./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec1_product30.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec1_product30.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash c07a23e40b849b33d08a88f08826cd6b68b33a2f2aee4edabb68f594c2a0aef6 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:55:45,321 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:55:45,322 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:55:45,351 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:55:45,351 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:55:45,352 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:55:45,354 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:55:45,356 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:55:45,357 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:55:45,358 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:55:45,359 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:55:45,360 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:55:45,361 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:55:45,362 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:55:45,363 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:55:45,364 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:55:45,364 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:55:45,365 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:55:45,367 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:55:45,368 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:55:45,370 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:55:45,371 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:55:45,372 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:55:45,373 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:55:45,375 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:55:45,376 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:55:45,376 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:55:45,377 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:55:45,378 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:55:45,379 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:55:45,379 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:55:45,380 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:55:45,380 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:55:45,381 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:55:45,382 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:55:45,382 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:55:45,383 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:55:45,383 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:55:45,384 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:55:45,384 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:55:45,385 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:55:45,386 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:55:45,406 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:55:45,406 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:55:45,406 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:55:45,406 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:55:45,407 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:55:45,407 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:55:45,408 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:55:45,408 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:55:45,408 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:55:45,409 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:55:45,409 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:55:45,409 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:55:45,409 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:55:45,409 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:55:45,410 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:55:45,410 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:55:45,410 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:55:45,410 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:55:45,410 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:55:45,411 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:55:45,411 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:55:45,411 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:55:45,411 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:55:45,411 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:55:45,412 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:45,412 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:55:45,412 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:55:45,412 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:55:45,413 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:55:45,413 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:55:45,413 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:55:45,413 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:55:45,413 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:55:45,414 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> c07a23e40b849b33d08a88f08826cd6b68b33a2f2aee4edabb68f594c2a0aef6 [2022-02-20 17:55:45,618 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:55:45,641 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:55:45,644 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:55:45,645 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:55:45,646 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:55:45,647 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec1_product30.cil.c [2022-02-20 17:55:45,705 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9084ed6e0/b15e9b350a194cad902caf7e7520d764/FLAGaf09a225e [2022-02-20 17:55:46,291 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:55:46,292 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product30.cil.c [2022-02-20 17:55:46,316 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9084ed6e0/b15e9b350a194cad902caf7e7520d764/FLAGaf09a225e [2022-02-20 17:55:46,725 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/9084ed6e0/b15e9b350a194cad902caf7e7520d764 [2022-02-20 17:55:46,727 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:55:46,728 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:55:46,733 