple {5409#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5409#true} is VALID [2022-02-20 17:55:42,916 INFO L290 TraceCheckUtils]: 39: Hoare triple {5409#true} assume true; {5409#true} is VALID [2022-02-20 17:55:42,917 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5409#true} {5409#true} #1257#return; {5409#true} is VALID [2022-02-20 17:55:42,917 INFO L290 TraceCheckUtils]: 41: Hoare triple {5409#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5409#true} is VALID [2022-02-20 17:55:42,917 INFO L290 TraceCheckUtils]: 42: Hoare triple {5409#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5595#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:42,918 INFO L290 TraceCheckUtils]: 43: Hoare triple {5595#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5595#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:42,918 INFO L290 TraceCheckUtils]: 44: Hoare triple {5595#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5595#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:42,918 INFO L290 TraceCheckUtils]: 45: Hoare triple {5595#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5595#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:42,919 INFO L290 TraceCheckUtils]: 46: Hoare triple {5595#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5410#false} is VALID [2022-02-20 17:55:42,919 INFO L290 TraceCheckUtils]: 47: Hoare triple {5410#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {5410#false} is VALID [2022-02-20 17:55:42,919 INFO L290 TraceCheckUtils]: 48: Hoare triple {5410#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5410#false} is VALID [2022-02-20 17:55:42,919 INFO L290 TraceCheckUtils]: 49: Hoare triple {5410#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5410#false} is VALID [2022-02-20 17:55:42,919 INFO L290 TraceCheckUtils]: 50: Hoare triple {5410#false} assume { :end_inline_setClientAutoResponse } true; {5410#false} is VALID [2022-02-20 17:55:42,919 INFO L290 TraceCheckUtils]: 51: Hoare triple {5410#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5410#false} is VALID [2022-02-20 17:55:42,920 INFO L290 TraceCheckUtils]: 52: Hoare triple {5410#false} assume !false; {5410#false} is VALID [2022-02-20 17:55:42,920 INFO L290 TraceCheckUtils]: 53: Hoare triple {5410#false} assume !(test_~splverifierCounter~0#1 < 4); {5410#false} is VALID [2022-02-20 17:55:42,920 INFO L290 TraceCheckUtils]: 54: Hoare triple {5410#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5410#false} is VALID [2022-02-20 17:55:42,920 INFO L272 TraceCheckUtils]: 55: Hoare triple {5410#false} call sendEmail(~bob~0, ~rjh~0); {5410#false} is VALID [2022-02-20 17:55:42,920 INFO L290 TraceCheckUtils]: 56: Hoare triple {5410#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5410#false} is VALID [2022-02-20 17:55:42,920 INFO L272 TraceCheckUtils]: 57: Hoare triple {5410#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5410#false} is VALID [2022-02-20 17:55:42,920 INFO L290 TraceCheckUtils]: 58: Hoare triple {5410#false} ~handle := #in~handle;~value := #in~value; {5410#false} is VALID [2022-02-20 17:55:42,921 INFO L290 TraceCheckUtils]: 59: Hoare triple {5410#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5410#false} is VALID [2022-02-20 17:55:42,921 INFO L290 TraceCheckUtils]: 60: Hoare triple {5410#false} assume true; {5410#false} is VALID [2022-02-20 17:55:42,921 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5410#false} {5410#false} #1191#return; {5410#false} is VALID [2022-02-20 17:55:42,921 INFO L272 TraceCheckUtils]: 62: Hoare triple {5410#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5410#false} is VALID [2022-02-20 17:55:42,921 INFO L290 TraceCheckUtils]: 63: Hoare triple {5410#false} ~handle := #in~handle;~value := #in~value; {5410#false} is VALID [2022-02-20 17:55:42,921 INFO L290 TraceCheckUtils]: 64: Hoare triple {5410#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5410#false} is VALID [2022-02-20 17:55:42,921 INFO L290 TraceCheckUtils]: 65: Hoare triple {5410#false} assume true; {5410#false} is VALID [2022-02-20 17:55:42,922 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5410#false} {5410#false} #1193#return; {5410#false} is VALID [2022-02-20 17:55:42,922 INFO L290 TraceCheckUtils]: 67: Hoare triple {5410#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {5410#false} is VALID [2022-02-20 17:55:42,922 INFO L290 TraceCheckUtils]: 68: Hoare triple {5410#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {5410#false} is VALID [2022-02-20 17:55:42,922 INFO L272 TraceCheckUtils]: 69: Hoare triple {5410#false} call outgoing(~sender#1, ~email~0#1); {5410#false} is VALID [2022-02-20 17:55:42,922 INFO L290 TraceCheckUtils]: 70: Hoare triple {5410#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {5410#false} is VALID [2022-02-20 17:55:42,922 INFO L272 TraceCheckUtils]: 71: Hoare triple {5410#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {5410#false} is VALID [2022-02-20 17:55:42,923 INFO L290 TraceCheckUtils]: 72: Hoare triple {5410#false} ~handle := #in~handle;havoc ~retValue_acc~15; {5410#false} is VALID [2022-02-20 17:55:42,923 INFO L290 TraceCheckUtils]: 73: Hoare triple {5410#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {5410#false} is VALID [2022-02-20 17:55:42,923 INFO L290 TraceCheckUtils]: 74: Hoare triple {5410#false} assume true; {5410#false} is VALID [2022-02-20 17:55:42,923 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5410#false} {5410#false} #1173#return; {5410#false} is VALID [2022-02-20 17:55:42,923 INFO L290 TraceCheckUtils]: 76: Hoare triple {5410#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {5410#false} is VALID [2022-02-20 17:55:42,923 INFO L290 TraceCheckUtils]: 77: Hoare triple {5410#false} assume !(0 != ~size~0#1); {5410#false} is VALID [2022-02-20 17:55:42,923 INFO L272 TraceCheckUtils]: 78: Hoare triple {5410#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {5410#false} is VALID [2022-02-20 17:55:42,924 INFO L290 TraceCheckUtils]: 79: Hoare triple {5410#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {5410#false} is VALID [2022-02-20 17:55:42,924 INFO L272 TraceCheckUtils]: 80: Hoare triple {5410#false} call #t~ret41#1 := getEmailTo(~msg#1); {5410#false} is VALID [2022-02-20 17:55:42,924 INFO L290 TraceCheckUtils]: 81: Hoare triple {5410#false} ~handle := #in~handle;havoc ~retValue_acc~33; {5410#false} is VALID [2022-02-20 17:55:42,924 INFO L290 TraceCheckUtils]: 82: Hoare triple {5410#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {5410#false} is VALID [2022-02-20 17:55:42,924 INFO L290 TraceCheckUtils]: 83: Hoare triple {5410#false} assume true; {5410#false} is VALID [2022-02-20 17:55:42,924 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {5410#false} {5410#false} #1205#return; {5410#false} is VALID [2022-02-20 17:55:42,924 INFO L290 TraceCheckUtils]: 85: Hoare triple {5410#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {5410#false} is VALID [2022-02-20 17:55:42,925 INFO L290 TraceCheckUtils]: 86: Hoare triple {5410#false} assume 1 == findPublicKey_~handle#1; {5410#false} is VALID [2022-02-20 17:55:42,925 INFO L290 TraceCheckUtils]: 87: Hoare triple {5410#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {5410#false} is VALID [2022-02-20 17:55:42,925 INFO L290 TraceCheckUtils]: 88: Hoare triple {5410#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {5410#false} is VALID [2022-02-20 17:55:42,925 INFO L290 TraceCheckUtils]: 89: Hoare triple {5410#false} assume !(0 != ~pubkey~0#1); {5410#false} is VALID [2022-02-20 17:55:42,925 INFO L290 TraceCheckUtils]: 90: Hoare triple {5410#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {5410#false} is VALID [2022-02-20 17:55:42,925 INFO L290 TraceCheckUtils]: 91: Hoare triple {5410#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {5410#false} is VALID [2022-02-20 17:55:42,925 INFO L290 TraceCheckUtils]: 92: Hoare triple {5410#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {5410#false} is VALID [2022-02-20 17:55:42,926 INFO L272 TraceCheckUtils]: 93: Hoare triple {5410#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {5410#false} is VALID [2022-02-20 17:55:42,926 INFO L290 TraceCheckUtils]: 94: Hoare triple {5410#false} ~handle := #in~handle;~value := #in~value; {5410#false} is VALID [2022-02-20 17:55:42,926 INFO L290 TraceCheckUtils]: 95: Hoare triple {5410#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5410#false} is VALID [2022-02-20 17:55:42,926 INFO L290 TraceCheckUtils]: 96: Hoare triple {5410#false} assume true; {5410#false} is VALID [2022-02-20 17:55:42,926 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5410#false} {5410#false} #1211#return; {5410#false} is VALID [2022-02-20 17:55:42,926 INFO L290 TraceCheckUtils]: 98: Hoare triple {5410#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {5410#false} is VALID [2022-02-20 17:55:42,926 INFO L290 TraceCheckUtils]: 99: Hoare triple {5410#false} assume !(-1 == ~mail_is_sensitive~0); {5410#false} is VALID [2022-02-20 17:55:42,927 INFO L272 TraceCheckUtils]: 100: Hoare triple {5410#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {5410#false} is VALID [2022-02-20 17:55:42,927 INFO L290 TraceCheckUtils]: 101: Hoare triple {5410#false} ~handle := #in~handle;havoc ~retValue_acc~36; {5410#false} is VALID [2022-02-20 17:55:42,927 INFO L290 TraceCheckUtils]: 102: Hoare triple {5410#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {5410#false} is VALID [2022-02-20 17:55:42,927 INFO L290 TraceCheckUtils]: 103: Hoare triple {5410#false} assume true; {5410#false} is VALID [2022-02-20 17:55:42,927 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {5410#false} {5410#false} #1215#return; {5410#false} is VALID [2022-02-20 17:55:42,927 INFO L290 TraceCheckUtils]: 105: Hoare triple {5410#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {5410#false} is VALID [2022-02-20 17:55:42,927 INFO L290 TraceCheckUtils]: 106: Hoare triple {5410#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {5410#false} is VALID [2022-02-20 17:55:42,928 INFO L290 TraceCheckUtils]: 107: Hoare triple {5410#false} assume !false; {5410#false} is VALID [2022-02-20 17:55:42,928 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:42,928 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:42,928 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [339118323] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:42,928 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:42,929 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:55:42,929 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1138751237] [2022-02-20 17:55:42,929 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:42,930 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 108 [2022-02-20 17:55:42,930 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:42,930 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:42,999 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 93 edges. 93 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:43,000 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:43,000 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:43,000 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:43,000 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:43,001 INFO L87 Difference]: Start difference. First operand 394 states and 602 transitions. Second operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:43,662 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:43,662 INFO L93 Difference]: Finished difference Result 841 states and 1304 transitions. [2022-02-20 17:55:43,662 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:43,662 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) Word has length 108 [2022-02-20 17:55:43,663 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:43,663 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:43,678 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1302 transitions. [2022-02-20 17:55:43,678 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:43,693 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1302 transitions. [2022-02-20 17:55:43,693 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1302 transitions. [2022-02-20 17:55:44,538 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1302 edges. 1302 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:44,557 INFO L225 Difference]: With dead ends: 841 [2022-02-20 17:55:44,557 INFO L226 Difference]: Without dead ends: 474 [2022-02-20 17:55:44,559 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 135 GetRequests, 127 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:44,560 INFO L933 BasicCegarLoop]: 622 mSDtfsCounter, 142 mSDsluCounter, 554 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 160 SdHoareTripleChecker+Valid, 1176 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:44,560 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [160 Valid, 1176 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:44,561 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 474 states. [2022-02-20 17:55:44,574 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 474 to 466. [2022-02-20 17:55:44,575 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:44,576 INFO L82 GeneralOperation]: Start isEquivalent. First operand 474 states. Second operand has 466 states, 366 states have (on average 1.5737704918032787) internal successors, (576), 370 states have internal predecessors, (576), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 17:55:44,577 INFO L74 IsIncluded]: Start isIncluded. First operand 474 states. Second operand has 466 states, 366 states have (on average 1.5737704918032787) internal successors, (576), 370 states have internal predecessors, (576), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 17:55:44,578 INFO L87 Difference]: Start difference. First operand 474 states. Second operand has 466 states, 366 states have (on average 1.5737704918032787) internal successors, (576), 370 states have internal predecessors, (576), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 17:55:44,596 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:44,596 INFO L93 Difference]: Finished difference Result 474 states and 736 transitions. [2022-02-20 17:55:44,596 INFO L276 IsEmpty]: Start isEmpty. Operand 474 states and 736 transitions. [2022-02-20 17:55:44,598 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:44,598 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:44,600 INFO L74 IsIncluded]: Start isIncluded. First operand has 466 states, 366 states have (on average 1.5737704918032787) internal successors, (576), 370 states have internal predecessors, (576), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) Second operand 474 states. [2022-02-20 17:55:44,601 INFO L87 Difference]: Start difference. First operand has 466 states, 366 states have (on average 1.5737704918032787) internal successors, (576), 370 states have internal predecessors, (576), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) Second operand 474 states. [2022-02-20 17:55:44,620 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:44,620 INFO L93 Difference]: Finished difference Result 474 states and 736 transitions. [2022-02-20 17:55:44,620 INFO L276 IsEmpty]: Start isEmpty. Operand 474 states and 736 transitions. [2022-02-20 17:55:44,622 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:44,622 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:44,622 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:44,622 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:44,624 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 466 states, 366 states have (on average 1.5737704918032787) internal successors, (576), 370 states have internal predecessors, (576), 76 states have call successors, (76), 23 states have call predecessors, (76), 23 states have return successors, (75), 74 states have call predecessors, (75), 75 states have call successors, (75) [2022-02-20 17:55:44,645 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 466 states to 466 states and 727 transitions. [2022-02-20 17:55:44,646 INFO L78 Accepts]: Start accepts. Automaton has 466 states and 727 transitions. Word has length 108 [2022-02-20 17:55:44,646 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:44,646 INFO L470 AbstractCegarLoop]: Abstraction has 466 states and 727 transitions. [2022-02-20 17:55:44,648 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 22.0) internal successors, (66), 3 states have internal predecessors, (66), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 2 states have call successors, (12) [2022-02-20 17:55:44,649 INFO L276 IsEmpty]: Start isEmpty. Operand 466 states and 727 transitions. [2022-02-20 17:55:44,655 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 110 [2022-02-20 17:55:44,655 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:44,655 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:44,681 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:44,879 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:44,880 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:44,880 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:44,880 INFO L85 PathProgramCache]: Analyzing trace with hash -307666848, now seen corresponding path program 1 times [2022-02-20 17:55:44,880 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:44,881 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [981565670] [2022-02-20 17:55:44,881 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:44,881 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:44,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:44,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:44,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:44,977 INFO L290 TraceCheckUtils]: 0: Hoare triple {8603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:44,977 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:44,978 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:44,978 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8552#true} #1247#return; {8552#true} is VALID [2022-02-20 17:55:44,984 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:44,986 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:44,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {8604#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:44,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:44,999 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,000 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8552#true} #1249#return; {8552#true} is VALID [2022-02-20 17:55:45,000 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:45,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {8603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8605#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:45,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8606#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:45,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {8606#(= |setClientId_#in~handle| 1)} assume true; {8606#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:45,018 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8606#(= |setClientId_#in~handle| 1)} {8562#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1251#return; {8553#false} is VALID [2022-02-20 17:55:45,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:45,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {8604#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,023 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,023 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,024 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8553#false} #1253#return; {8553#false} is VALID [2022-02-20 17:55:45,024 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:45,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {8603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,029 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,029 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8553#false} #1255#return; {8553#false} is VALID [2022-02-20 17:55:45,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:45,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {8604#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8553#false} #1257#return; {8553#false} is VALID [2022-02-20 17:55:45,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:55:45,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,046 INFO L290 TraceCheckUtils]: 0: Hoare triple {8607#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,046 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,047 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,047 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8553#false} #1191#return; {8553#false} is VALID [2022-02-20 17:55:45,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:55:45,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,060 INFO L290 TraceCheckUtils]: 0: Hoare triple {8608#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,060 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,061 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,061 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8553#false} #1193#return; {8553#false} is VALID [2022-02-20 17:55:45,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:55:45,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,064 INFO L290 TraceCheckUtils]: 0: Hoare triple {8552#true} ~handle := #in~handle;havoc ~retValue_acc~15; {8552#true} is VALID [2022-02-20 17:55:45,065 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {8552#true} is VALID [2022-02-20 17:55:45,065 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,065 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8553#false} #1173#return; {8553#false} is VALID [2022-02-20 17:55:45,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:55:45,066 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,069 INFO L290 TraceCheckUtils]: 0: Hoare triple {8552#true} ~handle := #in~handle;havoc ~retValue_acc~33; {8552#true} is VALID [2022-02-20 17:55:45,069 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {8552#true} is VALID [2022-02-20 17:55:45,069 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,069 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8553#false} #1205#return; {8553#false} is VALID [2022-02-20 17:55:45,069 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:55:45,071 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,073 INFO L290 TraceCheckUtils]: 0: Hoare triple {8607#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,074 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,074 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,074 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8553#false} #1211#return; {8553#false} is VALID [2022-02-20 17:55:45,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:55:45,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,078 INFO L290 TraceCheckUtils]: 0: Hoare triple {8552#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8552#true} is VALID [2022-02-20 17:55:45,078 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {8552#true} is VALID [2022-02-20 17:55:45,078 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,078 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8552#true} {8553#false} #1215#return; {8553#false} is VALID [2022-02-20 17:55:45,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {8552#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {8552#true} is VALID [2022-02-20 17:55:45,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {8552#true} is VALID [2022-02-20 17:55:45,079 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8552#true} is VALID [2022-02-20 17:55:45,079 INFO L290 TraceCheckUtils]: 3: Hoare triple {8552#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {8552#true} is VALID [2022-02-20 17:55:45,079 INFO L290 TraceCheckUtils]: 4: Hoare triple {8552#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {8552#true} is VALID [2022-02-20 17:55:45,079 INFO L290 TraceCheckUtils]: 5: Hoare triple {8552#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8552#true} is VALID [2022-02-20 17:55:45,080 INFO L272 TraceCheckUtils]: 6: Hoare triple {8552#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:45,080 INFO L290 TraceCheckUtils]: 7: Hoare triple {8603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,081 INFO L290 TraceCheckUtils]: 8: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,081 INFO L290 TraceCheckUtils]: 9: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,081 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8552#true} {8552#true} #1247#return; {8552#true} is VALID [2022-02-20 17:55:45,081 INFO L290 TraceCheckUtils]: 11: Hoare triple {8552#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8552#true} is VALID [2022-02-20 17:55:45,082 INFO L272 TraceCheckUtils]: 12: Hoare triple {8552#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8604#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:45,082 INFO L290 TraceCheckUtils]: 13: Hoare triple {8604#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,082 INFO L290 TraceCheckUtils]: 14: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,082 INFO L290 TraceCheckUtils]: 15: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,082 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8552#true} {8552#true} #1249#return; {8552#true} is VALID [2022-02-20 17:55:45,083 INFO L290 TraceCheckUtils]: 17: Hoare triple {8552#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8562#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:45,084 INFO L272 TraceCheckUtils]: 18: Hoare triple {8562#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:45,084 INFO L290 TraceCheckUtils]: 19: Hoare triple {8603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8605#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:45,084 INFO L290 TraceCheckUtils]: 20: Hoare triple {8605#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8606#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:45,085 INFO L290 TraceCheckUtils]: 21: Hoare triple {8606#(= |setClientId_#in~handle| 1)} assume true; {8606#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:45,085 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8606#(= |setClientId_#in~handle| 1)} {8562#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1251#return; {8553#false} is VALID [2022-02-20 17:55:45,085 INFO L290 TraceCheckUtils]: 23: Hoare triple {8553#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8553#false} is VALID [2022-02-20 17:55:45,085 INFO L272 TraceCheckUtils]: 24: Hoare triple {8553#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8604#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:45,086 INFO L290 TraceCheckUtils]: 25: Hoare triple {8604#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,086 INFO L290 TraceCheckUtils]: 26: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,086 INFO L290 TraceCheckUtils]: 27: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,086 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8552#true} {8553#false} #1253#return; {8553#false} is VALID [2022-02-20 17:55:45,086 INFO L290 TraceCheckUtils]: 29: Hoare triple {8553#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8553#false} is VALID [2022-02-20 17:55:45,086 INFO L272 TraceCheckUtils]: 30: Hoare triple {8553#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:45,086 INFO L290 TraceCheckUtils]: 31: Hoare triple {8603#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,087 INFO L290 TraceCheckUtils]: 32: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,087 INFO L290 TraceCheckUtils]: 33: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,087 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8552#true} {8553#false} #1255#return; {8553#false} is VALID [2022-02-20 17:55:45,087 INFO L290 TraceCheckUtils]: 35: Hoare triple {8553#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8553#false} is VALID [2022-02-20 17:55:45,087 INFO L272 TraceCheckUtils]: 36: Hoare triple {8553#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8604#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:45,087 INFO L290 TraceCheckUtils]: 37: Hoare triple {8604#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,087 INFO L290 TraceCheckUtils]: 38: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,088 INFO L290 TraceCheckUtils]: 39: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,088 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8552#true} {8553#false} #1257#return; {8553#false} is VALID [2022-02-20 17:55:45,088 INFO L290 TraceCheckUtils]: 41: Hoare triple {8553#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {8553#false} is VALID [2022-02-20 17:55:45,088 INFO L290 TraceCheckUtils]: 42: Hoare triple {8553#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8553#false} is VALID [2022-02-20 17:55:45,088 INFO L290 TraceCheckUtils]: 43: Hoare triple {8553#false} assume !false; {8553#false} is VALID [2022-02-20 17:55:45,088 INFO L290 TraceCheckUtils]: 44: Hoare triple {8553#false} assume test_~splverifierCounter~0#1 < 4; {8553#false} is VALID [2022-02-20 17:55:45,088 INFO L290 TraceCheckUtils]: 45: Hoare triple {8553#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8553#false} is VALID [2022-02-20 17:55:45,089 INFO L290 TraceCheckUtils]: 46: Hoare triple {8553#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet63#1 && test_#t~nondet63#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet63#1;havoc test_#t~nondet63#1; {8553#false} is VALID [2022-02-20 17:55:45,089 INFO L290 TraceCheckUtils]: 47: Hoare triple {8553#false} assume !