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:46,733 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:55:46,736 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:55:46,737 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:46" (1/1) ... [2022-02-20 17:55:46,738 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6aa4412f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:46, skipping insertion in model container [2022-02-20 17:55:46,739 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:46" (1/1) ... [2022-02-20 17:55:46,744 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:55:46,795 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:55:47,330 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product30.cil.c[58327,58340] [2022-02-20 17:55:47,344 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:47,357 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:55:47,471 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product30.cil.c[58327,58340] [2022-02-20 17:55:47,475 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:47,516 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:55:47,517 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47 WrapperNode [2022-02-20 17:55:47,517 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:47,519 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:47,519 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:55:47,519 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:55:47,525 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,561 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,633 INFO L137 Inliner]: procedures = 131, calls = 218, calls flagged for inlining = 60, calls inlined = 50, statements flattened = 909 [2022-02-20 17:55:47,634 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:47,634 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:55:47,635 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:55:47,635 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:55:47,642 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,642 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,649 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,649 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,682 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,688 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,693 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,700 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:55:47,701 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:55:47,701 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:55:47,702 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:55:47,703 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (1/1) ... [2022-02-20 17:55:47,716 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:47,736 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:47,759 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:55:47,762 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:55:47,790 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:55:47,790 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:55:47,790 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:55:47,790 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:55:47,791 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:55:47,791 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:55:47,791 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:55:47,791 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:55:47,791 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:55:47,791 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:55:47,791 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:55:47,791 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:55:47,792 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:55:47,792 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:55:47,792 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:55:47,792 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:55:47,792 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:55:47,792 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:55:47,792 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:55:47,793 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:55:47,793 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:55:47,793 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:55:47,793 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:55:47,793 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:55:47,793 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:55:47,793 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:55:47,794 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:55:47,794 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:55:47,794 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:55:47,794 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:55:47,794 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:55:47,794 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:55:47,794 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:55:47,794 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:55:47,795 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:55:47,795 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:55:47,795 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:55:47,795 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:55:47,795 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:55:47,795 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:55:47,795 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:55:47,796 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:55:47,796 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:55:47,796 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:55:47,796 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:55:47,796 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:55:47,796 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:55:47,796 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:55:47,796 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:55:47,797 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:55:47,797 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:55:48,046 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:55:48,048 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:55:48,806 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:55:48,822 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:55:48,823 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:55:48,826 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:48 BoogieIcfgContainer [2022-02-20 17:55:48,826 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:55:48,828 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:55:48,828 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:55:48,831 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:55:48,831 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:55:46" (1/3) ... [2022-02-20 17:55:48,832 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@706bd6f0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:48, skipping insertion in model container [2022-02-20 17:55:48,832 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:47" (2/3) ... [2022-02-20 17:55:48,832 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@706bd6f0 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:48, skipping insertion in model container [2022-02-20 17:55:48,833 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:48" (3/3) ... [2022-02-20 17:55:48,837 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec1_product30.cil.c [2022-02-20 17:55:48,842 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:55:48,842 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:55:48,880 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:55:48,886 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:55:48,897 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:55:48,930 INFO L276 IsEmpty]: Start isEmpty. Operand has 347 states, 269 states have (on average 1.516728624535316) internal successors, (408), 273 states have internal predecessors, (408), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) [2022-02-20 17:55:48,944 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 102 [2022-02-20 17:55:48,945 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:48,945 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:48,946 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:48,950 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:48,950 INFO L85 PathProgramCache]: Analyzing trace with hash -1478262703, now seen corresponding path program 1 times [2022-02-20 17:55:48,958 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:48,958 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1020772226] [2022-02-20 17:55:48,959 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:48,959 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:49,101 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,261 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:49,268 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,277 INFO L290 TraceCheckUtils]: 0: Hoare triple {406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,277 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,278 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,278 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {350#true} #1017#return; {350#true} is VALID [2022-02-20 17:55:49,286 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:49,288 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,292 INFO L290 TraceCheckUtils]: 0: Hoare triple {407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,293 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,293 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {350#true} #1019#return; {350#true} is VALID [2022-02-20 17:55:49,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:49,297 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,317 INFO L290 TraceCheckUtils]: 0: Hoare triple {406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:49,318 INFO L290 TraceCheckUtils]: 1: Hoare triple {408#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {409#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:49,319 INFO L290 TraceCheckUtils]: 2: Hoare triple {409#(= |setClientId_#in~handle| 1)} assume true; {409#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:49,320 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {409#(= |setClientId_#in~handle| 1)} {360#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1021#return; {351#false} is VALID [2022-02-20 17:55:49,320 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:49,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,327 INFO L290 TraceCheckUtils]: 0: Hoare triple {407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,327 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,327 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,328 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {351#false} #1023#return; {351#false} is VALID [2022-02-20 17:55:49,328 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:49,331 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,334 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,335 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,335 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {351#false} #1025#return; {351#false} is VALID [2022-02-20 17:55:49,335 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:49,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,341 INFO L290 TraceCheckUtils]: 0: Hoare triple {407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,342 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,342 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,342 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {351#false} #1027#return; {351#false} is VALID [2022-02-20 17:55:49,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:55:49,352 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,356 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,357 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,357 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {351#false} #1003#return; {351#false} is VALID [2022-02-20 17:55:49,366 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:55:49,368 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,371 INFO L290 TraceCheckUtils]: 0: Hoare triple {411#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,371 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,372 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,372 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {351#false} #1005#return; {351#false} is VALID [2022-02-20 17:55:49,372 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:55:49,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,378 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#true} ~handle := #in~handle;havoc ~retValue_acc~17; {350#true} is VALID [2022-02-20 17:55:49,378 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {350#true} is VALID [2022-02-20 17:55:49,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,379 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {351#false} #957#return; {351#false} is VALID [2022-02-20 17:55:49,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:55:49,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,384 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#true} ~handle := #in~handle;havoc ~retValue_acc~33; {350#true} is VALID [2022-02-20 17:55:49,384 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {350#true} is VALID [2022-02-20 17:55:49,384 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,385 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {351#false} #959#return; {351#false} is VALID [2022-02-20 17:55:49,385 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:55:49,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,390 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {350#true} is VALID [2022-02-20 17:55:49,391 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle; {350#true} is VALID [2022-02-20 17:55:49,391 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {350#true} is VALID [2022-02-20 17:55:49,391 INFO L290 TraceCheckUtils]: 3: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,391 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {350#true} {351#false} #961#return; {351#false} is VALID [2022-02-20 17:55:49,392 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:55:49,394 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,397 INFO L290 TraceCheckUtils]: 0: Hoare triple {410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,398 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,398 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {351#false} #967#return; {351#false} is VALID [2022-02-20 17:55:49,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:55:49,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,403 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#true} ~handle := #in~handle;havoc ~retValue_acc~36; {350#true} is VALID [2022-02-20 17:55:49,403 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {350#true} is VALID [2022-02-20 17:55:49,404 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,404 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {350#true} {351#false} #971#return; {351#false} is VALID [2022-02-20 17:55:49,405 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {350#true} is VALID [2022-02-20 17:55:49,405 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {350#true} is VALID [2022-02-20 17:55:49,406 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {350#true} is VALID [2022-02-20 17:55:49,406 INFO L290 TraceCheckUtils]: 3: Hoare triple {350#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {350#true} is VALID [2022-02-20 17:55:49,406 INFO L290 TraceCheckUtils]: 4: Hoare triple {350#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {350#true} is VALID [2022-02-20 17:55:49,406 INFO L290 TraceCheckUtils]: 5: Hoare triple {350#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {350#true} is VALID [2022-02-20 17:55:49,408 INFO L272 TraceCheckUtils]: 6: Hoare triple {350#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:49,408 INFO L290 TraceCheckUtils]: 7: Hoare triple {406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,408 INFO L290 TraceCheckUtils]: 8: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,408 INFO L290 TraceCheckUtils]: 9: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,409 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {350#true} {350#true} #1017#return; {350#true} is VALID [2022-02-20 17:55:49,409 INFO L290 TraceCheckUtils]: 11: Hoare triple {350#true} assume { :end_inline_setup_bob__wrappee__Base } true; {350#true} is VALID [2022-02-20 17:55:49,410 INFO L272 TraceCheckUtils]: 12: Hoare triple {350#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:49,410 INFO L290 TraceCheckUtils]: 13: Hoare triple {407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,410 INFO L290 TraceCheckUtils]: 14: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,411 INFO L290 TraceCheckUtils]: 15: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,411 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {350#true} {350#true} #1019#return; {350#true} is VALID [2022-02-20 17:55:49,412 INFO L290 TraceCheckUtils]: 17: Hoare triple {350#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {360#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:49,413 INFO L272 TraceCheckUtils]: 18: Hoare triple {360#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:49,413 INFO L290 TraceCheckUtils]: 19: Hoare triple {406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:49,414 INFO L290 TraceCheckUtils]: 20: Hoare triple {408#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {409#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:49,414 INFO L290 TraceCheckUtils]: 21: Hoare triple {409#(= |setClientId_#in~handle| 1)} assume true; {409#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:49,415 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {409#(= |setClientId_#in~handle| 1)} {360#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1021#return; {351#false} is VALID [2022-02-20 17:55:49,415 INFO L290 TraceCheckUtils]: 23: Hoare triple {351#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {351#false} is VALID [2022-02-20 17:55:49,415 INFO L272 TraceCheckUtils]: 24: Hoare triple {351#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:49,416 INFO L290 TraceCheckUtils]: 25: Hoare triple {407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,416 INFO L290 TraceCheckUtils]: 26: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,416 