(0 != test_~tmp___9~0#1); {8553#false} is VALID [2022-02-20 17:55:45,089 INFO L290 TraceCheckUtils]: 48: Hoare triple {8553#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {8553#false} is VALID [2022-02-20 17:55:45,089 INFO L290 TraceCheckUtils]: 49: Hoare triple {8553#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8553#false} is VALID [2022-02-20 17:55:45,089 INFO L290 TraceCheckUtils]: 50: Hoare triple {8553#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8553#false} is VALID [2022-02-20 17:55:45,089 INFO L290 TraceCheckUtils]: 51: Hoare triple {8553#false} assume { :end_inline_setClientAutoResponse } true; {8553#false} is VALID [2022-02-20 17:55:45,090 INFO L290 TraceCheckUtils]: 52: Hoare triple {8553#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8553#false} is VALID [2022-02-20 17:55:45,090 INFO L290 TraceCheckUtils]: 53: Hoare triple {8553#false} assume !false; {8553#false} is VALID [2022-02-20 17:55:45,090 INFO L290 TraceCheckUtils]: 54: Hoare triple {8553#false} assume !(test_~splverifierCounter~0#1 < 4); {8553#false} is VALID [2022-02-20 17:55:45,090 INFO L290 TraceCheckUtils]: 55: Hoare triple {8553#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {8553#false} is VALID [2022-02-20 17:55:45,090 INFO L272 TraceCheckUtils]: 56: Hoare triple {8553#false} call sendEmail(~bob~0, ~rjh~0); {8553#false} is VALID [2022-02-20 17:55:45,090 INFO L290 TraceCheckUtils]: 57: Hoare triple {8553#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8553#false} is VALID [2022-02-20 17:55:45,090 INFO L272 TraceCheckUtils]: 58: Hoare triple {8553#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8607#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:45,091 INFO L290 TraceCheckUtils]: 59: Hoare triple {8607#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,091 INFO L290 TraceCheckUtils]: 60: Hoare triple {8552#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,091 INFO L290 TraceCheckUtils]: 61: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,091 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8552#true} {8553#false} #1191#return; {8553#false} is VALID [2022-02-20 17:55:45,091 INFO L272 TraceCheckUtils]: 63: Hoare triple {8553#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8608#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:45,091 INFO L290 TraceCheckUtils]: 64: Hoare triple {8608#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,091 INFO L290 TraceCheckUtils]: 65: Hoare triple {8552#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,092 INFO L290 TraceCheckUtils]: 66: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,092 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8552#true} {8553#false} #1193#return; {8553#false} is VALID [2022-02-20 17:55:45,092 INFO L290 TraceCheckUtils]: 68: Hoare triple {8553#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {8553#false} is VALID [2022-02-20 17:55:45,092 INFO L290 TraceCheckUtils]: 69: Hoare triple {8553#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {8553#false} is VALID [2022-02-20 17:55:45,092 INFO L272 TraceCheckUtils]: 70: Hoare triple {8553#false} call outgoing(~sender#1, ~email~0#1); {8553#false} is VALID [2022-02-20 17:55:45,092 INFO L290 TraceCheckUtils]: 71: Hoare triple {8553#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {8553#false} is VALID [2022-02-20 17:55:45,092 INFO L272 TraceCheckUtils]: 72: Hoare triple {8553#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {8552#true} is VALID [2022-02-20 17:55:45,092 INFO L290 TraceCheckUtils]: 73: Hoare triple {8552#true} ~handle := #in~handle;havoc ~retValue_acc~15; {8552#true} is VALID [2022-02-20 17:55:45,093 INFO L290 TraceCheckUtils]: 74: Hoare triple {8552#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {8552#true} is VALID [2022-02-20 17:55:45,093 INFO L290 TraceCheckUtils]: 75: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,093 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8552#true} {8553#false} #1173#return; {8553#false} is VALID [2022-02-20 17:55:45,093 INFO L290 TraceCheckUtils]: 77: Hoare triple {8553#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {8553#false} is VALID [2022-02-20 17:55:45,093 INFO L290 TraceCheckUtils]: 78: Hoare triple {8553#false} assume !(0 != ~size~0#1); {8553#false} is VALID [2022-02-20 17:55:45,093 INFO L272 TraceCheckUtils]: 79: Hoare triple {8553#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {8553#false} is VALID [2022-02-20 17:55:45,093 INFO L290 TraceCheckUtils]: 80: Hoare triple {8553#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {8553#false} is VALID [2022-02-20 17:55:45,093 INFO L272 TraceCheckUtils]: 81: Hoare triple {8553#false} call #t~ret41#1 := getEmailTo(~msg#1); {8552#true} is VALID [2022-02-20 17:55:45,094 INFO L290 TraceCheckUtils]: 82: Hoare triple {8552#true} ~handle := #in~handle;havoc ~retValue_acc~33; {8552#true} is VALID [2022-02-20 17:55:45,094 INFO L290 TraceCheckUtils]: 83: Hoare triple {8552#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {8552#true} is VALID [2022-02-20 17:55:45,094 INFO L290 TraceCheckUtils]: 84: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,094 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8552#true} {8553#false} #1205#return; {8553#false} is VALID [2022-02-20 17:55:45,094 INFO L290 TraceCheckUtils]: 86: Hoare triple {8553#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {8553#false} is VALID [2022-02-20 17:55:45,094 INFO L290 TraceCheckUtils]: 87: Hoare triple {8553#false} assume 1 == findPublicKey_~handle#1; {8553#false} is VALID [2022-02-20 17:55:45,094 INFO L290 TraceCheckUtils]: 88: Hoare triple {8553#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {8553#false} is VALID [2022-02-20 17:55:45,095 INFO L290 TraceCheckUtils]: 89: Hoare triple {8553#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {8553#false} is VALID [2022-02-20 17:55:45,095 INFO L290 TraceCheckUtils]: 90: Hoare triple {8553#false} assume !(0 != ~pubkey~0#1); {8553#false} is VALID [2022-02-20 17:55:45,095 INFO L290 TraceCheckUtils]: 91: Hoare triple {8553#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {8553#false} is VALID [2022-02-20 17:55:45,095 INFO L290 TraceCheckUtils]: 92: Hoare triple {8553#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {8553#false} is VALID [2022-02-20 17:55:45,095 INFO L290 TraceCheckUtils]: 93: Hoare triple {8553#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {8553#false} is VALID [2022-02-20 17:55:45,095 INFO L272 TraceCheckUtils]: 94: Hoare triple {8553#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {8607#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:45,095 INFO L290 TraceCheckUtils]: 95: Hoare triple {8607#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,096 INFO L290 TraceCheckUtils]: 96: Hoare triple {8552#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,096 INFO L290 TraceCheckUtils]: 97: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,096 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8552#true} {8553#false} #1211#return; {8553#false} is VALID [2022-02-20 17:55:45,096 INFO L290 TraceCheckUtils]: 99: Hoare triple {8553#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {8553#false} is VALID [2022-02-20 17:55:45,096 INFO L290 TraceCheckUtils]: 100: Hoare triple {8553#false} assume !(-1 == ~mail_is_sensitive~0); {8553#false} is VALID [2022-02-20 17:55:45,096 INFO L272 TraceCheckUtils]: 101: Hoare triple {8553#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {8552#true} is VALID [2022-02-20 17:55:45,096 INFO L290 TraceCheckUtils]: 102: Hoare triple {8552#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8552#true} is VALID [2022-02-20 17:55:45,097 INFO L290 TraceCheckUtils]: 103: Hoare triple {8552#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {8552#true} is VALID [2022-02-20 17:55:45,097 INFO L290 TraceCheckUtils]: 104: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,097 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {8552#true} {8553#false} #1215#return; {8553#false} is VALID [2022-02-20 17:55:45,097 INFO L290 TraceCheckUtils]: 106: Hoare triple {8553#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {8553#false} is VALID [2022-02-20 17:55:45,097 INFO L290 TraceCheckUtils]: 107: Hoare triple {8553#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {8553#false} is VALID [2022-02-20 17:55:45,097 INFO L290 TraceCheckUtils]: 108: Hoare triple {8553#false} assume !false; {8553#false} is VALID [2022-02-20 17:55:45,098 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:45,098 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:45,098 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [981565670] [2022-02-20 17:55:45,098 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [981565670] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:45,098 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [529165015] [2022-02-20 17:55:45,099 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:45,099 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:45,099 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:45,100 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:45,101 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:55:45,378 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,382 INFO L263 TraceCheckSpWp]: Trace formula consists of 1073 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:55:45,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:45,429 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:45,743 INFO L290 TraceCheckUtils]: 0: Hoare triple {8552#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {8552#true} is VALID [2022-02-20 17:55:45,744 INFO L290 TraceCheckUtils]: 1: Hoare triple {8552#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {8552#true} is VALID [2022-02-20 17:55:45,744 INFO L290 TraceCheckUtils]: 2: Hoare triple {8552#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8552#true} is VALID [2022-02-20 17:55:45,744 INFO L290 TraceCheckUtils]: 3: Hoare triple {8552#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {8552#true} is VALID [2022-02-20 17:55:45,744 INFO L290 TraceCheckUtils]: 4: Hoare triple {8552#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {8552#true} is VALID [2022-02-20 17:55:45,744 INFO L290 TraceCheckUtils]: 5: Hoare triple {8552#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8552#true} is VALID [2022-02-20 17:55:45,745 INFO L272 TraceCheckUtils]: 6: Hoare triple {8552#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8552#true} is VALID [2022-02-20 17:55:45,745 INFO L290 TraceCheckUtils]: 7: Hoare triple {8552#true} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,745 INFO L290 TraceCheckUtils]: 8: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,745 INFO L290 TraceCheckUtils]: 9: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,745 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8552#true} {8552#true} #1247#return; {8552#true} is VALID [2022-02-20 17:55:45,745 INFO L290 TraceCheckUtils]: 11: Hoare triple {8552#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8552#true} is VALID [2022-02-20 17:55:45,745 INFO L272 TraceCheckUtils]: 12: Hoare triple {8552#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8552#true} is VALID [2022-02-20 17:55:45,746 INFO L290 TraceCheckUtils]: 13: Hoare triple {8552#true} ~handle := #in~handle;~value := #in~value; {8552#true} is VALID [2022-02-20 17:55:45,746 INFO L290 TraceCheckUtils]: 14: Hoare triple {8552#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8552#true} is VALID [2022-02-20 17:55:45,746 INFO L290 TraceCheckUtils]: 15: Hoare triple {8552#true} assume true; {8552#true} is VALID [2022-02-20 17:55:45,746 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8552#true} {8552#true} #1249#return; {8552#true} is VALID [2022-02-20 17:55:45,747 INFO L290 TraceCheckUtils]: 17: Hoare triple {8552#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8663#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:55:45,747 INFO L272 TraceCheckUtils]: 18: Hoare triple {8663#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8552#true} is VALID [2022-02-20 17:55:45,747 INFO L290 TraceCheckUtils]: 19: Hoare triple {8552#true} ~handle := #in~handle;~value := #in~value; {8670#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:55:45,748 INFO L290 TraceCheckUtils]: 20: Hoare triple {8670#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8674#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:45,748 INFO L290 TraceCheckUtils]: 21: Hoare triple {8674#(<= |setClientId_#in~handle| 1)} assume true; {8674#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:45,749 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8674#(<= |setClientId_#in~handle| 1)} {8663#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1251#return; {8553#false} is VALID [2022-02-20 17:55:45,749 INFO L290 TraceCheckUtils]: 23: Hoare triple {8553#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8553#false} is VALID [2022-02-20 17:55:45,749 INFO L272 TraceCheckUtils]: 24: Hoare triple {8553#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8553#false} is VALID [2022-02-20 17:55:45,749 INFO L290 TraceCheckUtils]: 25: Hoare triple {8553#false} ~handle := #in~handle;~value := #in~value; {8553#false} is VALID [2022-02-20 17:55:45,749 INFO L290 TraceCheckUtils]: 26: Hoare triple {8553#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8553#false} is VALID [2022-02-20 17:55:45,750 INFO L290 TraceCheckUtils]: 27: Hoare triple {8553#false} assume true; {8553#false} is VALID [2022-02-20 17:55:45,750 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8553#false} {8553#false} #1253#return; {8553#false} is VALID [2022-02-20 17:55:45,750 INFO L290 TraceCheckUtils]: 29: Hoare triple {8553#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8553#false} is VALID [2022-02-20 17:55:45,750 INFO L272 TraceCheckUtils]: 30: Hoare triple {8553#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8553#false} is VALID [2022-02-20 17:55:45,750 INFO L290 TraceCheckUtils]: 31: Hoare triple {8553#false} ~handle := #in~handle;~value := #in~value; {8553#false} is VALID [2022-02-20 17:55:45,750 INFO L290 TraceCheckUtils]: 32: Hoare triple {8553#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8553#false} is VALID [2022-02-20 17:55:45,750 INFO L290 TraceCheckUtils]: 33: Hoare triple {8553#false} assume true; {8553#false} is VALID [2022-02-20 17:55:45,751 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8553#false} {8553#false} #1255#return; {8553#false} is VALID [2022-02-20 17:55:45,751 INFO L290 TraceCheckUtils]: 35: Hoare triple {8553#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8553#false} is VALID [2022-02-20 17:55:45,754 INFO L272 TraceCheckUtils]: 36: Hoare triple {8553#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8553#false} is VALID [2022-02-20 17:55:45,755 INFO L290 TraceCheckUtils]: 37: Hoare triple {8553#false} ~handle := #in~handle;~value := #in~value; {8553#false} is VALID [2022-02-20 17:55:45,755 INFO L290 TraceCheckUtils]: 38: Hoare triple {8553#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8553#false} is VALID [2022-02-20 17:55:45,756 INFO L290 TraceCheckUtils]: 39: Hoare triple {8553#false} assume true; {8553#false} is VALID [2022-02-20 17:55:45,756 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8553#false} {8553#false} #1257#return; {8553#false} is VALID [2022-02-20 17:55:45,756 INFO L290 TraceCheckUtils]: 41: Hoare triple {8553#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {8553#false} is VALID [2022-02-20 17:55:45,756 INFO L290 TraceCheckUtils]: 42: Hoare triple {8553#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8553#false} is VALID [2022-02-20 17:55:45,756 INFO L290 TraceCheckUtils]: 43: Hoare triple {8553#false} assume !false; {8553#false} is VALID [2022-02-20 17:55:45,756 INFO L290 TraceCheckUtils]: 44: Hoare triple {8553#false} assume test_~splverifierCounter~0#1 < 4; {8553#false} is VALID [2022-02-20 17:55:45,757 INFO L290 TraceCheckUtils]: 45: Hoare triple {8553#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8553#false} is VALID [2022-02-20 17:55:45,757 INFO L290 TraceCheckUtils]: 46: Hoare triple {8553#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet63#1 && test_#t~nondet63#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet63#1;havoc test_#t~nondet63#1; {8553#false} is VALID [2022-02-20 17:55:45,757 INFO L290 TraceCheckUtils]: 47: Hoare triple {8553#false} assume !(0 != test_~tmp___9~0#1); {8553#false} is VALID [2022-02-20 17:55:45,757 INFO L290 TraceCheckUtils]: 48: Hoare triple {8553#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {8553#false} is VALID [2022-02-20 17:55:45,757 INFO L290 TraceCheckUtils]: 49: Hoare triple {8553#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8553#false} is VALID [2022-02-20 17:55:45,757 INFO L290 TraceCheckUtils]: 50: Hoare triple {8553#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8553#false} is VALID [2022-02-20 17:55:45,757 INFO L290 TraceCheckUtils]: 51: Hoare triple {8553#false} assume { :end_inline_setClientAutoResponse } true; {8553#false} is VALID [2022-02-20 17:55:45,757 INFO L290 TraceCheckUtils]: 52: Hoare triple {8553#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8553#false} is VALID [2022-02-20 17:55:45,758 INFO L290 TraceCheckUtils]: 53: Hoare triple {8553#false} assume !false; {8553#false} is VALID [2022-02-20 17:55:45,758 INFO L290 TraceCheckUtils]: 54: Hoare triple {8553#false} assume !(test_~splverifierCounter~0#1 < 4); {8553#false} is VALID [2022-02-20 17:55:45,758 INFO L290 TraceCheckUtils]: 55: Hoare triple {8553#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {8553#false} is VALID [2022-02-20 17:55:45,758 INFO L272 TraceCheckUtils]: 56: Hoare triple {8553#false} call sendEmail(~bob~0, ~rjh~0); {8553#false} is VALID [2022-02-20 17:55:45,758 INFO L290 TraceCheckUtils]: 57: Hoare triple {8553#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8553#false} is VALID [2022-02-20 17:55:45,758 INFO L272 TraceCheckUtils]: 58: Hoare triple {8553#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8553#false} is VALID [2022-02-20 17:55:45,758 INFO L290 TraceCheckUtils]: 59: Hoare triple {8553#false} ~handle := #in~handle;~value := #in~value; {8553#false} is VALID [2022-02-20 17:55:45,759 INFO L290 TraceCheckUtils]: 60: Hoare triple {8553#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8553#false} is VALID [2022-02-20 17:55:45,759 INFO L290 TraceCheckUtils]: 61: Hoare triple {8553#false} assume true; {8553#false} is VALID [2022-02-20 17:55:45,759 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8553#false} {8553#false} #1191#return; {8553#false} is VALID [2022-02-20 17:55:45,759 INFO L272 TraceCheckUtils]: 63: Hoare triple {8553#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8553#false} is VALID [2022-02-20 17:55:45,759 INFO L290 TraceCheckUtils]: 64: Hoare triple {8553#false} ~handle := #in~handle;~value := #in~value; {8553#false} is VALID [2022-02-20 17:55:45,759 INFO L290 TraceCheckUtils]: 65: Hoare triple {8553#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8553#false} is VALID [2022-02-20 17:55:45,759 INFO L290 TraceCheckUtils]: 66: Hoare triple {8553#false} assume true; {8553#false} is VALID [2022-02-20 17:55:45,760 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8553#false} {8553#false} #1193#return; {8553#false} is VALID [2022-02-20 17:55:45,760 INFO L290 TraceCheckUtils]: 68: Hoare triple {8553#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {8553#false} is VALID [2022-02-20 17:55:45,760 INFO L290 TraceCheckUtils]: 69: Hoare triple {8553#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {8553#false} is VALID [2022-02-20 17:55:45,760 INFO L272 TraceCheckUtils]: 70: Hoare triple {8553#false} call outgoing(~sender#1, ~email~0#1); {8553#false} is VALID [2022-02-20 17:55:45,760 INFO L290 TraceCheckUtils]: 71: Hoare triple {8553#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {8553#false} is VALID [2022-02-20 17:55:45,760 INFO L272 TraceCheckUtils]: 72: Hoare triple {8553#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {8553#false} is VALID [2022-02-20 17:55:45,760 INFO L290 TraceCheckUtils]: 73: Hoare triple {8553#false} ~handle := #in~handle;havoc ~retValue_acc~15; {8553#false} is VALID [2022-02-20 17:55:45,761 INFO L290 TraceCheckUtils]: 74: Hoare triple {8553#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {8553#false} is VALID [2022-02-20 17:55:45,761 INFO L290 TraceCheckUtils]: 75: Hoare triple {8553#false} assume true; {8553#false} is VALID [2022-02-20 17:55:45,761 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8553#false} {8553#false} #1173#return; {8553#false} is VALID [2022-02-20 17:55:45,761 INFO L290 TraceCheckUtils]: 77: Hoare triple {8553#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {8553#false} is VALID [2022-02-20 17:55:45,761 INFO L290 TraceCheckUtils]: 78: Hoare triple {8553#false} assume !(0 != ~size~0#1); {8553#false} is VALID [2022-02-20 17:55:45,761 INFO L272 TraceCheckUtils]: 79: Hoare triple {8553#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {8553#false} is VALID [2022-02-20 17:55:45,761 INFO L290 TraceCheckUtils]: 80: Hoare triple {8553#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {8553#false} is VALID [2022-02-20 17:55:45,762 INFO L272 TraceCheckUtils]: 81: Hoare triple {8553#false} call #t~ret41#1 := getEmailTo(~msg#1); {8553#false} is VALID [2022-02-20 17:55:45,762 INFO L290 TraceCheckUtils]: 82: Hoare triple {8553#false} ~handle := #in~handle;havoc ~retValue_acc~33; {8553#false} is VALID [2022-02-20 17:55:45,762 INFO L290 TraceCheckUtils]: 83: Hoare triple {8553#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {8553#false} is VALID [2022-02-20 17:55:45,762 INFO L290 TraceCheckUtils]: 84: Hoare triple {8553#false} assume true; {8553#false} is VALID [2022-02-20 17:55:45,762 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {8553#false} {8553#false} #1205#return; {8553#false} is VALID [2022-02-20 17:55:45,762 INFO L290 TraceCheckUtils]: 86: Hoare triple {8553#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {8553#false} is VALID [2022-02-20 17:55:45,762 INFO L290 TraceCheckUtils]: 87: Hoare triple {8553#false} assume 1 == findPublicKey_~handle#1; {8553#false} is VALID [2022-02-20 17:55:45,762 INFO L290 TraceCheckUtils]: 88: Hoare triple {8553#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {8553#false} is VALID [2022-02-20 17:55:45,763 INFO L290 TraceCheckUtils]: 89: Hoare triple {8553#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {8553#false} is VALID [2022-02-20 17:55:45,763 INFO L290 TraceCheckUtils]: 90: Hoare triple {8553#false} assume !(0 != ~pubkey~0#1); {8553#false} is VALID [2022-02-20 17:55:45,763 INFO L290 TraceCheckUtils]: 91: Hoare triple {8553#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {8553#false} is VALID [2022-02-20 17:55:45,763 INFO L290 TraceCheckUtils]: 92: Hoare triple {8553#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {8553#false} is VALID [2022-02-20 17:55:45,763 INFO L290 TraceCheckUtils]: 93: Hoare triple {8553#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {8553#false} is VALID [2022-02-20 17:55:45,763 INFO L272 TraceCheckUtils]: 94: Hoare triple {8553#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {8553#false} is VALID [2022-02-20 17:55:45,763 INFO L290 TraceCheckUtils]: 95: Hoare triple {8553#false} ~handle := #in~handle;~value := #in~value; {8553#false} is VALID [2022-02-20 17:55:45,764 INFO L290 TraceCheckUtils]: 96: Hoare triple {8553#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8553#false} is VALID [2022-02-20 17:55:45,764 INFO L290 TraceCheckUtils]: 97: Hoare triple {8553#false} assume true; {8553#false} is VALID [2022-02-20 17:55:45,764 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8553#false} {8553#false} #1211#return; {8553#false} is VALID [2022-02-20 17:55:45,764 INFO L290 TraceCheckUtils]: 99: Hoare triple {8553#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {8553#false} is VALID [2022-02-20 17:55:45,764 INFO L290 TraceCheckUtils]: 100: Hoare triple {8553#false} assume !(-1 == ~mail_is_sensitive~0); {8553#false} is VALID [2022-02-20 17:55:45,766 INFO L272 TraceCheckUtils]: 101: Hoare triple {8553#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {8553#false} is VALID [2022-02-20 17:55:45,766 INFO L290 TraceCheckUtils]: 102: Hoare triple {8553#false} ~handle := #in~handle;havoc ~retValue_acc~36; {8553#false} is VALID [2022-02-20 17:55:45,767 INFO L290 TraceCheckUtils]: 103: Hoare triple {8553#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {8553#false} is VALID [2022-02-20 17:55:45,767 INFO L290 TraceCheckUtils]: 104: Hoare triple {8553#false} assume true; {8553#false} is VALID [2022-02-20 17:55:45,767 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {8553#false} {8553#false} #1215#return; {8553#false} is VALID [2022-02-20 17:55:45,768 INFO L290 TraceCheckUtils]: 106: Hoare triple {8553#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {8553#false} is VALID [2022-02-20 17:55:45,768 INFO L290 TraceCheckUtils]: 107: Hoare triple {8553#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {8553#false} is VALID [2022-02-20 17:55:45,768 INFO L290 TraceCheckUtils]: 108: Hoare triple {8553#false} assume !false; {8553#false} is VALID [2022-02-20 17:55:45,768 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:55:45,768 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:45,769 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [529165015] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:45,769 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:45,769 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:55:45,769 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [951865873] [2022-02-20 17:55:45,769 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:45,771 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 17:55:45,771 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:45,771 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:45,855 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:45,855 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:55:45,856 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:45,857 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:55:45,857 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:55:45,857 INFO L87 Difference]: Start difference. First operand 466 states and 727 transitions. Second operand has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:47,044 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:47,044 INFO L93 Difference]: Finished difference Result 923 states and 1444 transitions. [2022-02-20 17:55:47,044 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:55:47,045 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 109 [2022-02-20 17:55:47,045 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:47,045 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:47,065 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1190 transitions. [2022-02-20 17:55:47,067 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:47,078 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1190 transitions. [2022-02-20 17:55:47,079 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1190 transitions. [2022-02-20 17:55:47,872 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1190 edges. 