INFO L290 TraceCheckUtils]: 27: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,416 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {350#true} {351#false} #1023#return; {351#false} is VALID [2022-02-20 17:55:49,417 INFO L290 TraceCheckUtils]: 29: Hoare triple {351#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {351#false} is VALID [2022-02-20 17:55:49,417 INFO L272 TraceCheckUtils]: 30: Hoare triple {351#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:49,417 INFO L290 TraceCheckUtils]: 31: Hoare triple {406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,418 INFO L290 TraceCheckUtils]: 32: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,418 INFO L290 TraceCheckUtils]: 33: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,418 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {350#true} {351#false} #1025#return; {351#false} is VALID [2022-02-20 17:55:49,418 INFO L290 TraceCheckUtils]: 35: Hoare triple {351#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {351#false} is VALID [2022-02-20 17:55:49,419 INFO L272 TraceCheckUtils]: 36: Hoare triple {351#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:49,419 INFO L290 TraceCheckUtils]: 37: Hoare triple {407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,419 INFO L290 TraceCheckUtils]: 38: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,419 INFO L290 TraceCheckUtils]: 39: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,420 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {350#true} {351#false} #1027#return; {351#false} is VALID [2022-02-20 17:55:49,420 INFO L290 TraceCheckUtils]: 41: Hoare triple {351#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {351#false} is VALID [2022-02-20 17:55:49,420 INFO L290 TraceCheckUtils]: 42: Hoare triple {351#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {351#false} is VALID [2022-02-20 17:55:49,421 INFO L290 TraceCheckUtils]: 43: Hoare triple {351#false} assume false; {351#false} is VALID [2022-02-20 17:55:49,421 INFO L290 TraceCheckUtils]: 44: Hoare triple {351#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {351#false} is VALID [2022-02-20 17:55:49,421 INFO L272 TraceCheckUtils]: 45: Hoare triple {351#false} call sendEmail(~bob~0, ~rjh~0); {351#false} is VALID [2022-02-20 17:55:49,421 INFO L290 TraceCheckUtils]: 46: Hoare triple {351#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {351#false} is VALID [2022-02-20 17:55:49,422 INFO L272 TraceCheckUtils]: 47: Hoare triple {351#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:49,422 INFO L290 TraceCheckUtils]: 48: Hoare triple {410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,422 INFO L290 TraceCheckUtils]: 49: Hoare triple {350#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,422 INFO L290 TraceCheckUtils]: 50: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,423 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {350#true} {351#false} #1003#return; {351#false} is VALID [2022-02-20 17:55:49,423 INFO L272 TraceCheckUtils]: 52: Hoare triple {351#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {411#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:49,423 INFO L290 TraceCheckUtils]: 53: Hoare triple {411#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,423 INFO L290 TraceCheckUtils]: 54: Hoare triple {350#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,424 INFO L290 TraceCheckUtils]: 55: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,424 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {350#true} {351#false} #1005#return; {351#false} is VALID [2022-02-20 17:55:49,424 INFO L290 TraceCheckUtils]: 57: Hoare triple {351#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {351#false} is VALID [2022-02-20 17:55:49,424 INFO L290 TraceCheckUtils]: 58: Hoare triple {351#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {351#false} is VALID [2022-02-20 17:55:49,425 INFO L272 TraceCheckUtils]: 59: Hoare triple {351#false} call outgoing(~sender#1, ~email~0#1); {351#false} is VALID [2022-02-20 17:55:49,425 INFO L290 TraceCheckUtils]: 60: Hoare triple {351#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {351#false} is VALID [2022-02-20 17:55:49,425 INFO L272 TraceCheckUtils]: 61: Hoare triple {351#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {350#true} is VALID [2022-02-20 17:55:49,426 INFO L290 TraceCheckUtils]: 62: Hoare triple {350#true} ~handle := #in~handle;havoc ~retValue_acc~17; {350#true} is VALID [2022-02-20 17:55:49,426 INFO L290 TraceCheckUtils]: 63: Hoare triple {350#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {350#true} is VALID [2022-02-20 17:55:49,426 INFO L290 TraceCheckUtils]: 64: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,426 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {350#true} {351#false} #957#return; {351#false} is VALID [2022-02-20 17:55:49,427 INFO L290 TraceCheckUtils]: 66: Hoare triple {351#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {351#false} is VALID [2022-02-20 17:55:49,427 INFO L290 TraceCheckUtils]: 67: Hoare triple {351#false} assume 0 == sign_~privkey~1#1; {351#false} is VALID [2022-02-20 17:55:49,427 INFO L290 TraceCheckUtils]: 68: Hoare triple {351#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {351#false} is VALID [2022-02-20 17:55:49,427 INFO L272 TraceCheckUtils]: 69: Hoare triple {351#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {350#true} is VALID [2022-02-20 17:55:49,428 INFO L290 TraceCheckUtils]: 70: Hoare triple {350#true} ~handle := #in~handle;havoc ~retValue_acc~33; {350#true} is VALID [2022-02-20 17:55:49,428 INFO L290 TraceCheckUtils]: 71: Hoare triple {350#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {350#true} is VALID [2022-02-20 17:55:49,428 INFO L290 TraceCheckUtils]: 72: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,428 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {350#true} {351#false} #959#return; {351#false} is VALID [2022-02-20 17:55:49,429 INFO L290 TraceCheckUtils]: 74: Hoare triple {351#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {351#false} is VALID [2022-02-20 17:55:49,429 INFO L272 TraceCheckUtils]: 75: Hoare triple {351#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {350#true} is VALID [2022-02-20 17:55:49,429 INFO L290 