1190 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:47,890 INFO L225 Difference]: With dead ends: 923 [2022-02-20 17:55:47,890 INFO L226 Difference]: Without dead ends: 468 [2022-02-20 17:55:47,892 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 137 GetRequests, 126 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:55:47,892 INFO L933 BasicCegarLoop]: 591 mSDtfsCounter, 160 mSDsluCounter, 1591 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 2182 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:47,893 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 2182 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:47,894 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 468 states. [2022-02-20 17:55:47,954 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 468 to 468. [2022-02-20 17:55:47,955 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:47,956 INFO L82 GeneralOperation]: Start isEquivalent. First operand 468 states. Second operand has 468 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 372 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 17:55:47,957 INFO L74 IsIncluded]: Start isIncluded. First operand 468 states. Second operand has 468 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 372 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 17:55:47,959 INFO L87 Difference]: Start difference. First operand 468 states. Second operand has 468 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 372 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 17:55:47,977 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:47,977 INFO L93 Difference]: Finished difference Result 468 states and 730 transitions. [2022-02-20 17:55:47,978 INFO L276 IsEmpty]: Start isEmpty. Operand 468 states and 730 transitions. [2022-02-20 17:55:47,979 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:47,980 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:47,981 INFO L74 IsIncluded]: Start isIncluded. First operand has 468 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 372 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) Second operand 468 states. [2022-02-20 17:55:47,982 INFO L87 Difference]: Start difference. First operand has 468 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 372 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) Second operand 468 states. [2022-02-20 17:55:48,009 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:48,009 INFO L93 Difference]: Finished difference Result 468 states and 730 transitions. [2022-02-20 17:55:48,009 INFO L276 IsEmpty]: Start isEmpty. Operand 468 states and 730 transitions. [2022-02-20 17:55:48,011 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:48,011 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:48,011 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:48,012 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:48,013 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 468 states, 367 states have (on average 1.5722070844686649) internal successors, (577), 372 states have internal predecessors, (577), 76 states have call successors, (76), 23 states have call predecessors, (76), 24 states have return successors, (77), 74 states have call predecessors, (77), 75 states have call successors, (77) [2022-02-20 17:55:48,033 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 468 states to 468 states and 730 transitions. [2022-02-20 17:55:48,033 INFO L78 Accepts]: Start accepts. Automaton has 468 states and 730 transitions. Word has length 109 [2022-02-20 17:55:48,033 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:48,034 INFO L470 AbstractCegarLoop]: Abstraction has 468 states and 730 transitions. [2022-02-20 17:55:48,034 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 18.75) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:48,034 INFO L276 IsEmpty]: Start isEmpty. Operand 468 states and 730 transitions. [2022-02-20 17:55:48,036 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2022-02-20 17:55:48,036 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:48,036 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:48,062 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:48,257 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:48,257 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:48,257 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:48,258 INFO L85 PathProgramCache]: Analyzing trace with hash -1910613440, now seen corresponding path program 1 times [2022-02-20 17:55:48,258 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:48,258 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1423674857] [2022-02-20 17:55:48,258 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:48,258 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:48,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,338 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:48,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,345 INFO L290 TraceCheckUtils]: 0: Hoare triple {11867#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,345 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,345 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,345 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11814#true} #1247#return; {11814#true} is VALID [2022-02-20 17:55:48,352 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:48,354 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,358 INFO L290 TraceCheckUtils]: 0: Hoare triple {11868#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,358 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,358 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,358 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11814#true} #1249#return; {11814#true} is VALID [2022-02-20 17:55:48,358 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:48,362 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {11867#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11869#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:48,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {11869#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11869#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:48,379 INFO L290 TraceCheckUtils]: 2: Hoare triple {11869#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11870#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:48,379 INFO L290 TraceCheckUtils]: 3: Hoare triple {11870#(= 2 |setClientId_#in~handle|)} assume true; {11870#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:48,380 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11870#(= 2 |setClientId_#in~handle|)} {11824#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1251#return; {11830#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:48,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:48,383 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,404 INFO L290 TraceCheckUtils]: 0: Hoare triple {11868#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11871#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:48,404 INFO L290 TraceCheckUtils]: 1: Hoare triple {11871#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11872#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:48,405 INFO L290 TraceCheckUtils]: 2: Hoare triple {11872#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11872#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:48,405 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11872#(= |setClientPrivateKey_#in~handle| 1)} {11830#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1253#return; {11815#false} is VALID [2022-02-20 17:55:48,405 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:55:48,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,410 INFO L290 TraceCheckUtils]: 0: Hoare triple {11867#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,410 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,411 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,411 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11815#false} #1255#return; {11815#false} is VALID [2022-02-20 17:55:48,411 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:55:48,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,417 INFO L290 TraceCheckUtils]: 0: Hoare triple {11868#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,417 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11815#false} #1257#return; {11815#false} is VALID [2022-02-20 17:55:48,427 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:55:48,429 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,431 INFO L290 TraceCheckUtils]: 0: Hoare triple {11873#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,431 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,431 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,431 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11815#false} #1191#return; {11815#false} is VALID [2022-02-20 17:55:48,441 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:55:48,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,448 INFO L290 TraceCheckUtils]: 0: Hoare triple {11874#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,449 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11815#false} #1193#return; {11815#false} is VALID [2022-02-20 17:55:48,449 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:55:48,450 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,452 INFO L290 TraceCheckUtils]: 0: Hoare triple {11814#true} ~handle := #in~handle;havoc ~retValue_acc~15; {11814#true} is VALID [2022-02-20 17:55:48,452 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {11814#true} is VALID [2022-02-20 17:55:48,452 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,452 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11815#false} #1173#return; {11815#false} is VALID [2022-02-20 17:55:48,452 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:55:48,453 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,455 INFO L290 TraceCheckUtils]: 0: Hoare triple {11814#true} ~handle := #in~handle;havoc ~retValue_acc~33; {11814#true} is VALID [2022-02-20 17:55:48,455 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {11814#true} is VALID [2022-02-20 17:55:48,455 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,456 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11815#false} #1205#return; {11815#false} is VALID [2022-02-20 17:55:48,456 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:55:48,457 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,459 INFO L290 TraceCheckUtils]: 0: Hoare triple {11873#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,459 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,459 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,459 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11815#false} #1211#return; {11815#false} is VALID [2022-02-20 17:55:48,459 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:55:48,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {11814#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11814#true} is VALID [2022-02-20 17:55:48,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {11814#true} is VALID [2022-02-20 17:55:48,463 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,463 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11814#true} {11815#false} #1215#return; {11815#false} is VALID [2022-02-20 17:55:48,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {11814#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {11814#true} is VALID [2022-02-20 17:55:48,464 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {11814#true} is VALID [2022-02-20 17:55:48,464 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11814#true} is VALID [2022-02-20 17:55:48,464 INFO L290 TraceCheckUtils]: 3: Hoare triple {11814#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {11814#true} is VALID [2022-02-20 17:55:48,464 INFO L290 TraceCheckUtils]: 4: Hoare triple {11814#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {11814#true} is VALID [2022-02-20 17:55:48,464 INFO L290 TraceCheckUtils]: 5: Hoare triple {11814#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11814#true} is VALID [2022-02-20 17:55:48,465 INFO L272 TraceCheckUtils]: 6: Hoare triple {11814#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11867#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:48,465 INFO L290 TraceCheckUtils]: 7: Hoare triple {11867#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,465 INFO L290 TraceCheckUtils]: 8: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,465 INFO L290 TraceCheckUtils]: 9: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,466 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11814#true} {11814#true} #1247#return; {11814#true} is VALID [2022-02-20 17:55:48,466 INFO L290 TraceCheckUtils]: 11: Hoare triple {11814#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11814#true} is VALID [2022-02-20 17:55:48,466 INFO L272 TraceCheckUtils]: 12: Hoare triple {11814#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11868#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:48,467 INFO L290 TraceCheckUtils]: 13: Hoare triple {11868#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,467 INFO L290 TraceCheckUtils]: 14: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,467 INFO L290 TraceCheckUtils]: 15: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,467 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11814#true} {11814#true} #1249#return; {11814#true} is VALID [2022-02-20 17:55:48,467 INFO L290 TraceCheckUtils]: 17: Hoare triple {11814#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11824#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:55:48,468 INFO L272 TraceCheckUtils]: 18: Hoare triple {11824#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11867#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:48,469 INFO L290 TraceCheckUtils]: 19: Hoare triple {11867#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11869#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:48,469 INFO L290 TraceCheckUtils]: 20: Hoare triple {11869#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11869#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:48,469 INFO L290 TraceCheckUtils]: 21: Hoare triple {11869#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11870#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:48,470 INFO L290 TraceCheckUtils]: 22: Hoare triple {11870#(= 2 |setClientId_#in~handle|)} assume true; {11870#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:48,470 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11870#(= 2 |setClientId_#in~handle|)} {11824#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1251#return; {11830#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:48,471 INFO L290 TraceCheckUtils]: 24: Hoare triple {11830#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {11830#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:48,471 INFO L272 TraceCheckUtils]: 25: Hoare triple {11830#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11868#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:48,472 INFO L290 TraceCheckUtils]: 26: Hoare triple {11868#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11871#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:48,472 INFO L290 TraceCheckUtils]: 27: Hoare triple {11871#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11872#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:48,472 INFO L290 TraceCheckUtils]: 28: Hoare triple {11872#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11872#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:48,473 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11872#(= |setClientPrivateKey_#in~handle| 1)} {11830#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1253#return; {11815#false} is VALID [2022-02-20 17:55:48,473 INFO L290 TraceCheckUtils]: 30: Hoare triple {11815#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11815#false} is VALID [2022-02-20 17:55:48,473 INFO L272 TraceCheckUtils]: 31: Hoare triple {11815#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11867#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:48,473 INFO L290 TraceCheckUtils]: 32: Hoare triple {11867#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,473 INFO L290 TraceCheckUtils]: 33: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,474 INFO L290 TraceCheckUtils]: 34: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,474 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11814#true} {11815#false} #1255#return; {11815#false} is VALID [2022-02-20 17:55:48,474 INFO L290 TraceCheckUtils]: 36: Hoare triple {11815#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11815#false} is VALID [2022-02-20 17:55:48,474 INFO L272 TraceCheckUtils]: 37: Hoare triple {11815#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11868#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:48,474 INFO L290 TraceCheckUtils]: 38: Hoare triple {11868#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,474 INFO L290 TraceCheckUtils]: 39: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,474 INFO L290 TraceCheckUtils]: 40: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,474 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11814#true} {11815#false} #1257#return; {11815#false} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 42: Hoare triple {11815#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {11815#false} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 43: Hoare triple {11815#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11815#false} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 44: Hoare triple {11815#false} assume !false; {11815#false} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 45: Hoare triple {11815#false} assume test_~splverifierCounter~0#1 < 4; {11815#false} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 46: Hoare triple {11815#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11815#false} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 47: Hoare triple {11815#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet63#1 && test_#t~nondet63#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet63#1;havoc test_#t~nondet63#1; {11815#false} is VALID [2022-02-20 17:55:48,475 INFO L290 TraceCheckUtils]: 48: Hoare triple {11815#false} assume !(0 != test_~tmp___9~0#1); {11815#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 49: Hoare triple {11815#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {11815#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 50: Hoare triple {11815#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11815#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 51: Hoare triple {11815#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11815#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 52: Hoare triple {11815#false} assume { :end_inline_setClientAutoResponse } true; {11815#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 53: Hoare triple {11815#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11815#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 54: Hoare triple {11815#false} assume !false; {11815#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 55: Hoare triple {11815#false} assume !(test_~splverifierCounter~0#1 < 4); {11815#false} is VALID [2022-02-20 17:55:48,476 INFO L290 TraceCheckUtils]: 56: Hoare triple {11815#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {11815#false} is VALID [2022-02-20 17:55:48,477 INFO L272 TraceCheckUtils]: 57: Hoare triple {11815#false} call sendEmail(~bob~0, ~rjh~0); {11815#false} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 58: Hoare triple {11815#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11815#false} is VALID [2022-02-20 17:55:48,477 INFO L272 TraceCheckUtils]: 59: Hoare triple {11815#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11873#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 60: Hoare triple {11873#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 61: Hoare triple {11814#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,477 INFO L290 TraceCheckUtils]: 62: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,477 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11814#true} {11815#false} #1191#return; {11815#false} is VALID [2022-02-20 17:55:48,477 INFO L272 TraceCheckUtils]: 64: Hoare triple {11815#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11874#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 65: Hoare triple {11874#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 66: Hoare triple {11814#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 67: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,478 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11814#true} {11815#false} #1193#return; {11815#false} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 69: Hoare triple {11815#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {11815#false} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 70: Hoare triple {11815#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {11815#false} is VALID [2022-02-20 17:55:48,478 INFO L272 TraceCheckUtils]: 71: Hoare triple {11815#false} call outgoing(~sender#1, ~email~0#1); {11815#false} is VALID [2022-02-20 17:55:48,478 INFO L290 TraceCheckUtils]: 72: Hoare triple {11815#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {11815#false} is VALID [2022-02-20 17:55:48,479 INFO L272 TraceCheckUtils]: 73: Hoare triple {11815#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {11814#true} is VALID [2022-02-20 17:55:48,479 INFO L290 TraceCheckUtils]: 74: Hoare triple {11814#true} ~handle := #in~handle;havoc ~retValue_acc~15; {11814#true} is VALID [2022-02-20 17:55:48,479 INFO L290 TraceCheckUtils]: 75: Hoare triple {11814#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {11814#true} is VALID [2022-02-20 17:55:48,479 INFO L290 TraceCheckUtils]: 76: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,479 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {11814#true} {11815#false} #1173#return; {11815#false} is VALID [2022-02-20 17:55:48,479 INFO L290 TraceCheckUtils]: 78: Hoare triple {11815#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {11815#false} is VALID [2022-02-20 17:55:48,479 INFO L290 TraceCheckUtils]: 79: Hoare triple {11815#false} assume !(0 != ~size~0#1); {11815#false} is VALID [2022-02-20 17:55:48,479 INFO L272 TraceCheckUtils]: 80: Hoare triple {11815#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {11815#false} is VALID [2022-02-20 17:55:48,480 INFO L290 TraceCheckUtils]: 81: Hoare triple {11815#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {11815#false} is VALID [2022-02-20 17:55:48,480 INFO L272 TraceCheckUtils]: 82: Hoare triple {11815#false} call #t~ret41#1 := getEmailTo(~msg#1); {11814#true} is VALID [2022-02-20 17:55:48,480 INFO L290 TraceCheckUtils]: 83: Hoare triple {11814#true} ~handle := #in~handle;havoc ~retValue_acc~33; {11814#true} is VALID [2022-02-20 17:55:48,480 INFO L290 TraceCheckUtils]: 84: Hoare triple {11814#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {11814#true} is VALID [2022-02-20 17:55:48,480 INFO L290 TraceCheckUtils]: 85: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,480 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {11814#true} {11815#false} #1205#return; {11815#false} is VALID [2022-02-20 17:55:48,480 INFO L290 TraceCheckUtils]: 87: Hoare triple {11815#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {11815#false} is VALID [2022-02-20 17:55:48,481 INFO L290 TraceCheckUtils]: 88: Hoare triple {11815#false} assume 1 == findPublicKey_~handle#1; {11815#false} is VALID [2022-02-20 17:55:48,481 INFO L290 TraceCheckUtils]: 89: Hoare triple {11815#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {11815#false} is VALID [2022-02-20 17:55:48,481 INFO L290 TraceCheckUtils]: 90: Hoare triple {11815#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {11815#false} is VALID [2022-02-20 17:55:48,481 INFO L290 TraceCheckUtils]: 91: Hoare triple {11815#false} assume !(0 != ~pubkey~0#1); {11815#false} is VALID [2022-02-20 17:55:48,481 INFO L290 TraceCheckUtils]: 92: Hoare triple {11815#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {11815#false} is VALID [2022-02-20 17:55:48,481 INFO L290 TraceCheckUtils]: 93: Hoare triple {11815#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {11815#false} is VALID [2022-02-20 17:55:48,481 INFO L290 TraceCheckUtils]: 94: Hoare triple {11815#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {11815#false} is VALID [2022-02-20 17:55:48,481 INFO L272 TraceCheckUtils]: 95: Hoare triple {11815#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {11873#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 96: Hoare triple {11873#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 97: Hoare triple {11814#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 98: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,482 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11814#true} {11815#false} #1211#return; {11815#false} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 100: Hoare triple {11815#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {11815#false} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 101: Hoare triple {11815#false} assume !