TraceCheckUtils]: 76: Hoare triple {350#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {350#true} is VALID [2022-02-20 17:55:49,429 INFO L290 TraceCheckUtils]: 77: Hoare triple {350#true} assume 1 == ~handle; {350#true} is VALID [2022-02-20 17:55:49,430 INFO L290 TraceCheckUtils]: 78: Hoare triple {350#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {350#true} is VALID [2022-02-20 17:55:49,430 INFO L290 TraceCheckUtils]: 79: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,430 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {350#true} {351#false} #961#return; {351#false} is VALID [2022-02-20 17:55:49,430 INFO L290 TraceCheckUtils]: 81: Hoare triple {351#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {351#false} is VALID [2022-02-20 17:55:49,431 INFO L290 TraceCheckUtils]: 82: Hoare triple {351#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {351#false} is VALID [2022-02-20 17:55:49,431 INFO L290 TraceCheckUtils]: 83: Hoare triple {351#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {351#false} is VALID [2022-02-20 17:55:49,431 INFO L290 TraceCheckUtils]: 84: Hoare triple {351#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {351#false} is VALID [2022-02-20 17:55:49,431 INFO L290 TraceCheckUtils]: 85: Hoare triple {351#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {351#false} is VALID [2022-02-20 17:55:49,432 INFO L272 TraceCheckUtils]: 86: Hoare triple {351#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:49,432 INFO L290 TraceCheckUtils]: 87: Hoare triple {410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:49,432 INFO L290 TraceCheckUtils]: 88: Hoare triple {350#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:49,432 INFO L290 TraceCheckUtils]: 89: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,433 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {350#true} {351#false} #967#return; {351#false} is VALID [2022-02-20 17:55:49,433 INFO L290 TraceCheckUtils]: 91: Hoare triple {351#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {351#false} is VALID [2022-02-20 17:55:49,433 INFO L290 TraceCheckUtils]: 92: Hoare triple {351#false} assume !(-1 == ~mail_is_sensitive~0); {351#false} is VALID [2022-02-20 17:55:49,433 INFO L272 TraceCheckUtils]: 93: Hoare triple {351#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {350#true} is VALID [2022-02-20 17:55:49,434 INFO L290 TraceCheckUtils]: 94: Hoare triple {350#true} ~handle := #in~handle;havoc ~retValue_acc~36; {350#true} is VALID [2022-02-20 17:55:49,434 INFO L290 TraceCheckUtils]: 95: Hoare triple {350#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {350#true} is VALID [2022-02-20 17:55:49,434 INFO L290 TraceCheckUtils]: 96: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:49,434 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {350#true} {351#false} #971#return; {351#false} is VALID [2022-02-20 17:55:49,435 INFO L290 TraceCheckUtils]: 98: Hoare triple {351#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {351#false} is VALID [2022-02-20 17:55:49,435 INFO L290 TraceCheckUtils]: 99: Hoare triple {351#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {351#false} is VALID [2022-02-20 17:55:49,435 INFO L290 TraceCheckUtils]: 100: Hoare triple {351#false} assume !false; {351#false} is VALID [2022-02-20 17:55:49,436 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:49,437 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:49,437 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1020772226] [2022-02-20 17:55:49,438 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1020772226] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:49,438 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1968616569] [2022-02-20 17:55:49,438 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:49,438 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:49,439 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:49,443 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:49,464 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:55:49,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,761 INFO L263 TraceCheckSpWp]: Trace formula consists of 1051 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:55:49,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:49,827 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:50,064 INFO L290 TraceCheckUtils]: 0: Hoare triple {350#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {350#true} is VALID [2022-02-20 17:55:50,065 INFO L290 TraceCheckUtils]: 1: Hoare triple {350#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {350#true} is VALID [2022-02-20 17:55:50,065 INFO L290 TraceCheckUtils]: 2: Hoare triple {350#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {350#true} is VALID [2022-02-20 17:55:50,065 INFO L290 TraceCheckUtils]: 3: Hoare triple {350#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {350#true} is VALID [2022-02-20 17:55:50,065 INFO L290 TraceCheckUtils]: 4: Hoare triple {350#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {350#true} is VALID [2022-02-20 17:55:50,066 INFO L290 TraceCheckUtils]: 5: Hoare triple {350#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {350#true} is VALID [2022-02-20 17:55:50,066 INFO L272 TraceCheckUtils]: 6: Hoare triple {350#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {350#true} is VALID [2022-02-20 17:55:50,066 INFO L290 TraceCheckUtils]: 7: Hoare triple {350#true} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:50,066 INFO L290 TraceCheckUtils]: 8: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:50,067 INFO L290 TraceCheckUtils]: 9: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:50,067 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {350#true} {350#true} #1017#return; {350#true} is VALID [2022-02-20 17:55:50,067 INFO L290 TraceCheckUtils]: 11: Hoare triple {350#true} assume { :end_inline_setup_bob__wrappee__Base } true; {350#true} is VALID [2022-02-20 17:55:50,067 INFO L272 TraceCheckUtils]: 12: Hoare triple {350#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {350#true} is VALID [2022-02-20 17:55:50,068 INFO L290 TraceCheckUtils]: 13: Hoare triple {350#true} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:50,068 INFO L290 TraceCheckUtils]: 14: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:50,068 