(-1 == ~mail_is_sensitive~0); {11815#false} is VALID [2022-02-20 17:55:48,482 INFO L272 TraceCheckUtils]: 102: Hoare triple {11815#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {11814#true} is VALID [2022-02-20 17:55:48,482 INFO L290 TraceCheckUtils]: 103: Hoare triple {11814#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11814#true} is VALID [2022-02-20 17:55:48,483 INFO L290 TraceCheckUtils]: 104: Hoare triple {11814#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {11814#true} is VALID [2022-02-20 17:55:48,483 INFO L290 TraceCheckUtils]: 105: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:48,483 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {11814#true} {11815#false} #1215#return; {11815#false} is VALID [2022-02-20 17:55:48,483 INFO L290 TraceCheckUtils]: 107: Hoare triple {11815#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {11815#false} is VALID [2022-02-20 17:55:48,483 INFO L290 TraceCheckUtils]: 108: Hoare triple {11815#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {11815#false} is VALID [2022-02-20 17:55:48,483 INFO L290 TraceCheckUtils]: 109: Hoare triple {11815#false} assume !false; {11815#false} is VALID [2022-02-20 17:55:48,484 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:55:48,484 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:48,484 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1423674857] [2022-02-20 17:55:48,484 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1423674857] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:48,484 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [849390448] [2022-02-20 17:55:48,484 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:48,485 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:48,485 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:48,486 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:48,487 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:55:48,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,730 INFO L263 TraceCheckSpWp]: Trace formula consists of 1074 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:55:48,781 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:48,784 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:49,143 INFO L290 TraceCheckUtils]: 0: Hoare triple {11814#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {11814#true} is VALID [2022-02-20 17:55:49,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {11814#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {11814#true} is VALID [2022-02-20 17:55:49,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {11814#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11814#true} is VALID [2022-02-20 17:55:49,144 INFO L290 TraceCheckUtils]: 3: Hoare triple {11814#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {11814#true} is VALID [2022-02-20 17:55:49,144 INFO L290 TraceCheckUtils]: 4: Hoare triple {11814#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {11814#true} is VALID [2022-02-20 17:55:49,144 INFO L290 TraceCheckUtils]: 5: Hoare triple {11814#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11814#true} is VALID [2022-02-20 17:55:49,144 INFO L272 TraceCheckUtils]: 6: Hoare triple {11814#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11814#true} is VALID [2022-02-20 17:55:49,145 INFO L290 TraceCheckUtils]: 7: Hoare triple {11814#true} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:49,145 INFO L290 TraceCheckUtils]: 8: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:49,145 INFO L290 TraceCheckUtils]: 9: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:49,145 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11814#true} {11814#true} #1247#return; {11814#true} is VALID [2022-02-20 17:55:49,145 INFO L290 TraceCheckUtils]: 11: Hoare triple {11814#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11814#true} is VALID [2022-02-20 17:55:49,145 INFO L272 TraceCheckUtils]: 12: Hoare triple {11814#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11814#true} is VALID [2022-02-20 17:55:49,145 INFO L290 TraceCheckUtils]: 13: Hoare triple {11814#true} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:49,146 INFO L290 TraceCheckUtils]: 14: Hoare triple {11814#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:49,146 INFO L290 TraceCheckUtils]: 15: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:49,146 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11814#true} {11814#true} #1249#return; {11814#true} is VALID [2022-02-20 17:55:49,147 INFO L290 TraceCheckUtils]: 17: Hoare triple {11814#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11929#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:49,147 INFO L272 TraceCheckUtils]: 18: Hoare triple {11929#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11814#true} is VALID [2022-02-20 17:55:49,147 INFO L290 TraceCheckUtils]: 19: Hoare triple {11814#true} ~handle := #in~handle;~value := #in~value; {11814#true} is VALID [2022-02-20 17:55:49,147 INFO L290 TraceCheckUtils]: 20: Hoare triple {11814#true} assume !(1 == ~handle); {11814#true} is VALID [2022-02-20 17:55:49,147 INFO L290 TraceCheckUtils]: 21: Hoare triple {11814#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11814#true} is VALID [2022-02-20 17:55:49,147 INFO L290 TraceCheckUtils]: 22: Hoare triple {11814#true} assume true; {11814#true} is VALID [2022-02-20 17:55:49,148 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11814#true} {11929#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1251#return; {11929#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:49,148 INFO L290 TraceCheckUtils]: 24: Hoare triple {11929#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {11929#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:55:49,149 INFO L272 TraceCheckUtils]: 25: Hoare triple {11929#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11814#true} is VALID [2022-02-20 17:55:49,149 INFO L290 TraceCheckUtils]: 26: Hoare triple {11814#true} ~handle := #in~handle;~value := #in~value; {11957#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:55:49,150 INFO L290 TraceCheckUtils]: 27: Hoare triple {11957#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11961#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:49,150 INFO L290 TraceCheckUtils]: 28: Hoare triple {11961#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {11961#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:49,151 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11961#(<= |setClientPrivateKey_#in~handle| 1)} {11929#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1253#return; {11815#false} is VALID [2022-02-20 17:55:49,151 INFO L290 TraceCheckUtils]: 30: Hoare triple {11815#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11815#false} is VALID [2022-02-20 17:55:49,151 INFO L272 TraceCheckUtils]: 31: Hoare triple {11815#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11815#false} is VALID [2022-02-20 17:55:49,151 INFO L290 TraceCheckUtils]: 32: Hoare triple {11815#false} ~handle := #in~handle;~value := #in~value; {11815#false} is VALID [2022-02-20 17:55:49,151 INFO L290 TraceCheckUtils]: 33: Hoare triple {11815#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11815#false} is VALID [2022-02-20 17:55:49,151 INFO L290 TraceCheckUtils]: 34: Hoare triple {11815#false} assume true; {11815#false} is VALID [2022-02-20 17:55:49,152 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11815#false} {11815#false} #1255#return; {11815#false} is VALID [2022-02-20 17:55:49,152 INFO L290 TraceCheckUtils]: 36: Hoare triple {11815#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11815#false} is VALID [2022-02-20 17:55:49,152 INFO L272 TraceCheckUtils]: 37: Hoare triple {11815#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11815#false} is VALID [2022-02-20 17:55:49,152 INFO L290 TraceCheckUtils]: 38: Hoare triple {11815#false} ~handle := #in~handle;~value := #in~value; {11815#false} is VALID [2022-02-20 17:55:49,152 INFO L290 TraceCheckUtils]: 39: Hoare triple {11815#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11815#false} is VALID [2022-02-20 17:55:49,152 INFO L290 TraceCheckUtils]: 40: Hoare triple {11815#false} assume true; {11815#false} is VALID [2022-02-20 17:55:49,152 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11815#false} {11815#false} #1257#return; {11815#false} is VALID [2022-02-20 17:55:49,153 INFO L290 TraceCheckUtils]: 42: Hoare triple {11815#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {11815#false} is VALID [2022-02-20 17:55:49,153 INFO L290 TraceCheckUtils]: 43: Hoare triple {11815#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11815#false} is VALID [2022-02-20 17:55:49,153 INFO L290 TraceCheckUtils]: 44: Hoare triple {11815#false} assume !false; {11815#false} is VALID [2022-02-20 17:55:49,153 INFO L290 TraceCheckUtils]: 45: Hoare triple {11815#false} assume test_~splverifierCounter~0#1 < 4; {11815#false} is VALID [2022-02-20 17:55:49,153 INFO L290 TraceCheckUtils]: 46: Hoare triple {11815#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11815#false} is VALID [2022-02-20 17:55:49,153 INFO L290 TraceCheckUtils]: 47: Hoare triple {11815#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet63#1 && test_#t~nondet63#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet63#1;havoc test_#t~nondet63#1; {11815#false} is VALID [2022-02-20 17:55:49,153 INFO L290 TraceCheckUtils]: 48: Hoare triple {11815#false} assume !(0 != test_~tmp___9~0#1); {11815#false} is VALID [2022-02-20 17:55:49,154 INFO L290 TraceCheckUtils]: 49: Hoare triple {11815#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {11815#false} is VALID [2022-02-20 17:55:49,154 INFO L290 TraceCheckUtils]: 50: Hoare triple {11815#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11815#false} is VALID [2022-02-20 17:55:49,154 INFO L290 TraceCheckUtils]: 51: Hoare triple {11815#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11815#false} is VALID [2022-02-20 17:55:49,154 INFO L290 TraceCheckUtils]: 52: Hoare triple {11815#false} assume { :end_inline_setClientAutoResponse } true; {11815#false} is VALID [2022-02-20 17:55:49,154 INFO L290 TraceCheckUtils]: 53: Hoare triple {11815#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11815#false} is VALID [2022-02-20 17:55:49,154 INFO L290 TraceCheckUtils]: 54: Hoare triple {11815#false} assume !false; {11815#false} is VALID [2022-02-20 17:55:49,154 INFO L290 TraceCheckUtils]: 55: Hoare triple {11815#false} assume !(test_~splverifierCounter~0#1 < 4); {11815#false} is VALID [2022-02-20 17:55:49,154 INFO L290 TraceCheckUtils]: 56: Hoare triple {11815#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {11815#false} is VALID [2022-02-20 17:55:49,155 INFO L272 TraceCheckUtils]: 57: Hoare triple {11815#false} call sendEmail(~bob~0, ~rjh~0); {11815#false} is VALID [2022-02-20 17:55:49,155 INFO L290 TraceCheckUtils]: 58: Hoare triple {11815#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11815#false} is VALID [2022-02-20 17:55:49,155 INFO L272 TraceCheckUtils]: 59: Hoare triple {11815#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11815#false} is VALID [2022-02-20 17:55:49,155 INFO L290 TraceCheckUtils]: 60: Hoare triple {11815#false} ~handle := #in~handle;~value := #in~value; {11815#false} is VALID [2022-02-20 17:55:49,155 INFO L290 TraceCheckUtils]: 61: Hoare triple {11815#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11815#false} is VALID [2022-02-20 17:55:49,155 INFO L290 TraceCheckUtils]: 62: Hoare triple {11815#false} assume true; {11815#false} is VALID [2022-02-20 17:55:49,155 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11815#false} {11815#false} #1191#return; {11815#false} is VALID [2022-02-20 17:55:49,156 INFO L272 TraceCheckUtils]: 64: Hoare triple {11815#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11815#false} is VALID [2022-02-20 17:55:49,156 INFO L290 TraceCheckUtils]: 65: Hoare triple {11815#false} ~handle := #in~handle;~value := #in~value; {11815#false} is VALID [2022-02-20 17:55:49,156 INFO L290 TraceCheckUtils]: 66: Hoare triple {11815#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11815#false} is VALID [2022-02-20 17:55:49,156 INFO L290 TraceCheckUtils]: 67: Hoare triple {11815#false} assume true; {11815#false} is VALID [2022-02-20 17:55:49,156 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11815#false} {11815#false} #1193#return; {11815#false} is VALID [2022-02-20 17:55:49,156 INFO L290 TraceCheckUtils]: 69: Hoare triple {11815#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {11815#false} is VALID [2022-02-20 17:55:49,156 INFO L290 TraceCheckUtils]: 70: Hoare triple {11815#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {11815#false} is VALID [2022-02-20 17:55:49,157 INFO L272 TraceCheckUtils]: 71: Hoare triple {11815#false} call outgoing(~sender#1, ~email~0#1); {11815#false} is VALID [2022-02-20 17:55:49,157 INFO L290 TraceCheckUtils]: 72: Hoare triple {11815#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {11815#false} is VALID [2022-02-20 17:55:49,157 INFO L272 TraceCheckUtils]: 73: Hoare triple {11815#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {11815#false} is VALID [2022-02-20 17:55:49,157 INFO L290 TraceCheckUtils]: 74: Hoare triple {11815#false} ~handle := #in~handle;havoc ~retValue_acc~15; {11815#false} is VALID [2022-02-20 17:55:49,157 INFO L290 TraceCheckUtils]: 75: Hoare triple {11815#false} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {11815#false} is VALID [2022-02-20 17:55:49,157 INFO L290 TraceCheckUtils]: 76: Hoare triple {11815#false} assume true; {11815#false} is VALID [2022-02-20 17:55:49,157 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {11815#false} {11815#false} #1173#return; {11815#false} is VALID [2022-02-20 17:55:49,157 INFO L290 TraceCheckUtils]: 78: Hoare triple {11815#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {11815#false} is VALID [2022-02-20 17:55:49,158 INFO L290 TraceCheckUtils]: 79: Hoare triple {11815#false} assume !(0 != ~size~0#1); {11815#false} is VALID [2022-02-20 17:55:49,158 INFO L272 TraceCheckUtils]: 80: Hoare triple {11815#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {11815#false} is VALID [2022-02-20 17:55:49,158 INFO L290 TraceCheckUtils]: 81: Hoare triple {11815#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {11815#false} is VALID [2022-02-20 17:55:49,158 INFO L272 TraceCheckUtils]: 82: Hoare triple {11815#false} call #t~ret41#1 := getEmailTo(~msg#1); {11815#false} is VALID [2022-02-20 17:55:49,158 INFO L290 TraceCheckUtils]: 83: Hoare triple {11815#false} ~handle := #in~handle;havoc ~retValue_acc~33; {11815#false} is VALID [2022-02-20 17:55:49,158 INFO L290 TraceCheckUtils]: 84: Hoare triple {11815#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {11815#false} is VALID [2022-02-20 17:55:49,158 INFO L290 TraceCheckUtils]: 85: Hoare triple {11815#false} assume true; {11815#false} is VALID [2022-02-20 17:55:49,159 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {11815#false} {11815#false} #1205#return; {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L290 TraceCheckUtils]: 87: Hoare triple {11815#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L290 TraceCheckUtils]: 88: Hoare triple {11815#false} assume 1 == findPublicKey_~handle#1; {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L290 TraceCheckUtils]: 89: Hoare triple {11815#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L290 TraceCheckUtils]: 90: Hoare triple {11815#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L290 TraceCheckUtils]: 91: Hoare triple {11815#false} assume !(0 != ~pubkey~0#1); {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L290 TraceCheckUtils]: 92: Hoare triple {11815#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L290 TraceCheckUtils]: 93: Hoare triple {11815#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L290 TraceCheckUtils]: 94: Hoare triple {11815#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L272 TraceCheckUtils]: 95: Hoare triple {11815#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {11815#false} is VALID [2022-02-20 17:55:49,185 INFO L290 TraceCheckUtils]: 96: Hoare triple {11815#false} ~handle := #in~handle;~value := #in~value; {11815#false} is VALID [2022-02-20 17:55:49,186 INFO L290 TraceCheckUtils]: 97: Hoare triple {11815#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11815#false} is VALID [2022-02-20 17:55:49,186 INFO L290 TraceCheckUtils]: 98: Hoare triple {11815#false} assume true; {11815#false} is VALID [2022-02-20 17:55:49,186 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11815#false} {11815#false} #1211#return; {11815#false} is VALID [2022-02-20 17:55:49,186 INFO L290 TraceCheckUtils]: 100: Hoare triple {11815#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {11815#false} is VALID [2022-02-20 17:55:49,187 INFO L290 TraceCheckUtils]: 101: Hoare triple {11815#false} assume !(-1 == ~mail_is_sensitive~0); {11815#false} is VALID [2022-02-20 17:55:49,187 INFO L272 TraceCheckUtils]: 102: Hoare triple {11815#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {11815#false} is VALID [2022-02-20 17:55:49,187 INFO L290 TraceCheckUtils]: 103: Hoare triple {11815#false} ~handle := #in~handle;havoc ~retValue_acc~36; {11815#false} is VALID [2022-02-20 17:55:49,187 INFO L290 TraceCheckUtils]: 104: Hoare triple {11815#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {11815#false} is VALID [2022-02-20 17:55:49,187 INFO L290 TraceCheckUtils]: 105: Hoare triple {11815#false} assume true; {11815#false} is VALID [2022-02-20 17:55:49,187 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {11815#false} {11815#false} #1215#return; {11815#false} is VALID [2022-02-20 17:55:49,187 INFO L290 TraceCheckUtils]: 107: Hoare triple {11815#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {11815#false} is VALID [2022-02-20 17:55:49,187 INFO L290 TraceCheckUtils]: 108: Hoare triple {11815#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {11815#false} is VALID [2022-02-20 17:55:49,187 INFO L290 TraceCheckUtils]: 109: Hoare triple {11815#false} assume !false; {11815#false} is VALID [2022-02-20 17:55:49,188 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:55:49,188 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:49,188 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [849390448] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:49,188 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:49,188 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:55:49,189 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [413826266] [2022-02-20 17:55:49,189 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:49,189 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 110 [2022-02-20 17:55:49,189 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:49,190 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:49,265 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:49,265 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:55:49,265 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:49,266 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:55:49,266 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:55:49,267 INFO L87 Difference]: Start difference. First operand 468 states and 730 transitions. Second operand has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:50,466 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:50,466 INFO L93 Difference]: Finished difference Result 925 states and 1449 transitions. [2022-02-20 17:55:50,466 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:55:50,466 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) Word has length 110 [2022-02-20 17:55:50,466 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:50,467 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:50,477 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1189 transitions. [2022-02-20 17:55:50,478 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:50,489 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1189 transitions. [2022-02-20 17:55:50,489 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1189 transitions. [2022-02-20 17:55:51,333 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1189 edges. 1189 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:51,345 INFO L225 Difference]: With dead ends: 925 [2022-02-20 17:55:51,345 INFO L226 Difference]: Without dead ends: 470 [2022-02-20 17:55:51,347 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 140 GetRequests, 126 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:55:51,348 INFO L933 BasicCegarLoop]: 589 mSDtfsCounter, 159 mSDsluCounter, 1582 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 182 SdHoareTripleChecker+Valid, 2171 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:51,348 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [182 Valid, 2171 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:51,349 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 470 states. [2022-02-20 17:55:51,506 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 470 to 470. [2022-02-20 17:55:51,506 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:51,509 INFO L82 GeneralOperation]: Start isEquivalent. First operand 470 states. Second operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 17:55:51,510 INFO L74 IsIncluded]: Start isIncluded. First operand 470 states. Second operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 17:55:51,512 INFO L87 Difference]: Start difference. First operand 470 states. Second operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 17:55:51,531 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:51,531 INFO L93 Difference]: Finished difference Result 470 states and 736 transitions. [2022-02-20 17:55:51,532 INFO L276 IsEmpty]: Start isEmpty. Operand 470 states and 736 transitions. [2022-02-20 17:55:51,534 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:51,534 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:51,535 INFO L74 IsIncluded]: Start isIncluded. First operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 470 states. [2022-02-20 17:55:51,536 INFO L87 Difference]: Start difference. First operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) Second operand 470 states. [2022-02-20 17:55:51,552 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:51,553 INFO L93 Difference]: Finished difference Result 470 states and 736 transitions. [2022-02-20 17:55:51,553 INFO L276 IsEmpty]: Start isEmpty. Operand 470 states and 736 transitions. [2022-02-20 17:55:51,555 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:51,555 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:51,555 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:51,555 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:51,556 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (82), 74 states have call predecessors, (82), 75 states have call successors, (82) [2022-02-20 17:55:51,575 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 470 states to 470 states and 736 transitions. [2022-02-20 17:55:51,576 INFO L78 Accepts]: Start accepts. Automaton has 470 states and 736 transitions. Word has length 110 [2022-02-20 17:55:51,576 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:51,577 INFO L470 AbstractCegarLoop]: Abstraction has 470 states and 736 transitions. [2022-02-20 17:55:51,578 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 15.4) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:51,578 INFO L276 IsEmpty]: Start isEmpty. Operand 470 states and 736 transitions. [2022-02-20 17:55:51,580 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 17:55:51,580 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:51,580 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:51,605 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:51,795 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:51,795 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:51,796 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:51,796 INFO L85 PathProgramCache]: Analyzing trace with hash 352718914, now seen corresponding path program 1 times [2022-02-20 17:55:51,796 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:51,796 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [283474261] [2022-02-20 17:55:51,796 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:51,796 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:51,830 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,868 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:51,870 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,873 INFO L290 TraceCheckUtils]: 0: Hoare triple {15142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,873 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,873 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,873 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15089#true} {15089#true} #1247#return; {15089#true} is VALID [2022-02-20 17:55:51,879 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:51,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,883 INFO L290 TraceCheckUtils]: 0: Hoare triple {15143#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,883 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,883 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,883 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15089#true} {15089#true} #1249#return; {15089#true} is VALID [2022-02-20 17:55:51,884 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:51,885 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,887 INFO L290 TraceCheckUtils]: 0: Hoare triple {15142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,887 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume !(1 == ~handle); {15089#true} is VALID [2022-02-20 17:55:51,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,888 INFO L290 TraceCheckUtils]: 3: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,888 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15089#true} {15089#true} #1251#return; {15089#true} is VALID [2022-02-20 17:55:51,888 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:51,891 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,893 INFO L290 TraceCheckUtils]: 0: Hoare triple {15143#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,893 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume !(1 == ~handle); {15089#true} is VALID [2022-02-20 17:55:51,894 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,894 INFO L290 TraceCheckUtils]: 3: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,894 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15089#true} {15089#true} #1253#return; {15089#true} is VALID [2022-02-20 17:55:51,894 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:55:51,897 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {15142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15144#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:51,910 INFO L290 TraceCheckUtils]: 1: Hoare triple {15144#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15145#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:51,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {15145#(= |setClientId_#in~handle| 1)} assume true; {15145#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:51,911 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15145#(= |setClientId_#in~handle| 1)} {15109#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1255#return; {15090#false} is VALID [2022-02-20 17:55:51,912 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:55:51,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {15143#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,915 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,916 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,916 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15089#true} {15090#false} #1257#return; {15090#false} is VALID [2022-02-20 17:55:51,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:55:51,924 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,926 INFO L290 TraceCheckUtils]: 0: Hoare triple {15146#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,926 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,927 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,927 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15089#true} {15090#false} #1191#return; {15090#false} is VALID [2022-02-20 17:55:51,934 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:55:51,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,938 INFO L290 TraceCheckUtils]: 0: Hoare triple {15147#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,938 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,938 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,938 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15089#true} {15090#false} #1193#return; {15090#false} is VALID [2022-02-20 17:55:51,938 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:55:51,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,941 INFO L290 TraceCheckUtils]: 0: Hoare triple {15089#true} ~handle := #in~handle;havoc ~retValue_acc~15; {15089#true} is VALID [2022-02-20 17:55:51,941 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {15089#true} is VALID [2022-02-20 17:55:51,941 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,941 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15089#true} {15090#false} #1173#return; {15090#false} is VALID [2022-02-20 17:55:51,941 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:55:51,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {15089#true} ~handle := #in~handle;havoc ~retValue_acc~33; {15089#true} is VALID [2022-02-20 17:55:51,945 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {15089#true} is VALID [2022-02-20 17:55:51,945 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,946 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15089#true} {15090#false} #1205#return; {15090#false} is VALID [2022-02-20 17:55:51,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:55:51,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,949 INFO L290 TraceCheckUtils]: 0: Hoare triple {15146#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,949 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,949 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,949 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15089#true} {15090#false} #1211#return; {15090#false} is VALID [2022-02-20 17:55:51,949 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:55:51,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,955 INFO L290 TraceCheckUtils]: 0: Hoare triple {15089#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15089#true} is VALID [2022-02-20 17:55:51,955 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {15089#true} is VALID [2022-02-20 17:55:51,955 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,955 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15089#true} {15090#false} #1215#return; {15090#false} is VALID [2022-02-20 17:55:51,955 INFO L290 TraceCheckUtils]: 0: Hoare triple {15089#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {15089#true} is VALID [2022-02-20 17:55:51,955 INFO L290 TraceCheckUtils]: 1: Hoare triple {15089#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {15089#true} is VALID [2022-02-20 17:55:51,955 INFO L290 TraceCheckUtils]: 2: Hoare triple {15089#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15089#true} is VALID [2022-02-20 17:55:51,956 INFO L290 TraceCheckUtils]: 3: Hoare triple {15089#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {15089#true} is VALID [2022-02-20 17:55:51,956 INFO L290 TraceCheckUtils]: 4: Hoare triple {15089#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {15089#true} is VALID [2022-02-20 17:55:51,956 INFO L290 TraceCheckUtils]: 5: Hoare triple {15089#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15089#true} is VALID [2022-02-20 17:55:51,957 INFO L272 TraceCheckUtils]: 6: Hoare triple {15089#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {15142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:51,957 INFO L290 TraceCheckUtils]: 7: Hoare triple {15142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,957 INFO L290 TraceCheckUtils]: 8: Hoare triple {15089#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,957 INFO L290 TraceCheckUtils]: 9: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,957 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15089#true} {15089#true} #1247#return; {15089#true} is VALID [2022-02-20 17:55:51,957 INFO L290 TraceCheckUtils]: 11: Hoare triple {15089#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15089#true} is VALID [2022-02-20 17:55:51,958 INFO L272 TraceCheckUtils]: 12: Hoare triple {15089#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {15143#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:51,958 INFO L290 TraceCheckUtils]: 13: Hoare triple {15143#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,958 INFO L290 TraceCheckUtils]: 14: Hoare triple {15089#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,958 INFO L290 TraceCheckUtils]: 15: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,958 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15089#true} {15089#true} #1249#return; {15089#true} is VALID [2022-02-20 17:55:51,959 INFO L290 TraceCheckUtils]: 17: Hoare triple {15089#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15089#true} is VALID [2022-02-20 17:55:51,959 INFO L272 TraceCheckUtils]: 18: Hoare triple {15089#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {15142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:51,959 INFO L290 TraceCheckUtils]: 19: Hoare triple {15142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,960 INFO L290 TraceCheckUtils]: 20: Hoare triple {15089#true} assume !(1 == ~handle); {15089#true} is VALID [2022-02-20 17:55:51,960 INFO L290 TraceCheckUtils]: 21: Hoare triple {15089#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,960 INFO L290 TraceCheckUtils]: 22: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,960 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15089#true} {15089#true} #1251#return; {15089#true} is VALID [2022-02-20 17:55:51,960 INFO L290 TraceCheckUtils]: 24: Hoare triple {15089#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15089#true} is VALID [2022-02-20 17:55:51,961 INFO L272 TraceCheckUtils]: 25: Hoare triple {15089#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {15143#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:51,961 INFO L290 TraceCheckUtils]: 26: Hoare triple {15143#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,961 INFO L290 TraceCheckUtils]: 27: Hoare triple {15089#true} assume !(1 == ~handle); {15089#true} is VALID [2022-02-20 17:55:51,961 INFO L290 TraceCheckUtils]: 28: Hoare triple {15089#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,961 INFO L290 TraceCheckUtils]: 29: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,961 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15089#true} {15089#true} #1253#return; {15089#true} is VALID [2022-02-20 17:55:51,962 INFO L290 TraceCheckUtils]: 31: Hoare triple {15089#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15109#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:55:51,962 INFO L272 TraceCheckUtils]: 32: Hoare triple {15109#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {15142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:51,963 INFO L290 TraceCheckUtils]: 33: Hoare triple {15142#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15144#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:51,963 INFO L290 TraceCheckUtils]: 34: Hoare triple {15144#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15145#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:51,964 INFO L290 TraceCheckUtils]: 35: Hoare triple {15145#(= |setClientId_#in~handle| 1)} assume true; {15145#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:51,964 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {15145#(= |setClientId_#in~handle| 1)} {15109#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1255#return; {15090#false} is VALID [2022-02-20 17:55:51,964 INFO L290 TraceCheckUtils]: 37: Hoare triple {15090#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15090#false} is VALID [2022-02-20 17:55:51,964 INFO L272 TraceCheckUtils]: 38: Hoare triple {15090#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {15143#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:51,964 INFO L290 TraceCheckUtils]: 39: Hoare triple {15143#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,965 INFO L290 TraceCheckUtils]: 40: Hoare triple {15089#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,965 INFO L290 TraceCheckUtils]: 41: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,965 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {15089#true} {15090#false} #1257#return; {15090#false} is VALID [2022-02-20 17:55:51,965 INFO L290 TraceCheckUtils]: 43: Hoare triple {15090#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {15090#false} is VALID [2022-02-20 17:55:51,965 INFO L290 TraceCheckUtils]: 44: Hoare triple {15090#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15090#false} is VALID [2022-02-20 17:55:51,965 INFO L290 TraceCheckUtils]: 45: Hoare triple {15090#false} assume !false; {15090#false} is VALID [2022-02-20 17:55:51,965 INFO L290 TraceCheckUtils]: 46: Hoare triple {15090#false} assume test_~splverifierCounter~0#1 < 4; {15090#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 47: Hoare triple {15090#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15090#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 48: Hoare triple {15090#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet63#1 && test_#t~nondet63#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet63#1;havoc test_#t~nondet63#1; {15090#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 49: Hoare triple {15090#false} assume !(0 != test_~tmp___9~0#1); {15090#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 50: Hoare triple {15090#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {15090#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 51: Hoare triple {15090#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {15090#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 52: Hoare triple {15090#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {15090#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 53: Hoare triple {15090#false} assume { :end_inline_setClientAutoResponse } true; {15090#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 54: Hoare triple {15090#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {15090#false} is VALID [2022-02-20 17:55:51,967 INFO L290 TraceCheckUtils]: 55: Hoare triple {15090#false} assume !false; {15090#false} is VALID [2022-02-20 17:55:51,967 INFO L290 TraceCheckUtils]: 56: Hoare triple {15090#false} assume !(test_~splverifierCounter~0#1 < 4); {15090#false} is VALID [2022-02-20 17:55:51,967 INFO L290 TraceCheckUtils]: 57: Hoare triple {15090#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {15090#false} is VALID [2022-02-20 17:55:51,967 INFO L272 TraceCheckUtils]: 58: Hoare triple {15090#false} call sendEmail(~bob~0, ~rjh~0); {15090#false} is VALID [2022-02-20 17:55:51,967 INFO L290 TraceCheckUtils]: 59: Hoare triple {15090#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15090#false} is VALID [2022-02-20 17:55:51,967 INFO L272 TraceCheckUtils]: 60: Hoare triple {15090#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {15146#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:51,967 INFO L290 TraceCheckUtils]: 61: Hoare triple {15146#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,967 INFO L290 TraceCheckUtils]: 62: Hoare triple {15089#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,968 INFO L290 TraceCheckUtils]: 63: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,968 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {15089#true} {15090#false} #1191#return; {15090#false} is VALID [2022-02-20 17:55:51,968 INFO L272 TraceCheckUtils]: 65: Hoare triple {15090#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {15147#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:51,968 INFO L290 TraceCheckUtils]: 66: Hoare triple {15147#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,968 INFO L290 TraceCheckUtils]: 67: Hoare triple {15089#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,968 INFO L290 TraceCheckUtils]: 68: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,968 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {15089#true} {15090#false} #1193#return; {15090#false} is VALID [2022-02-20 17:55:51,968 INFO L290 TraceCheckUtils]: 70: Hoare triple {15090#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {15090#false} is VALID [2022-02-20 17:55:51,969 INFO L290 TraceCheckUtils]: 71: Hoare triple {15090#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {15090#false} is VALID [2022-02-20 17:55:51,969 INFO L272 TraceCheckUtils]: 72: Hoare triple {15090#false} call outgoing(~sender#1, ~email~0#1); {15090#false} is VALID [2022-02-20 17:55:51,969 INFO L290 TraceCheckUtils]: 73: Hoare triple {15090#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {15090#false} is VALID [2022-02-20 17:55:51,969 INFO L272 TraceCheckUtils]: 74: Hoare triple {15090#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {15089#true} is VALID [2022-02-20 17:55:51,969 INFO L290 TraceCheckUtils]: 75: Hoare triple {15089#true} ~handle := #in~handle;havoc ~retValue_acc~15; {15089#true} is VALID [2022-02-20 17:55:51,969 INFO L290 TraceCheckUtils]: 76: Hoare triple {15089#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {15089#true} is VALID [2022-02-20 17:55:51,969 INFO L290 TraceCheckUtils]: 77: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,969 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {15089#true} {15090#false} #1173#return; {15090#false} is VALID [2022-02-20 17:55:51,970 INFO L290 TraceCheckUtils]: 79: Hoare triple {15090#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {15090#false} is VALID [2022-02-20 17:55:51,970 INFO L290 TraceCheckUtils]: 80: Hoare triple {15090#false} assume !(0 != ~size~0#1); {15090#false} is VALID [2022-02-20 17:55:51,970 INFO L272 TraceCheckUtils]: 81: Hoare triple {15090#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {15090#false} is VALID [2022-02-20 17:55:51,970 INFO L290 TraceCheckUtils]: 82: Hoare triple {15090#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {15090#false} is VALID [2022-02-20 17:55:51,970 INFO L272 TraceCheckUtils]: 83: Hoare triple {15090#false} call #t~ret41#1 := getEmailTo(~msg#1); {15089#true} is VALID [2022-02-20 17:55:51,970 INFO L290 TraceCheckUtils]: 84: Hoare triple {15089#true} ~handle := #in~handle;havoc ~retValue_acc~33; {15089#true} is VALID [2022-02-20 17:55:51,970 INFO L290 TraceCheckUtils]: 85: Hoare triple {15089#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {15089#true} is VALID [2022-02-20 17:55:51,970 INFO L290 TraceCheckUtils]: 86: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,971 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {15089#true} {15090#false} #1205#return; {15090#false} is VALID [2022-02-20 17:55:51,971 INFO L290 TraceCheckUtils]: 88: Hoare triple {15090#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {15090#false} is VALID [2022-02-20 17:55:51,971 INFO L290 TraceCheckUtils]: 89: Hoare triple {15090#false} assume 1 == findPublicKey_~handle#1; {15090#false} is VALID [2022-02-20 17:55:51,971 INFO L290 TraceCheckUtils]: 90: Hoare triple {15090#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {15090#false} is VALID [2022-02-20 17:55:51,971 INFO L290 TraceCheckUtils]: 91: Hoare triple {15090#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {15090#false} is VALID [2022-02-20 17:55:51,971 INFO L290 TraceCheckUtils]: 92: Hoare triple {15090#false} assume !(0 != ~pubkey~0#1); {15090#false} is VALID [2022-02-20 17:55:51,971 INFO L290 TraceCheckUtils]: 93: Hoare triple {15090#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {15090#false} is VALID [2022-02-20 17:55:51,972 INFO L290 TraceCheckUtils]: 94: Hoare triple {15090#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {15090#false} is VALID [2022-02-20 17:55:51,972 INFO L290 TraceCheckUtils]: 95: Hoare triple {15090#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {15090#false} is VALID [2022-02-20 17:55:51,972 INFO L272 TraceCheckUtils]: 96: Hoare triple {15090#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {15146#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:51,972 INFO L290 TraceCheckUtils]: 97: Hoare triple {15146#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15089#true} is VALID [2022-02-20 17:55:51,972 INFO L290 TraceCheckUtils]: 98: Hoare triple {15089#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15089#true} is VALID [2022-02-20 17:55:51,972 INFO L290 TraceCheckUtils]: 99: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,972 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {15089#true} {15090#false} #1211#return; {15090#false} is VALID [2022-02-20 17:55:51,972 INFO L290 TraceCheckUtils]: 101: Hoare triple {15090#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {15090#false} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 102: Hoare triple {15090#false} assume !(-1 == ~mail_is_sensitive~0); {15090#false} is VALID [2022-02-20 17:55:51,973 INFO L272 TraceCheckUtils]: 103: Hoare triple {15090#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {15089#true} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 104: Hoare triple {15089#true} ~handle := #in~handle;havoc ~retValue_acc~36; {15089#true} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 105: Hoare triple {15089#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {15089#true} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 106: Hoare triple {15089#true} assume true; {15089#true} is VALID [2022-02-20 17:55:51,973 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {15089#true} {15090#false} #1215#return; {15090#false} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 108: Hoare triple {15090#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {15090#false} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 109: Hoare triple {15090#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {15090#false} is VALID [2022-02-20 17:55:51,974 INFO L290 TraceCheckUtils]: 110: Hoare triple {15090#false} assume !false; {15090#false} is VALID [2022-02-20 17:55:51,974 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:51,974 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:51,974 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [283474261] [2022-02-20 17:55:51,974 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [283474261] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:51,975 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:55:51,975 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:55:51,975 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [175017375] [2022-02-20 17:55:51,975 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:51,976 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 111 [2022-02-20 17:55:51,976 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:51,976 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:55:52,059 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:52,061 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:55:52,061 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:52,062 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:55:52,062 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:52,062 INFO L87 Difference]: Start difference. First operand 470 states and 736 transitions. Second operand has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:01,179 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:01,179 INFO L93 Difference]: Finished difference Result 1109 states and 1763 transitions. [2022-02-20 17:56:01,179 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:56:01,180 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 111 [2022-02-20 17:56:01,180 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:01,180 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:01,201 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1495 transitions. [2022-02-20 17:56:01,201 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:01,221 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1495 transitions. [2022-02-20 17:56:01,221 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1495 transitions. [2022-02-20 17:56:02,707 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1495 edges. 1495 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:02,740 INFO L225 Difference]: With dead ends: 1109 [2022-02-20 17:56:02,740 INFO L226 Difference]: Without dead ends: 662 [2022-02-20 17:56:02,742 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:56:02,743 INFO L933 BasicCegarLoop]: 721 mSDtfsCounter, 1458 mSDsluCounter, 1034 mSDsCounter, 0 mSdLazyCounter, 2544 mSolverCounterSat, 599 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1478 SdHoareTripleChecker+Valid, 1755 SdHoareTripleChecker+Invalid, 3143 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 599 IncrementalHoareTripleChecker+Valid, 2544 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:02,743 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1478 Valid, 1755 Invalid, 3143 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [599 Valid, 2544 Invalid, 0 Unknown, 0 Unchecked, 4.1s Time] [2022-02-20 17:56:02,744 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 662 states. [2022-02-20 17:56:02,873 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 662 to 470. [2022-02-20 17:56:02,873 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:02,874 INFO L82 GeneralOperation]: Start isEquivalent. First operand 662 states. Second operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 17:56:02,875 INFO L74 IsIncluded]: Start isIncluded. First operand 662 states. Second operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 17:56:02,876 INFO L87 Difference]: Start difference. First operand 662 states. Second operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 17:56:02,906 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:02,906 INFO L93 Difference]: Finished difference Result 662 states and 1058 transitions. [2022-02-20 17:56:02,907 INFO L276 IsEmpty]: Start isEmpty. Operand 662 states and 1058 transitions. [2022-02-20 17:56:02,911 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:02,911 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:02,913 INFO L74 IsIncluded]: Start isIncluded. First operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) Second operand 662 states. [2022-02-20 17:56:02,914 INFO L87 Difference]: Start difference. First operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) Second operand 662 states. [2022-02-20 17:56:02,942 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:02,942 INFO L93 Difference]: Finished difference Result 662 states and 1058 transitions. [2022-02-20 17:56:02,943 INFO L276 IsEmpty]: Start isEmpty. Operand 662 states and 1058 transitions. [2022-02-20 17:56:02,947 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:02,947 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:02,947 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:02,947 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:02,949 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 470 states, 368 states have (on average 1.5706521739130435) internal successors, (578), 374 states have internal predecessors, (578), 76 states have call successors, (76), 23 states have call predecessors, (76), 25 states have return successors, (81), 74 states have call predecessors, (81), 75 states have call successors, (81) [2022-02-20 17:56:02,967 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 470 states to 470 states and 735 transitions. [2022-02-20 17:56:02,968 INFO L78 Accepts]: Start accepts. Automaton has 470 states and 735 transitions. Word has length 111 [2022-02-20 17:56:02,968 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:02,968 INFO L470 AbstractCegarLoop]: Abstraction has 470 states and 735 transitions. [2022-02-20 17:56:02,969 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.125) internal successors, (73), 5 states have internal predecessors, (73), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:02,969 INFO L276 IsEmpty]: Start isEmpty. Operand 470 states and 735 transitions. [2022-02-20 17:56:02,971 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 17:56:02,971 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:02,971 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:02,971 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:56:02,972 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:02,972 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:02,972 INFO L85 PathProgramCache]: Analyzing trace with hash -650914240, now seen corresponding path program 2 times [2022-02-20 17:56:02,972 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:02,972 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [605989253] [2022-02-20 17:56:02,972 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:02,973 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:03,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:03,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,036 INFO L290 TraceCheckUtils]: 0: Hoare triple {18766#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,036 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,036 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,036 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18712#true} {18712#true} #1247#return; {18712#true} is VALID [2022-02-20 17:56:03,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:03,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {18767#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,048 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,048 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,048 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18712#true} {18712#true} #1249#return; {18712#true} is VALID [2022-02-20 17:56:03,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:03,050 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,052 INFO L290 TraceCheckUtils]: 0: Hoare triple {18766#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,052 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume !(1 == ~handle); {18712#true} is VALID [2022-02-20 17:56:03,053 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,053 INFO L290 TraceCheckUtils]: 3: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,053 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18712#true} {18712#true} #1251#return; {18712#true} is VALID [2022-02-20 17:56:03,053 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:03,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {18767#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume !(1 == ~handle); {18712#true} is VALID [2022-02-20 17:56:03,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,058 INFO L290 TraceCheckUtils]: 3: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,058 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18712#true} {18712#true} #1253#return; {18712#true} is VALID [2022-02-20 17:56:03,058 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:03,061 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,074 INFO L290 TraceCheckUtils]: 0: Hoare triple {18766#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18768#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:03,074 INFO L290 TraceCheckUtils]: 1: Hoare triple {18768#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18768#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:03,075 INFO L290 TraceCheckUtils]: 2: Hoare triple {18768#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18769#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:03,075 INFO L290 TraceCheckUtils]: 3: Hoare triple {18769#(= 2 |setClientId_#in~handle|)} assume true; {18769#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:03,076 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18769#(= 2 |setClientId_#in~handle|)} {18732#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1255#return; {18713#false} is VALID [2022-02-20 17:56:03,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:56:03,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {18767#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,080 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,080 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,080 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18712#true} {18713#false} #1257#return; {18713#false} is VALID [2022-02-20 17:56:03,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:56:03,095 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,098 INFO L290 TraceCheckUtils]: 0: Hoare triple {18770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,098 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,098 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,098 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18712#true} {18713#false} #1191#return; {18713#false} is VALID [2022-02-20 17:56:03,105 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:56:03,107 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {18771#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,110 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,110 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,110 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18712#true} {18713#false} #1193#return; {18713#false} is VALID [2022-02-20 17:56:03,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:56:03,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {18712#true} ~handle := #in~handle;havoc ~retValue_acc~15; {18712#true} is VALID [2022-02-20 17:56:03,114 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {18712#true} is VALID [2022-02-20 17:56:03,114 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,114 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18712#true} {18713#false} #1173#return; {18713#false} is VALID [2022-02-20 17:56:03,115 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:56:03,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,117 INFO L290 TraceCheckUtils]: 0: Hoare triple {18712#true} ~handle := #in~handle;havoc ~retValue_acc~33; {18712#true} is VALID [2022-02-20 17:56:03,117 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {18712#true} is VALID [2022-02-20 17:56:03,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,118 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18712#true} {18713#false} #1205#return; {18713#false} is VALID [2022-02-20 17:56:03,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:56:03,119 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,121 INFO L290 TraceCheckUtils]: 0: Hoare triple {18770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,121 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,121 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,121 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18712#true} {18713#false} #1211#return; {18713#false} is VALID [2022-02-20 17:56:03,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:56:03,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:03,126 INFO L290 TraceCheckUtils]: 0: Hoare triple {18712#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18712#true} is VALID [2022-02-20 17:56:03,126 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {18712#true} is VALID [2022-02-20 17:56:03,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,127 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18712#true} {18713#false} #1215#return; {18713#false} is VALID [2022-02-20 17:56:03,127 INFO L290 TraceCheckUtils]: 0: Hoare triple {18712#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {18712#true} is VALID [2022-02-20 17:56:03,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {18712#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {18712#true} is VALID [2022-02-20 17:56:03,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {18712#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18712#true} is VALID [2022-02-20 17:56:03,127 INFO L290 TraceCheckUtils]: 3: Hoare triple {18712#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {18712#true} is VALID [2022-02-20 17:56:03,127 INFO L290 TraceCheckUtils]: 4: Hoare triple {18712#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {18712#true} is VALID [2022-02-20 17:56:03,128 INFO L290 TraceCheckUtils]: 5: Hoare triple {18712#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18712#true} is VALID [2022-02-20 17:56:03,128 INFO L272 TraceCheckUtils]: 6: Hoare triple {18712#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18766#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:03,128 INFO L290 TraceCheckUtils]: 7: Hoare triple {18766#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,129 INFO L290 TraceCheckUtils]: 8: Hoare triple {18712#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,129 INFO L290 TraceCheckUtils]: 9: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,129 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18712#true} {18712#true} #1247#return; {18712#true} is VALID [2022-02-20 17:56:03,129 INFO L290 TraceCheckUtils]: 11: Hoare triple {18712#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18712#true} is VALID [2022-02-20 17:56:03,130 INFO L272 TraceCheckUtils]: 12: Hoare triple {18712#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18767#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:03,130 INFO L290 TraceCheckUtils]: 13: Hoare triple {18767#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,130 INFO L290 TraceCheckUtils]: 14: Hoare triple {18712#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,130 INFO L290 TraceCheckUtils]: 15: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,130 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18712#true} {18712#true} #1249#return; {18712#true} is VALID [2022-02-20 17:56:03,130 INFO L290 TraceCheckUtils]: 17: Hoare triple {18712#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18712#true} is VALID [2022-02-20 17:56:03,131 INFO L272 TraceCheckUtils]: 18: Hoare triple {18712#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18766#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:03,131 INFO L290 TraceCheckUtils]: 19: Hoare triple {18766#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,131 INFO L290 TraceCheckUtils]: 20: Hoare triple {18712#true} assume !(1 == ~handle); {18712#true} is VALID [2022-02-20 17:56:03,131 INFO L290 TraceCheckUtils]: 21: Hoare triple {18712#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,131 INFO L290 TraceCheckUtils]: 22: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,132 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18712#true} {18712#true} #1251#return; {18712#true} is VALID [2022-02-20 17:56:03,132 INFO L290 TraceCheckUtils]: 24: Hoare triple {18712#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18712#true} is VALID [2022-02-20 17:56:03,132 INFO L272 TraceCheckUtils]: 25: Hoare triple {18712#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18767#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:03,133 INFO L290 TraceCheckUtils]: 26: Hoare triple {18767#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,133 INFO L290 TraceCheckUtils]: 27: Hoare triple {18712#true} assume !(1 == ~handle); {18712#true} is VALID [2022-02-20 17:56:03,133 INFO L290 TraceCheckUtils]: 28: Hoare triple {18712#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,133 INFO L290 TraceCheckUtils]: 29: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,133 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18712#true} {18712#true} #1253#return; {18712#true} is VALID [2022-02-20 17:56:03,134 INFO L290 TraceCheckUtils]: 31: Hoare triple {18712#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18732#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:03,134 INFO L272 TraceCheckUtils]: 32: Hoare triple {18732#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18766#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:03,135 INFO L290 TraceCheckUtils]: 33: Hoare triple {18766#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18768#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:03,135 INFO L290 TraceCheckUtils]: 34: Hoare triple {18768#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18768#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:03,135 INFO L290 TraceCheckUtils]: 35: Hoare triple {18768#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18769#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:03,136 INFO L290 TraceCheckUtils]: 36: Hoare triple {18769#(= 2 |setClientId_#in~handle|)} assume true; {18769#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:03,136 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {18769#(= 2 |setClientId_#in~handle|)} {18732#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1255#return; {18713#false} is VALID [2022-02-20 17:56:03,136 INFO L290 TraceCheckUtils]: 38: Hoare triple {18713#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {18713#false} is VALID [2022-02-20 17:56:03,136 INFO L272 TraceCheckUtils]: 39: Hoare triple {18713#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18767#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:03,137 INFO L290 TraceCheckUtils]: 40: Hoare triple {18767#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,137 INFO L290 TraceCheckUtils]: 41: Hoare triple {18712#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,137 INFO L290 TraceCheckUtils]: 42: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,137 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {18712#true} {18713#false} #1257#return; {18713#false} is VALID [2022-02-20 17:56:03,137 INFO L290 TraceCheckUtils]: 44: Hoare triple {18713#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {18713#false} is VALID [2022-02-20 17:56:03,137 INFO L290 TraceCheckUtils]: 45: Hoare triple {18713#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18713#false} is VALID [2022-02-20 17:56:03,137 INFO L290 TraceCheckUtils]: 46: Hoare triple {18713#false} assume !false; {18713#false} is VALID [2022-02-20 17:56:03,138 INFO L290 TraceCheckUtils]: 47: Hoare triple {18713#false} assume test_~splverifierCounter~0#1 < 4; {18713#false} is VALID [2022-02-20 17:56:03,138 INFO L290 TraceCheckUtils]: 48: Hoare triple {18713#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18713#false} is VALID [2022-02-20 17:56:03,138 INFO L290 TraceCheckUtils]: 49: Hoare triple {18713#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet63#1 && test_#t~nondet63#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet63#1;havoc test_#t~nondet63#1; {18713#false} is VALID [2022-02-20 17:56:03,138 INFO L290 TraceCheckUtils]: 50: Hoare triple {18713#false} assume !(0 != test_~tmp___9~0#1); {18713#false} is VALID [2022-02-20 17:56:03,138 INFO L290 TraceCheckUtils]: 51: Hoare triple {18713#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {18713#false} is VALID [2022-02-20 17:56:03,138 INFO L290 TraceCheckUtils]: 52: Hoare triple {18713#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {18713#false} is VALID [2022-02-20 17:56:03,138 INFO L290 TraceCheckUtils]: 53: Hoare triple {18713#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {18713#false} is VALID [2022-02-20 17:56:03,138 INFO L290 TraceCheckUtils]: 54: Hoare triple {18713#false} assume { :end_inline_setClientAutoResponse } true; {18713#false} is VALID [2022-02-20 17:56:03,139 INFO L290 TraceCheckUtils]: 55: Hoare triple {18713#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {18713#false} is VALID [2022-02-20 17:56:03,139 INFO L290 TraceCheckUtils]: 56: Hoare triple {18713#false} assume !false; {18713#false} is VALID [2022-02-20 17:56:03,139 INFO L290 TraceCheckUtils]: 57: Hoare triple {18713#false} assume !(test_~splverifierCounter~0#1 < 4); {18713#false} is VALID [2022-02-20 17:56:03,139 INFO L290 TraceCheckUtils]: 58: Hoare triple {18713#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {18713#false} is VALID [2022-02-20 17:56:03,139 INFO L272 TraceCheckUtils]: 59: Hoare triple {18713#false} call sendEmail(~bob~0, ~rjh~0); {18713#false} is VALID [2022-02-20 17:56:03,139 INFO L290 TraceCheckUtils]: 60: Hoare triple {18713#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18713#false} is VALID [2022-02-20 17:56:03,139 INFO L272 TraceCheckUtils]: 61: Hoare triple {18713#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:03,140 INFO L290 TraceCheckUtils]: 62: Hoare triple {18770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,140 INFO L290 TraceCheckUtils]: 63: Hoare triple {18712#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,140 INFO L290 TraceCheckUtils]: 64: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,140 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18712#true} {18713#false} #1191#return; {18713#false} is VALID [2022-02-20 17:56:03,140 INFO L272 TraceCheckUtils]: 66: Hoare triple {18713#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18771#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:03,140 INFO L290 TraceCheckUtils]: 67: Hoare triple {18771#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,140 INFO L290 TraceCheckUtils]: 68: Hoare triple {18712#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,140 INFO L290 TraceCheckUtils]: 69: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,141 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {18712#true} {18713#false} #1193#return; {18713#false} is VALID [2022-02-20 17:56:03,141 INFO L290 TraceCheckUtils]: 71: Hoare triple {18713#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {18713#false} is VALID [2022-02-20 17:56:03,141 INFO L290 TraceCheckUtils]: 72: Hoare triple {18713#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {18713#false} is VALID [2022-02-20 17:56:03,141 INFO L272 TraceCheckUtils]: 73: Hoare triple {18713#false} call outgoing(~sender#1, ~email~0#1); {18713#false} is VALID [2022-02-20 17:56:03,141 INFO L290 TraceCheckUtils]: 74: Hoare triple {18713#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {18713#false} is VALID [2022-02-20 17:56:03,141 INFO L272 TraceCheckUtils]: 75: Hoare triple {18713#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {18712#true} is VALID [2022-02-20 17:56:03,141 INFO L290 TraceCheckUtils]: 76: Hoare triple {18712#true} ~handle := #in~handle;havoc ~retValue_acc~15; {18712#true} is VALID [2022-02-20 17:56:03,142 INFO L290 TraceCheckUtils]: 77: Hoare triple {18712#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {18712#true} is VALID [2022-02-20 17:56:03,142 INFO L290 TraceCheckUtils]: 78: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,142 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {18712#true} {18713#false} #1173#return; {18713#false} is VALID [2022-02-20 17:56:03,142 INFO L290 TraceCheckUtils]: 80: Hoare triple {18713#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {18713#false} is VALID [2022-02-20 17:56:03,142 INFO L290 TraceCheckUtils]: 81: Hoare triple {18713#false} assume !(0 != ~size~0#1); {18713#false} is VALID [2022-02-20 17:56:03,142 INFO L272 TraceCheckUtils]: 82: Hoare triple {18713#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {18713#false} is VALID [2022-02-20 17:56:03,142 INFO L290 TraceCheckUtils]: 83: Hoare triple {18713#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {18713#false} is VALID [2022-02-20 17:56:03,142 INFO L272 TraceCheckUtils]: 84: Hoare triple {18713#false} call #t~ret41#1 := getEmailTo(~msg#1); {18712#true} is VALID [2022-02-20 17:56:03,143 INFO L290 TraceCheckUtils]: 85: Hoare triple {18712#true} ~handle := #in~handle;havoc ~retValue_acc~33; {18712#true} is VALID [2022-02-20 17:56:03,143 INFO L290 TraceCheckUtils]: 86: Hoare triple {18712#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {18712#true} is VALID [2022-02-20 17:56:03,143 INFO L290 TraceCheckUtils]: 87: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,143 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {18712#true} {18713#false} #1205#return; {18713#false} is VALID [2022-02-20 17:56:03,143 INFO L290 TraceCheckUtils]: 89: Hoare triple {18713#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {18713#false} is VALID [2022-02-20 17:56:03,143 INFO L290 TraceCheckUtils]: 90: Hoare triple {18713#false} assume 1 == findPublicKey_~handle#1; {18713#false} is VALID [2022-02-20 17:56:03,143 INFO L290 TraceCheckUtils]: 91: Hoare triple {18713#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {18713#false} is VALID [2022-02-20 17:56:03,144 INFO L290 TraceCheckUtils]: 92: Hoare triple {18713#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {18713#false} is VALID [2022-02-20 17:56:03,144 INFO L290 TraceCheckUtils]: 93: Hoare triple {18713#false} assume !(0 != ~pubkey~0#1); {18713#false} is VALID [2022-02-20 17:56:03,144 INFO L290 TraceCheckUtils]: 94: Hoare triple {18713#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {18713#false} is VALID [2022-02-20 17:56:03,144 INFO L290 TraceCheckUtils]: 95: Hoare triple {18713#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {18713#false} is VALID [2022-02-20 17:56:03,144 INFO L290 TraceCheckUtils]: 96: Hoare triple {18713#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {18713#false} is VALID [2022-02-20 17:56:03,144 INFO L272 TraceCheckUtils]: 97: Hoare triple {18713#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {18770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:03,144 INFO L290 TraceCheckUtils]: 98: Hoare triple {18770#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18712#true} is VALID [2022-02-20 17:56:03,145 INFO L290 TraceCheckUtils]: 99: Hoare triple {18712#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18712#true} is VALID [2022-02-20 17:56:03,145 INFO L290 TraceCheckUtils]: 100: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,145 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {18712#true} {18713#false} #1211#return; {18713#false} is VALID [2022-02-20 17:56:03,145 INFO L290 TraceCheckUtils]: 102: Hoare triple {18713#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {18713#false} is VALID [2022-02-20 17:56:03,145 INFO L290 TraceCheckUtils]: 103: Hoare triple {18713#false} assume !(-1 == ~mail_is_sensitive~0); {18713#false} is VALID [2022-02-20 17:56:03,145 INFO L272 TraceCheckUtils]: 104: Hoare triple {18713#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {18712#true} is VALID [2022-02-20 17:56:03,145 INFO L290 TraceCheckUtils]: 105: Hoare triple {18712#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18712#true} is VALID [2022-02-20 17:56:03,145 INFO L290 TraceCheckUtils]: 106: Hoare triple {18712#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {18712#true} is VALID [2022-02-20 17:56:03,146 INFO L290 TraceCheckUtils]: 107: Hoare triple {18712#true} assume true; {18712#true} is VALID [2022-02-20 17:56:03,146 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {18712#true} {18713#false} #1215#return; {18713#false} is VALID [2022-02-20 17:56:03,146 INFO L290 TraceCheckUtils]: 109: Hoare triple {18713#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {18713#false} is VALID [2022-02-20 17:56:03,146 INFO L290 TraceCheckUtils]: 110: Hoare triple {18713#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {18713#false} is VALID [2022-02-20 17:56:03,146 INFO L290 TraceCheckUtils]: 111: Hoare triple {18713#false} assume !false; {18713#false} is VALID [2022-02-20 17:56:03,147 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:56:03,147 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:03,147 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [605989253] [2022-02-20 17:56:03,147 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [605989253] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:03,147 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:03,147 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:56:03,147 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1919445196] [2022-02-20 17:56:03,148 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:03,149 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 112 [2022-02-20 17:56:03,149 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:03,149 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:03,221 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:03,221 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:56:03,221 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:03,222 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:56:03,222 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:56:03,222 INFO L87 Difference]: Start difference. First operand 470 states and 735 transitions. Second operand has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:11,451 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:11,451 INFO L93 Difference]: Finished difference Result 1111 states and 1766 transitions. [2022-02-20 17:56:11,451 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:56:11,451 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 112 [2022-02-20 17:56:11,451 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:11,452 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:11,468 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1496 transitions. [2022-02-20 17:56:11,468 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:11,485 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1496 transitions. [2022-02-20 17:56:11,485 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1496 transitions. [2022-02-20 17:56:12,781 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1496 edges. 1496 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:12,807 INFO L225 Difference]: With dead ends: 1111 [2022-02-20 17:56:12,808 INFO L226 Difference]: Without dead ends: 664 [2022-02-20 17:56:12,809 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 27 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:56:12,810 INFO L933 BasicCegarLoop]: 720 mSDtfsCounter, 1455 mSDsluCounter, 1034 mSDsCounter, 0 mSdLazyCounter, 2543 mSolverCounterSat, 590 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1477 SdHoareTripleChecker+Valid, 1754 SdHoareTripleChecker+Invalid, 3133 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 590 IncrementalHoareTripleChecker+Valid, 2543 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.7s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:12,810 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1477 Valid, 1754 Invalid, 3133 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [590 Valid, 2543 Invalid, 0 Unknown, 0 Unchecked, 3.7s Time] [2022-02-20 17:56:12,812 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 664 states. [2022-02-20 17:56:12,925 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 664 to 472. [2022-02-20 17:56:12,926 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:12,942 INFO L82 GeneralOperation]: Start isEquivalent. First operand 664 states. Second operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 17:56:12,944 INFO L74 IsIncluded]: Start isIncluded. First operand 664 states. Second operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 17:56:12,944 INFO L87 Difference]: Start difference. First operand 664 states. Second operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 17:56:12,975 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:12,976 INFO L93 Difference]: Finished difference Result 664 states and 1061 transitions. [2022-02-20 17:56:12,976 INFO L276 IsEmpty]: Start isEmpty. Operand 664 states and 1061 transitions. [2022-02-20 17:56:12,980 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:12,980 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:12,982 INFO L74 IsIncluded]: Start isIncluded. First operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 664 states. [2022-02-20 17:56:12,983 INFO L87 Difference]: Start difference. First operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 664 states. [2022-02-20 17:56:13,013 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:13,013 INFO L93 Difference]: Finished difference Result 664 states and 1061 transitions. [2022-02-20 17:56:13,014 INFO L276 IsEmpty]: Start isEmpty. Operand 664 states and 1061 transitions. [2022-02-20 17:56:13,018 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:13,019 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:13,019 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:13,019 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:13,020 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 17:56:13,039 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 472 states to 472 states and 738 transitions. [2022-02-20 17:56:13,039 INFO L78 Accepts]: Start accepts. Automaton has 472 states and 738 transitions. Word has length 112 [2022-02-20 17:56:13,040 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:13,040 INFO L470 AbstractCegarLoop]: Abstraction has 472 states and 738 transitions. [2022-02-20 17:56:13,040 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.25) internal successors, (74), 5 states have internal predecessors, (74), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:13,040 INFO L276 IsEmpty]: Start isEmpty. Operand 472 states and 738 transitions. [2022-02-20 17:56:13,042 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 114 [2022-02-20 17:56:13,042 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:13,043 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:13,043 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:56:13,043 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:13,044 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:13,044 INFO L85 PathProgramCache]: Analyzing trace with hash -1604041335, now seen corresponding path program 1 times [2022-02-20 17:56:13,044 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:13,044 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1411356025] [2022-02-20 17:56:13,044 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:13,044 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:13,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,104 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:13,105 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {22399#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,108 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22344#true} {22344#true} #1247#return; {22344#true} is VALID [2022-02-20 17:56:13,113 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:13,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,117 INFO L290 TraceCheckUtils]: 0: Hoare triple {22400#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,118 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,118 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22344#true} {22344#true} #1249#return; {22344#true} is VALID [2022-02-20 17:56:13,118 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:13,120 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,125 INFO L290 TraceCheckUtils]: 0: Hoare triple {22399#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume !(1 == ~handle); {22344#true} is VALID [2022-02-20 17:56:13,126 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,126 INFO L290 TraceCheckUtils]: 3: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,126 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22344#true} {22344#true} #1251#return; {22344#true} is VALID [2022-02-20 17:56:13,126 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:13,128 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,130 INFO L290 TraceCheckUtils]: 0: Hoare triple {22400#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,130 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume !(1 == ~handle); {22344#true} is VALID [2022-02-20 17:56:13,130 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,131 INFO L290 TraceCheckUtils]: 3: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,131 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22344#true} {22344#true} #1253#return; {22344#true} is VALID [2022-02-20 17:56:13,131 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:13,134 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,149 INFO L290 TraceCheckUtils]: 0: Hoare triple {22399#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22401#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:13,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {22401#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22401#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:13,150 INFO L290 TraceCheckUtils]: 2: Hoare triple {22401#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22401#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:13,151 INFO L290 TraceCheckUtils]: 3: Hoare triple {22401#(= setClientId_~handle |setClientId_#in~handle|)} assume !(3 == ~handle); {22402#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 17:56:13,151 INFO L290 TraceCheckUtils]: 4: Hoare triple {22402#(not (= 3 |setClientId_#in~handle|))} assume true; {22402#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 17:56:13,152 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22402#(not (= 3 |setClientId_#in~handle|))} {22364#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1255#return; {22345#false} is VALID [2022-02-20 17:56:13,152 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:13,154 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,156 INFO L290 TraceCheckUtils]: 0: Hoare triple {22400#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,156 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,156 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,157 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22344#true} {22345#false} #1257#return; {22345#false} is VALID [2022-02-20 17:56:13,166 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:56:13,167 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,169 INFO L290 TraceCheckUtils]: 0: Hoare triple {22403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,170 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,170 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,170 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22344#true} {22345#false} #1191#return; {22345#false} is VALID [2022-02-20 17:56:13,177 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:56:13,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {22404#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,180 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,181 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22344#true} {22345#false} #1193#return; {22345#false} is VALID [2022-02-20 17:56:13,181 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:56:13,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,184 INFO L290 TraceCheckUtils]: 0: Hoare triple {22344#true} ~handle := #in~handle;havoc ~retValue_acc~15; {22344#true} is VALID [2022-02-20 17:56:13,184 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {22344#true} is VALID [2022-02-20 17:56:13,184 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,184 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22344#true} {22345#false} #1173#return; {22345#false} is VALID [2022-02-20 17:56:13,185 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:56:13,185 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,187 INFO L290 TraceCheckUtils]: 0: Hoare triple {22344#true} ~handle := #in~handle;havoc ~retValue_acc~33; {22344#true} is VALID [2022-02-20 17:56:13,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {22344#true} is VALID [2022-02-20 17:56:13,188 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,188 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22344#true} {22345#false} #1205#return; {22345#false} is VALID [2022-02-20 17:56:13,188 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:56:13,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,191 INFO L290 TraceCheckUtils]: 0: Hoare triple {22403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,191 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,191 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,191 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22344#true} {22345#false} #1211#return; {22345#false} is VALID [2022-02-20 17:56:13,191 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:56:13,192 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:13,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {22344#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22344#true} is VALID [2022-02-20 17:56:13,194 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {22344#true} is VALID [2022-02-20 17:56:13,194 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,195 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22344#true} {22345#false} #1215#return; {22345#false} is VALID [2022-02-20 17:56:13,195 INFO L290 TraceCheckUtils]: 0: Hoare triple {22344#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {22344#true} is VALID [2022-02-20 17:56:13,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {22344#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {22344#true} is VALID [2022-02-20 17:56:13,195 INFO L290 TraceCheckUtils]: 2: Hoare triple {22344#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22344#true} is VALID [2022-02-20 17:56:13,195 INFO L290 TraceCheckUtils]: 3: Hoare triple {22344#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {22344#true} is VALID [2022-02-20 17:56:13,195 INFO L290 TraceCheckUtils]: 4: Hoare triple {22344#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {22344#true} is VALID [2022-02-20 17:56:13,196 INFO L290 TraceCheckUtils]: 5: Hoare triple {22344#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22344#true} is VALID [2022-02-20 17:56:13,196 INFO L272 TraceCheckUtils]: 6: Hoare triple {22344#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22399#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:13,196 INFO L290 TraceCheckUtils]: 7: Hoare triple {22399#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,197 INFO L290 TraceCheckUtils]: 8: Hoare triple {22344#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,197 INFO L290 TraceCheckUtils]: 9: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,197 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22344#true} {22344#true} #1247#return; {22344#true} is VALID [2022-02-20 17:56:13,197 INFO L290 TraceCheckUtils]: 11: Hoare triple {22344#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22344#true} is VALID [2022-02-20 17:56:13,198 INFO L272 TraceCheckUtils]: 12: Hoare triple {22344#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22400#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:13,198 INFO L290 TraceCheckUtils]: 13: Hoare triple {22400#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,198 INFO L290 TraceCheckUtils]: 14: Hoare triple {22344#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,198 INFO L290 TraceCheckUtils]: 15: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,198 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22344#true} {22344#true} #1249#return; {22344#true} is VALID [2022-02-20 17:56:13,198 INFO L290 TraceCheckUtils]: 17: Hoare triple {22344#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22344#true} is VALID [2022-02-20 17:56:13,199 INFO L272 TraceCheckUtils]: 18: Hoare triple {22344#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22399#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:13,199 INFO L290 TraceCheckUtils]: 19: Hoare triple {22399#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,199 INFO L290 TraceCheckUtils]: 20: Hoare triple {22344#true} assume !(1 == ~handle); {22344#true} is VALID [2022-02-20 17:56:13,199 INFO L290 TraceCheckUtils]: 21: Hoare triple {22344#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,200 INFO L290 TraceCheckUtils]: 22: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,200 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22344#true} {22344#true} #1251#return; {22344#true} is VALID [2022-02-20 17:56:13,200 INFO L290 TraceCheckUtils]: 24: Hoare triple {22344#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22344#true} is VALID [2022-02-20 17:56:13,200 INFO L272 TraceCheckUtils]: 25: Hoare triple {22344#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22400#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:13,201 INFO L290 TraceCheckUtils]: 26: Hoare triple {22400#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,201 INFO L290 TraceCheckUtils]: 27: Hoare triple {22344#true} assume !(1 == ~handle); {22344#true} is VALID [2022-02-20 17:56:13,201 INFO L290 TraceCheckUtils]: 28: Hoare triple {22344#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,201 INFO L290 TraceCheckUtils]: 29: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,201 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22344#true} {22344#true} #1253#return; {22344#true} is VALID [2022-02-20 17:56:13,202 INFO L290 TraceCheckUtils]: 31: Hoare triple {22344#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22364#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:13,202 INFO L272 TraceCheckUtils]: 32: Hoare triple {22364#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22399#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:13,203 INFO L290 TraceCheckUtils]: 33: Hoare triple {22399#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22401#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:13,203 INFO L290 TraceCheckUtils]: 34: Hoare triple {22401#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22401#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:13,203 INFO L290 TraceCheckUtils]: 35: Hoare triple {22401#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22401#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:13,204 INFO L290 TraceCheckUtils]: 36: Hoare triple {22401#(= setClientId_~handle |setClientId_#in~handle|)} assume !(3 == ~handle); {22402#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 17:56:13,204 INFO L290 TraceCheckUtils]: 37: Hoare triple {22402#(not (= 3 |setClientId_#in~handle|))} assume true; {22402#(not (= 3 |setClientId_#in~handle|))} is VALID [2022-02-20 17:56:13,205 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22402#(not (= 3 |setClientId_#in~handle|))} {22364#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1255#return; {22345#false} is VALID [2022-02-20 17:56:13,205 INFO L290 TraceCheckUtils]: 39: Hoare triple {22345#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {22345#false} is VALID [2022-02-20 17:56:13,205 INFO L272 TraceCheckUtils]: 40: Hoare triple {22345#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22400#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:13,205 INFO L290 TraceCheckUtils]: 41: Hoare triple {22400#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,205 INFO L290 TraceCheckUtils]: 42: Hoare triple {22344#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,205 INFO L290 TraceCheckUtils]: 43: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,205 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {22344#true} {22345#false} #1257#return; {22345#false} is VALID [2022-02-20 17:56:13,206 INFO L290 TraceCheckUtils]: 45: Hoare triple {22345#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {22345#false} is VALID [2022-02-20 17:56:13,206 INFO L290 TraceCheckUtils]: 46: Hoare triple {22345#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22345#false} is VALID [2022-02-20 17:56:13,206 INFO L290 TraceCheckUtils]: 47: Hoare triple {22345#false} assume !false; {22345#false} is VALID [2022-02-20 17:56:13,206 INFO L290 TraceCheckUtils]: 48: Hoare triple {22345#false} assume test_~splverifierCounter~0#1 < 4; {22345#false} is VALID [2022-02-20 17:56:13,206 INFO L290 TraceCheckUtils]: 49: Hoare triple {22345#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22345#false} is VALID [2022-02-20 17:56:13,206 INFO L290 TraceCheckUtils]: 50: Hoare triple {22345#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet63#1 && test_#t~nondet63#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet63#1;havoc test_#t~nondet63#1; {22345#false} is VALID [2022-02-20 17:56:13,206 INFO L290 TraceCheckUtils]: 51: Hoare triple {22345#false} assume !(0 != test_~tmp___9~0#1); {22345#false} is VALID [2022-02-20 17:56:13,207 INFO L290 TraceCheckUtils]: 52: Hoare triple {22345#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {22345#false} is VALID [2022-02-20 17:56:13,207 INFO L290 TraceCheckUtils]: 53: Hoare triple {22345#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {22345#false} is VALID [2022-02-20 17:56:13,207 INFO L290 TraceCheckUtils]: 54: Hoare triple {22345#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {22345#false} is VALID [2022-02-20 17:56:13,207 INFO L290 TraceCheckUtils]: 55: Hoare triple {22345#false} assume { :end_inline_setClientAutoResponse } true; {22345#false} is VALID [2022-02-20 17:56:13,207 INFO L290 TraceCheckUtils]: 56: Hoare triple {22345#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {22345#false} is VALID [2022-02-20 17:56:13,207 INFO L290 TraceCheckUtils]: 57: Hoare triple {22345#false} assume !false; {22345#false} is VALID [2022-02-20 17:56:13,207 INFO L290 TraceCheckUtils]: 58: Hoare triple {22345#false} assume !(test_~splverifierCounter~0#1 < 4); {22345#false} is VALID [2022-02-20 17:56:13,207 INFO L290 TraceCheckUtils]: 59: Hoare triple {22345#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {22345#false} is VALID [2022-02-20 17:56:13,208 INFO L272 TraceCheckUtils]: 60: Hoare triple {22345#false} call sendEmail(~bob~0, ~rjh~0); {22345#false} is VALID [2022-02-20 17:56:13,208 INFO L290 TraceCheckUtils]: 61: Hoare triple {22345#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22345#false} is VALID [2022-02-20 17:56:13,208 INFO L272 TraceCheckUtils]: 62: Hoare triple {22345#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:13,208 INFO L290 TraceCheckUtils]: 63: Hoare triple {22403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,208 INFO L290 TraceCheckUtils]: 64: Hoare triple {22344#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,208 INFO L290 TraceCheckUtils]: 65: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,208 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {22344#true} {22345#false} #1191#return; {22345#false} is VALID [2022-02-20 17:56:13,209 INFO L272 TraceCheckUtils]: 67: Hoare triple {22345#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22404#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:13,209 INFO L290 TraceCheckUtils]: 68: Hoare triple {22404#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,209 INFO L290 TraceCheckUtils]: 69: Hoare triple {22344#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,209 INFO L290 TraceCheckUtils]: 70: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,209 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {22344#true} {22345#false} #1193#return; {22345#false} is VALID [2022-02-20 17:56:13,209 INFO L290 TraceCheckUtils]: 72: Hoare triple {22345#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {22345#false} is VALID [2022-02-20 17:56:13,209 INFO L290 TraceCheckUtils]: 73: Hoare triple {22345#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {22345#false} is VALID [2022-02-20 17:56:13,210 INFO L272 TraceCheckUtils]: 74: Hoare triple {22345#false} call outgoing(~sender#1, ~email~0#1); {22345#false} is VALID [2022-02-20 17:56:13,210 INFO L290 TraceCheckUtils]: 75: Hoare triple {22345#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {22345#false} is VALID [2022-02-20 17:56:13,210 INFO L272 TraceCheckUtils]: 76: Hoare triple {22345#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {22344#true} is VALID [2022-02-20 17:56:13,210 INFO L290 TraceCheckUtils]: 77: Hoare triple {22344#true} ~handle := #in~handle;havoc ~retValue_acc~15; {22344#true} is VALID [2022-02-20 17:56:13,210 INFO L290 TraceCheckUtils]: 78: Hoare triple {22344#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {22344#true} is VALID [2022-02-20 17:56:13,210 INFO L290 TraceCheckUtils]: 79: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,210 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {22344#true} {22345#false} #1173#return; {22345#false} is VALID [2022-02-20 17:56:13,211 INFO L290 TraceCheckUtils]: 81: Hoare triple {22345#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {22345#false} is VALID [2022-02-20 17:56:13,211 INFO L290 TraceCheckUtils]: 82: Hoare triple {22345#false} assume !(0 != ~size~0#1); {22345#false} is VALID [2022-02-20 17:56:13,211 INFO L272 TraceCheckUtils]: 83: Hoare triple {22345#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {22345#false} is VALID [2022-02-20 17:56:13,211 INFO L290 TraceCheckUtils]: 84: Hoare triple {22345#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {22345#false} is VALID [2022-02-20 17:56:13,211 INFO L272 TraceCheckUtils]: 85: Hoare triple {22345#false} call #t~ret41#1 := getEmailTo(~msg#1); {22344#true} is VALID [2022-02-20 17:56:13,211 INFO L290 TraceCheckUtils]: 86: Hoare triple {22344#true} ~handle := #in~handle;havoc ~retValue_acc~33; {22344#true} is VALID [2022-02-20 17:56:13,211 INFO L290 TraceCheckUtils]: 87: Hoare triple {22344#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {22344#true} is VALID [2022-02-20 17:56:13,211 INFO L290 TraceCheckUtils]: 88: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,212 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {22344#true} {22345#false} #1205#return; {22345#false} is VALID [2022-02-20 17:56:13,212 INFO L290 TraceCheckUtils]: 90: Hoare triple {22345#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {22345#false} is VALID [2022-02-20 17:56:13,212 INFO L290 TraceCheckUtils]: 91: Hoare triple {22345#false} assume 1 == findPublicKey_~handle#1; {22345#false} is VALID [2022-02-20 17:56:13,212 INFO L290 TraceCheckUtils]: 92: Hoare triple {22345#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {22345#false} is VALID [2022-02-20 17:56:13,212 INFO L290 TraceCheckUtils]: 93: Hoare triple {22345#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {22345#false} is VALID [2022-02-20 17:56:13,212 INFO L290 TraceCheckUtils]: 94: Hoare triple {22345#false} assume !(0 != ~pubkey~0#1); {22345#false} is VALID [2022-02-20 17:56:13,212 INFO L290 TraceCheckUtils]: 95: Hoare triple {22345#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {22345#false} is VALID [2022-02-20 17:56:13,213 INFO L290 TraceCheckUtils]: 96: Hoare triple {22345#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {22345#false} is VALID [2022-02-20 17:56:13,213 INFO L290 TraceCheckUtils]: 97: Hoare triple {22345#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {22345#false} is VALID [2022-02-20 17:56:13,213 INFO L272 TraceCheckUtils]: 98: Hoare triple {22345#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {22403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:13,213 INFO L290 TraceCheckUtils]: 99: Hoare triple {22403#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22344#true} is VALID [2022-02-20 17:56:13,213 INFO L290 TraceCheckUtils]: 100: Hoare triple {22344#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22344#true} is VALID [2022-02-20 17:56:13,213 INFO L290 TraceCheckUtils]: 101: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,213 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {22344#true} {22345#false} #1211#return; {22345#false} is VALID [2022-02-20 17:56:13,214 INFO L290 TraceCheckUtils]: 103: Hoare triple {22345#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {22345#false} is VALID [2022-02-20 17:56:13,214 INFO L290 TraceCheckUtils]: 104: Hoare triple {22345#false} assume !(-1 == ~mail_is_sensitive~0); {22345#false} is VALID [2022-02-20 17:56:13,214 INFO L272 TraceCheckUtils]: 105: Hoare triple {22345#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {22344#true} is VALID [2022-02-20 17:56:13,214 INFO L290 TraceCheckUtils]: 106: Hoare triple {22344#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22344#true} is VALID [2022-02-20 17:56:13,214 INFO L290 TraceCheckUtils]: 107: Hoare triple {22344#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {22344#true} is VALID [2022-02-20 17:56:13,214 INFO L290 TraceCheckUtils]: 108: Hoare triple {22344#true} assume true; {22344#true} is VALID [2022-02-20 17:56:13,214 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {22344#true} {22345#false} #1215#return; {22345#false} is VALID [2022-02-20 17:56:13,215 INFO L290 TraceCheckUtils]: 110: Hoare triple {22345#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {22345#false} is VALID [2022-02-20 17:56:13,215 INFO L290 TraceCheckUtils]: 111: Hoare triple {22345#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {22345#false} is VALID [2022-02-20 17:56:13,215 INFO L290 TraceCheckUtils]: 112: Hoare triple {22345#false} assume !false; {22345#false} is VALID [2022-02-20 17:56:13,215 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:56:13,215 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:13,216 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1411356025] [2022-02-20 17:56:13,216 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1411356025] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:13,216 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:13,216 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:56:13,216 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [634583244] [2022-02-20 17:56:13,216 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:13,217 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 113 [2022-02-20 17:56:13,217 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:13,217 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:13,289 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 102 edges. 102 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:13,289 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:56:13,289 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:13,290 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:56:13,290 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:56:13,290 INFO L87 Difference]: Start difference. First operand 472 states and 738 transitions. Second operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:21,195 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:21,195 INFO L93 Difference]: Finished difference Result 1111 states and 1765 transitions. [2022-02-20 17:56:21,196 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 17:56:21,196 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) Word has length 113 [2022-02-20 17:56:21,196 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:21,196 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:21,213 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1495 transitions. [2022-02-20 17:56:21,214 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:21,230 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 1495 transitions. [2022-02-20 17:56:21,231 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 1495 transitions. [2022-02-20 17:56:22,526 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1495 edges. 1495 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:22,560 INFO L225 Difference]: With dead ends: 1111 [2022-02-20 17:56:22,560 INFO L226 Difference]: Without dead ends: 664 [2022-02-20 17:56:22,562 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 28 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 41 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=89, Invalid=217, Unknown=0, NotChecked=0, Total=306 [2022-02-20 17:56:22,562 INFO L933 BasicCegarLoop]: 721 mSDtfsCounter, 1456 mSDsluCounter, 1034 mSDsCounter, 0 mSdLazyCounter, 2551 mSolverCounterSat, 588 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1476 SdHoareTripleChecker+Valid, 1755 SdHoareTripleChecker+Invalid, 3139 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 588 IncrementalHoareTripleChecker+Valid, 2551 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:22,563 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1476 Valid, 1755 Invalid, 3139 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [588 Valid, 2551 Invalid, 0 Unknown, 0 Unchecked, 3.6s Time] [2022-02-20 17:56:22,564 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 664 states. [2022-02-20 17:56:22,671 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 664 to 472. [2022-02-20 17:56:22,672 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:22,673 INFO L82 GeneralOperation]: Start isEquivalent. First operand 664 states. Second operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 17:56:22,674 INFO L74 IsIncluded]: Start isIncluded. First operand 664 states. Second operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 17:56:22,676 INFO L87 Difference]: Start difference. First operand 664 states. Second operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 17:56:22,708 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:22,708 INFO L93 Difference]: Finished difference Result 664 states and 1060 transitions. [2022-02-20 17:56:22,708 INFO L276 IsEmpty]: Start isEmpty. Operand 664 states and 1060 transitions. [2022-02-20 17:56:22,712 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:22,712 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:22,713 INFO L74 IsIncluded]: Start isIncluded. First operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 664 states. [2022-02-20 17:56:22,714 INFO L87 Difference]: Start difference. First operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) Second operand 664 states. [2022-02-20 17:56:22,744 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:22,744 INFO L93 Difference]: Finished difference Result 664 states and 1060 transitions. [2022-02-20 17:56:22,744 INFO L276 IsEmpty]: Start isEmpty. Operand 664 states and 1060 transitions. [2022-02-20 17:56:22,748 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:22,748 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:22,748 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:22,748 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:22,751 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 472 states, 369 states have (on average 1.5691056910569106) internal successors, (579), 376 states have internal predecessors, (579), 76 states have call successors, (76), 23 states have call predecessors, (76), 26 states have return successors, (83), 74 states have call predecessors, (83), 75 states have call successors, (83) [2022-02-20 17:56:22,769 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 472 states to 472 states and 738 transitions. [2022-02-20 17:56:22,770 INFO L78 Accepts]: Start accepts. Automaton has 472 states and 738 transitions. Word has length 113 [2022-02-20 17:56:22,784 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:22,784 INFO L470 AbstractCegarLoop]: Abstraction has 472 states and 738 transitions. [2022-02-20 17:56:22,785 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (12), 2 states have call predecessors, (12), 3 states have call successors, (12) [2022-02-20 17:56:22,785 INFO L276 IsEmpty]: Start isEmpty. Operand 472 states and 738 transitions. [2022-02-20 17:56:22,787 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 114 [2022-02-20 17:56:22,787 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:22,787 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:22,787 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:56:22,787 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:22,787 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:22,787 INFO L85 PathProgramCache]: Analyzing trace with hash -1631106937, now seen corresponding path program 1 times [2022-02-20 17:56:22,788 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:22,788 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1827666789] [2022-02-20 17:56:22,788 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:22,788 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:22,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,856 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:22,857 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,859 INFO L290 TraceCheckUtils]: 0: Hoare triple {26036#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,859 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,860 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,860 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25980#true} {25980#true} #1247#return; {25980#true} is VALID [2022-02-20 17:56:22,866 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:22,868 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,880 INFO L290 TraceCheckUtils]: 0: Hoare triple {26037#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,881 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,881 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25980#true} {25980#true} #1249#return; {25980#true} is VALID [2022-02-20 17:56:22,881 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:22,882 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,885 INFO L290 TraceCheckUtils]: 0: Hoare triple {26036#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,885 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume !(1 == ~handle); {25980#true} is VALID [2022-02-20 17:56:22,885 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,885 INFO L290 TraceCheckUtils]: 3: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,885 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25980#true} {25980#true} #1251#return; {25980#true} is VALID [2022-02-20 17:56:22,886 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:22,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,890 INFO L290 TraceCheckUtils]: 0: Hoare triple {26037#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,890 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume !(1 == ~handle); {25980#true} is VALID [2022-02-20 17:56:22,890 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,890 INFO L290 TraceCheckUtils]: 3: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,891 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25980#true} {25980#true} #1253#return; {25980#true} is VALID [2022-02-20 17:56:22,891 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:22,894 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {26036#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26038#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,910 INFO L290 TraceCheckUtils]: 1: Hoare triple {26038#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26038#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,910 INFO L290 TraceCheckUtils]: 2: Hoare triple {26038#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26038#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,911 INFO L290 TraceCheckUtils]: 3: Hoare triple {26038#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26039#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,911 INFO L290 TraceCheckUtils]: 4: Hoare triple {26039#(= 3 |setClientId_#in~handle|)} assume true; {26039#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,912 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {26039#(= 3 |setClientId_#in~handle|)} {26000#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1255#return; {26007#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:56:22,912 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:22,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,934 INFO L290 TraceCheckUtils]: 0: Hoare triple {26037#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26040#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:22,934 INFO L290 TraceCheckUtils]: 1: Hoare triple {26040#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26041#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:22,935 INFO L290 TraceCheckUtils]: 2: Hoare triple {26041#(= |setClientPrivateKey_#in~handle| 1)} assume true; {26041#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:22,935 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26041#(= |setClientPrivateKey_#in~handle| 1)} {26007#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1257#return; {25981#false} is VALID [2022-02-20 17:56:22,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:56:22,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,947 INFO L290 TraceCheckUtils]: 0: Hoare triple {26042#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,947 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,947 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,947 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25980#true} {25981#false} #1191#return; {25981#false} is VALID [2022-02-20 17:56:22,956 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:56:22,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,960 INFO L290 TraceCheckUtils]: 0: Hoare triple {26043#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,960 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,960 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,960 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25980#true} {25981#false} #1193#return; {25981#false} is VALID [2022-02-20 17:56:22,961 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:56:22,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,963 INFO L290 TraceCheckUtils]: 0: Hoare triple {25980#true} ~handle := #in~handle;havoc ~retValue_acc~15; {25980#true} is VALID [2022-02-20 17:56:22,964 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {25980#true} is VALID [2022-02-20 17:56:22,964 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,964 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25980#true} {25981#false} #1173#return; {25981#false} is VALID [2022-02-20 17:56:22,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:56:22,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {25980#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25980#true} is VALID [2022-02-20 17:56:22,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25980#true} is VALID [2022-02-20 17:56:22,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,967 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25980#true} {25981#false} #1205#return; {25981#false} is VALID [2022-02-20 17:56:22,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:56:22,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {26042#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,970 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,970 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,970 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25980#true} {25981#false} #1211#return; {25981#false} is VALID [2022-02-20 17:56:22,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:56:22,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:22,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {25980#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25980#true} is VALID [2022-02-20 17:56:22,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {25980#true} is VALID [2022-02-20 17:56:22,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,973 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25980#true} {25981#false} #1215#return; {25981#false} is VALID [2022-02-20 17:56:22,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {25980#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(10, 12);call #Ultimate.allocInit(12, 13);call #Ultimate.allocInit(10, 14);call #Ultimate.allocInit(18, 15);call #Ultimate.allocInit(16, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(10, 18);call #Ultimate.allocInit(34, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(16, 21);call #Ultimate.allocInit(20, 22);call #Ultimate.allocInit(22, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(4, 25);call write~init~int(37, 25, 0, 1);call write~init~int(115, 25, 1, 1);call write~init~int(10, 25, 2, 1);call write~init~int(0, 25, 3, 1);call #Ultimate.allocInit(13, 26);call #Ultimate.allocInit(30, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(30, 30);call #Ultimate.allocInit(9, 31);call #Ultimate.allocInit(21, 32);call #Ultimate.allocInit(30, 33);call #Ultimate.allocInit(9, 34);call #Ultimate.allocInit(25, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(9, 37);call #Ultimate.allocInit(25, 38);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~mail_is_sensitive~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {25980#true} is VALID [2022-02-20 17:56:22,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {25980#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {25980#true} is VALID [2022-02-20 17:56:22,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {25980#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25980#true} is VALID [2022-02-20 17:56:22,973 INFO L290 TraceCheckUtils]: 3: Hoare triple {25980#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {25980#true} is VALID [2022-02-20 17:56:22,973 INFO L290 TraceCheckUtils]: 4: Hoare triple {25980#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {25980#true} is VALID [2022-02-20 17:56:22,973 INFO L290 TraceCheckUtils]: 5: Hoare triple {25980#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25980#true} is VALID [2022-02-20 17:56:22,974 INFO L272 TraceCheckUtils]: 6: Hoare triple {25980#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {26036#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:22,974 INFO L290 TraceCheckUtils]: 7: Hoare triple {26036#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,974 INFO L290 TraceCheckUtils]: 8: Hoare triple {25980#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,974 INFO L290 TraceCheckUtils]: 9: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,974 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25980#true} {25980#true} #1247#return; {25980#true} is VALID [2022-02-20 17:56:22,975 INFO L290 TraceCheckUtils]: 11: Hoare triple {25980#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25980#true} is VALID [2022-02-20 17:56:22,975 INFO L272 TraceCheckUtils]: 12: Hoare triple {25980#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {26037#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:22,975 INFO L290 TraceCheckUtils]: 13: Hoare triple {26037#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,975 INFO L290 TraceCheckUtils]: 14: Hoare triple {25980#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,975 INFO L290 TraceCheckUtils]: 15: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,976 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25980#true} {25980#true} #1249#return; {25980#true} is VALID [2022-02-20 17:56:22,976 INFO L290 TraceCheckUtils]: 17: Hoare triple {25980#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25980#true} is VALID [2022-02-20 17:56:22,976 INFO L272 TraceCheckUtils]: 18: Hoare triple {25980#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {26036#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:22,976 INFO L290 TraceCheckUtils]: 19: Hoare triple {26036#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,976 INFO L290 TraceCheckUtils]: 20: Hoare triple {25980#true} assume !(1 == ~handle); {25980#true} is VALID [2022-02-20 17:56:22,977 INFO L290 TraceCheckUtils]: 21: Hoare triple {25980#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,977 INFO L290 TraceCheckUtils]: 22: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,977 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25980#true} {25980#true} #1251#return; {25980#true} is VALID [2022-02-20 17:56:22,977 INFO L290 TraceCheckUtils]: 24: Hoare triple {25980#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25980#true} is VALID [2022-02-20 17:56:22,978 INFO L272 TraceCheckUtils]: 25: Hoare triple {25980#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {26037#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:22,978 INFO L290 TraceCheckUtils]: 26: Hoare triple {26037#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,978 INFO L290 TraceCheckUtils]: 27: Hoare triple {25980#true} assume !(1 == ~handle); {25980#true} is VALID [2022-02-20 17:56:22,978 INFO L290 TraceCheckUtils]: 28: Hoare triple {25980#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,978 INFO L290 TraceCheckUtils]: 29: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,978 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25980#true} {25980#true} #1253#return; {25980#true} is VALID [2022-02-20 17:56:22,978 INFO L290 TraceCheckUtils]: 31: Hoare triple {25980#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {26000#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:22,979 INFO L272 TraceCheckUtils]: 32: Hoare triple {26000#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {26036#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:22,980 INFO L290 TraceCheckUtils]: 33: Hoare triple {26036#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26038#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,980 INFO L290 TraceCheckUtils]: 34: Hoare triple {26038#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26038#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,980 INFO L290 TraceCheckUtils]: 35: Hoare triple {26038#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26038#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,981 INFO L290 TraceCheckUtils]: 36: Hoare triple {26038#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26039#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,981 INFO L290 TraceCheckUtils]: 37: Hoare triple {26039#(= 3 |setClientId_#in~handle|)} assume true; {26039#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:22,982 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {26039#(= 3 |setClientId_#in~handle|)} {26000#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1255#return; {26007#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:56:22,982 INFO L290 TraceCheckUtils]: 39: Hoare triple {26007#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {26007#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:56:22,983 INFO L272 TraceCheckUtils]: 40: Hoare triple {26007#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {26037#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:22,983 INFO L290 TraceCheckUtils]: 41: Hoare triple {26037#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26040#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:22,983 INFO L290 TraceCheckUtils]: 42: Hoare triple {26040#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26041#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:22,984 INFO L290 TraceCheckUtils]: 43: Hoare triple {26041#(= |setClientPrivateKey_#in~handle| 1)} assume true; {26041#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:22,984 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {26041#(= |setClientPrivateKey_#in~handle| 1)} {26007#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1257#return; {25981#false} is VALID [2022-02-20 17:56:22,984 INFO L290 TraceCheckUtils]: 45: Hoare triple {25981#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {25981#false} is VALID [2022-02-20 17:56:22,984 INFO L290 TraceCheckUtils]: 46: Hoare triple {25981#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet63#1, test_#t~nondet64#1, test_#t~nondet65#1, test_#t~nondet66#1, test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~16#1, test_~tmp___0~7#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~16#1;havoc test_~tmp___0~7#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25981#false} is VALID [2022-02-20 17:56:22,984 INFO L290 TraceCheckUtils]: 47: Hoare triple {25981#false} assume !false; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 48: Hoare triple {25981#false} assume test_~splverifierCounter~0#1 < 4; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 49: Hoare triple {25981#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 50: Hoare triple {25981#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet63#1 && test_#t~nondet63#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet63#1;havoc test_#t~nondet63#1; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 51: Hoare triple {25981#false} assume !(0 != test_~tmp___9~0#1); {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 52: Hoare triple {25981#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet64#1 && test_#t~nondet64#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet64#1;havoc test_#t~nondet64#1; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 53: Hoare triple {25981#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 54: Hoare triple {25981#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 55: Hoare triple {25981#false} assume { :end_inline_setClientAutoResponse } true; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 56: Hoare triple {25981#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 57: Hoare triple {25981#false} assume !false; {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 58: Hoare triple {25981#false} assume !(test_~splverifierCounter~0#1 < 4); {25981#false} is VALID [2022-02-20 17:56:22,985 INFO L290 TraceCheckUtils]: 59: Hoare triple {25981#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {25981#false} is VALID [2022-02-20 17:56:22,986 INFO L272 TraceCheckUtils]: 60: Hoare triple {25981#false} call sendEmail(~bob~0, ~rjh~0); {25981#false} is VALID [2022-02-20 17:56:22,986 INFO L290 TraceCheckUtils]: 61: Hoare triple {25981#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~14#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~4#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~4#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25981#false} is VALID [2022-02-20 17:56:22,986 INFO L272 TraceCheckUtils]: 62: Hoare triple {25981#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {26042#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:22,986 INFO L290 TraceCheckUtils]: 63: Hoare triple {26042#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,986 INFO L290 TraceCheckUtils]: 64: Hoare triple {25980#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,986 INFO L290 TraceCheckUtils]: 65: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,986 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {25980#true} {25981#false} #1191#return; {25981#false} is VALID [2022-02-20 17:56:22,986 INFO L272 TraceCheckUtils]: 67: Hoare triple {25981#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {26043#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:22,986 INFO L290 TraceCheckUtils]: 68: Hoare triple {26043#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,986 INFO L290 TraceCheckUtils]: 69: Hoare triple {25980#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,987 INFO L290 TraceCheckUtils]: 70: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,987 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {25980#true} {25981#false} #1193#return; {25981#false} is VALID [2022-02-20 17:56:22,987 INFO L290 TraceCheckUtils]: 72: Hoare triple {25981#false} createEmail_~retValue_acc~4#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~4#1; {25981#false} is VALID [2022-02-20 17:56:22,987 INFO L290 TraceCheckUtils]: 73: Hoare triple {25981#false} #t~ret57#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret57#1 && #t~ret57#1 <= 2147483647;~tmp~14#1 := #t~ret57#1;havoc #t~ret57#1;~email~0#1 := ~tmp~14#1; {25981#false} is VALID [2022-02-20 17:56:22,987 INFO L272 TraceCheckUtils]: 74: Hoare triple {25981#false} call outgoing(~sender#1, ~email~0#1); {25981#false} is VALID [2022-02-20 17:56:22,987 INFO L290 TraceCheckUtils]: 75: Hoare triple {25981#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~size~0#1;havoc ~tmp~9#1;havoc ~receiver~1#1;havoc ~tmp___0~5#1;havoc ~second~0#1;havoc ~tmp___1~2#1;havoc ~tmp___2~1#1; {25981#false} is VALID [2022-02-20 17:56:22,987 INFO L272 TraceCheckUtils]: 76: Hoare triple {25981#false} call #t~ret43#1 := getClientAddressBookSize(~client#1); {25980#true} is VALID [2022-02-20 17:56:22,987 INFO L290 TraceCheckUtils]: 77: Hoare triple {25980#true} ~handle := #in~handle;havoc ~retValue_acc~15; {25980#true} is VALID [2022-02-20 17:56:22,987 INFO L290 TraceCheckUtils]: 78: Hoare triple {25980#true} assume 1 == ~handle;~retValue_acc~15 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~15; {25980#true} is VALID [2022-02-20 17:56:22,987 INFO L290 TraceCheckUtils]: 79: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,987 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {25980#true} {25981#false} #1173#return; {25981#false} is VALID [2022-02-20 17:56:22,988 INFO L290 TraceCheckUtils]: 81: Hoare triple {25981#false} assume -2147483648 <= #t~ret43#1 && #t~ret43#1 <= 2147483647;~tmp~9#1 := #t~ret43#1;havoc #t~ret43#1;~size~0#1 := ~tmp~9#1; {25981#false} is VALID [2022-02-20 17:56:22,988 INFO L290 TraceCheckUtils]: 82: Hoare triple {25981#false} assume !(0 != ~size~0#1); {25981#false} is VALID [2022-02-20 17:56:22,988 INFO L272 TraceCheckUtils]: 83: Hoare triple {25981#false} call outgoing__wrappee__AutoResponder(~client#1, ~msg#1); {25981#false} is VALID [2022-02-20 17:56:22,988 INFO L290 TraceCheckUtils]: 84: Hoare triple {25981#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~0#1;havoc ~tmp___0~4#1; {25981#false} is VALID [2022-02-20 17:56:22,988 INFO L272 TraceCheckUtils]: 85: Hoare triple {25981#false} call #t~ret41#1 := getEmailTo(~msg#1); {25980#true} is VALID [2022-02-20 17:56:22,988 INFO L290 TraceCheckUtils]: 86: Hoare triple {25980#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25980#true} is VALID [2022-02-20 17:56:22,988 INFO L290 TraceCheckUtils]: 87: Hoare triple {25980#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25980#true} is VALID [2022-02-20 17:56:22,988 INFO L290 TraceCheckUtils]: 88: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,988 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {25980#true} {25981#false} #1205#return; {25981#false} is VALID [2022-02-20 17:56:22,988 INFO L290 TraceCheckUtils]: 90: Hoare triple {25981#false} assume -2147483648 <= #t~ret41#1 && #t~ret41#1 <= 2147483647;~tmp~8#1 := #t~ret41#1;havoc #t~ret41#1;~receiver~0#1 := ~tmp~8#1;assume { :begin_inline_findPublicKey } true;findPublicKey_#in~handle#1, findPublicKey_#in~userid#1 := ~client#1, ~receiver~0#1;havoc findPublicKey_#res#1;havoc findPublicKey_~handle#1, findPublicKey_~userid#1, findPublicKey_~retValue_acc~26#1;findPublicKey_~handle#1 := findPublicKey_#in~handle#1;findPublicKey_~userid#1 := findPublicKey_#in~userid#1;havoc findPublicKey_~retValue_acc~26#1; {25981#false} is VALID [2022-02-20 17:56:22,988 INFO L290 TraceCheckUtils]: 91: Hoare triple {25981#false} assume 1 == findPublicKey_~handle#1; {25981#false} is VALID [2022-02-20 17:56:22,989 INFO L290 TraceCheckUtils]: 92: Hoare triple {25981#false} assume findPublicKey_~userid#1 == ~__ste_Client_Keyring0_User0~0;findPublicKey_~retValue_acc~26#1 := ~__ste_Client_Keyring0_PublicKey0~0;findPublicKey_#res#1 := findPublicKey_~retValue_acc~26#1; {25981#false} is VALID [2022-02-20 17:56:22,989 INFO L290 TraceCheckUtils]: 93: Hoare triple {25981#false} #t~ret42#1 := findPublicKey_#res#1;assume { :end_inline_findPublicKey } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;~tmp___0~4#1 := #t~ret42#1;havoc #t~ret42#1;~pubkey~0#1 := ~tmp___0~4#1; {25981#false} is VALID [2022-02-20 17:56:22,989 INFO L290 TraceCheckUtils]: 94: Hoare triple {25981#false} assume !(0 != ~pubkey~0#1); {25981#false} is VALID [2022-02-20 17:56:22,989 INFO L290 TraceCheckUtils]: 95: Hoare triple {25981#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret40#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~28#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~28#1; {25981#false} is VALID [2022-02-20 17:56:22,989 INFO L290 TraceCheckUtils]: 96: Hoare triple {25981#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~28#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~28#1; {25981#false} is VALID [2022-02-20 17:56:22,989 INFO L290 TraceCheckUtils]: 97: Hoare triple {25981#false} outgoing__wrappee__Keys_#t~ret40#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret40#1 && outgoing__wrappee__Keys_#t~ret40#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret40#1;havoc outgoing__wrappee__Keys_#t~ret40#1; {25981#false} is VALID [2022-02-20 17:56:22,989 INFO L272 TraceCheckUtils]: 98: Hoare triple {25981#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {26042#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:22,989 INFO L290 TraceCheckUtils]: 99: Hoare triple {26042#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25980#true} is VALID [2022-02-20 17:56:22,989 INFO L290 TraceCheckUtils]: 100: Hoare triple {25980#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25980#true} is VALID [2022-02-20 17:56:22,989 INFO L290 TraceCheckUtils]: 101: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,989 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {25980#true} {25981#false} #1211#return; {25981#false} is VALID [2022-02-20 17:56:22,990 INFO L290 TraceCheckUtils]: 103: Hoare triple {25981#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret38#1, mail_#t~ret39#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret78#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 := puts(26, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret77#1; {25981#false} is VALID [2022-02-20 17:56:22,990 INFO L290 TraceCheckUtils]: 104: Hoare triple {25981#false} assume !(-1 == ~mail_is_sensitive~0); {25981#false} is VALID [2022-02-20 17:56:22,990 INFO L272 TraceCheckUtils]: 105: Hoare triple {25981#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {25980#true} is VALID [2022-02-20 17:56:22,990 INFO L290 TraceCheckUtils]: 106: Hoare triple {25980#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25980#true} is VALID [2022-02-20 17:56:22,990 INFO L290 TraceCheckUtils]: 107: Hoare triple {25980#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {25980#true} is VALID [2022-02-20 17:56:22,990 INFO L290 TraceCheckUtils]: 108: Hoare triple {25980#true} assume true; {25980#true} is VALID [2022-02-20 17:56:22,990 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {25980#true} {25981#false} #1215#return; {25981#false} is VALID [2022-02-20 17:56:22,990 INFO L290 TraceCheckUtils]: 110: Hoare triple {25981#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret79#1; {25981#false} is VALID [2022-02-20 17:56:22,990 INFO L290 TraceCheckUtils]: 111: Hoare triple {25981#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~19#1;assume { :begin_inline___automaton_fail } true; {25981#false} is VALID [2022-02-20 17:56:22,990 INFO L290 TraceCheckUtils]: 112: Hoare triple {25981#false} assume !false; {25981#false} is VALID [2022-02-20 17:56:22,991 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:56:22,991 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:22,991 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1827666789] [2022-02-20 17:56:22,991 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1827666789] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:22,991 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:22,991 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:56:22,991 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1521012460] [2022-02-20 17:56:22,992 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:22,992 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) Word has length 113 [2022-02-20 17:56:22,992 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:22,993 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 17:56:23,063 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:23,063 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:56:23,063 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:23,064 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:56:23,064 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:56:23,064 INFO L87 Difference]: Start difference. First operand 472 states and 738 transitions. Second operand has 12 states, 11 states have (on average 7.090909090909091) internal successors, (78), 8 states have internal predecessors, (78), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (12), 3 states have call predecessors, (12), 4 states have call successors, (12)