INFO L290 TraceCheckUtils]: 15: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:50,068 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {350#true} {350#true} #1019#return; {350#true} is VALID [2022-02-20 17:55:50,069 INFO L290 TraceCheckUtils]: 17: Hoare triple {350#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {350#true} is VALID [2022-02-20 17:55:50,069 INFO L272 TraceCheckUtils]: 18: Hoare triple {350#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {350#true} is VALID [2022-02-20 17:55:50,069 INFO L290 TraceCheckUtils]: 19: Hoare triple {350#true} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:50,069 INFO L290 TraceCheckUtils]: 20: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:50,070 INFO L290 TraceCheckUtils]: 21: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:50,070 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {350#true} {350#true} #1021#return; {350#true} is VALID [2022-02-20 17:55:50,070 INFO L290 TraceCheckUtils]: 23: Hoare triple {350#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {350#true} is VALID [2022-02-20 17:55:50,070 INFO L272 TraceCheckUtils]: 24: Hoare triple {350#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {350#true} is VALID [2022-02-20 17:55:50,071 INFO L290 TraceCheckUtils]: 25: Hoare triple {350#true} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:50,071 INFO L290 TraceCheckUtils]: 26: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:50,071 INFO L290 TraceCheckUtils]: 27: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:50,071 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {350#true} {350#true} #1023#return; {350#true} is VALID [2022-02-20 17:55:50,072 INFO L290 TraceCheckUtils]: 29: Hoare triple {350#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {350#true} is VALID [2022-02-20 17:55:50,072 INFO L272 TraceCheckUtils]: 30: Hoare triple {350#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {350#true} is VALID [2022-02-20 17:55:50,072 INFO L290 TraceCheckUtils]: 31: Hoare triple {350#true} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:50,072 INFO L290 TraceCheckUtils]: 32: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:50,072 INFO L290 TraceCheckUtils]: 33: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:50,073 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {350#true} {350#true} #1025#return; {350#true} is VALID [2022-02-20 17:55:50,073 INFO L290 TraceCheckUtils]: 35: Hoare triple {350#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {350#true} is VALID [2022-02-20 17:55:50,073 INFO L272 TraceCheckUtils]: 36: Hoare triple {350#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {350#true} is VALID [2022-02-20 17:55:50,073 INFO L290 TraceCheckUtils]: 37: Hoare triple {350#true} ~handle := #in~handle;~value := #in~value; {350#true} is VALID [2022-02-20 17:55:50,074 INFO L290 TraceCheckUtils]: 38: Hoare triple {350#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {350#true} is VALID [2022-02-20 17:55:50,074 INFO L290 TraceCheckUtils]: 39: Hoare triple {350#true} assume true; {350#true} is VALID [2022-02-20 17:55:50,074 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {350#true} {350#true} #1027#return; {350#true} is VALID [2022-02-20 17:55:50,074 INFO L290 TraceCheckUtils]: 41: Hoare triple {350#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {350#true} is VALID [2022-02-20 17:55:50,074 INFO L290 TraceCheckUtils]: 42: Hoare triple {350#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {350#true} is VALID [2022-02-20 17:55:50,075 INFO L290 TraceCheckUtils]: 43: Hoare triple {350#true} assume false; {351#false} is VALID [2022-02-20 17:55:50,075 INFO L290 TraceCheckUtils]: 44: Hoare triple {351#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {351#false} is VALID [2022-02-20 17:55:50,076 INFO L272 TraceCheckUtils]: 45: Hoare triple {351#false} call sendEmail(~bob~0, ~rjh~0); {351#false} is VALID [2022-02-20 17:55:50,076 INFO L290 TraceCheckUtils]: 46: Hoare triple {351#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {351#false} is VALID [2022-02-20 17:55:50,076 INFO L272 TraceCheckUtils]: 47: Hoare triple {351#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {351#false} is VALID [2022-02-20 17:55:50,076 INFO L290 TraceCheckUtils]: 48: Hoare triple {351#false} ~handle := #in~handle;~value := #in~value; {351#false} is VALID [2022-02-20 17:55:50,076 INFO L290 TraceCheckUtils]: 49: Hoare triple {351#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {351#false} is VALID [2022-02-20 17:55:50,077 INFO L290 TraceCheckUtils]: 50: Hoare triple {351#false} assume true; {351#false} is VALID [2022-02-20 17:55:50,077 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {351#false} {351#false} #1003#return; {351#false} is VALID [2022-02-20 17:55:50,077 INFO L272 TraceCheckUtils]: 52: Hoare triple {351#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {351#false} is VALID [2022-02-20 17:55:50,077 INFO L290 TraceCheckUtils]: 53: Hoare triple {351#false} ~handle := #in~handle;~value := #in~value; {351#false} is VALID [2022-02-20 17:55:50,078 INFO L290 TraceCheckUtils]: 54: Hoare triple {351#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {351#false} is VALID [2022-02-20 17:55:50,078 INFO L290 TraceCheckUtils]: 55: Hoare triple {351#false} assume true; {351#false} is VALID [2022-02-20 17:55:50,078 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {351#false} {351#false} #1005#return; {351#false} is VALID [2022-02-20 17:55:50,078 INFO L290 TraceCheckUtils]: 57: Hoare triple {351#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {351#false} is VALID [2022-02-20 17:55:50,079 INFO L290 TraceCheckUtils]: 58: Hoare triple {351#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {351#false} is VALID [2022-02-20 17:55:50,079 INFO L272 TraceCheckUtils]: 59: Hoare triple {351#false} call outgoing(~sender#1, ~email~0#1); {351#false} is VALID [2022-02-20 17:55:50,079 INFO L290 TraceCheckUtils]: 60: Hoare triple {351#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {351#false} is VALID [2022-02-20 17:55:50,079 INFO L272 TraceCheckUtils]: 61: Hoare triple {351#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {351#false} is VALID [2022-02-20 17:55:50,080 INFO L290 TraceCheckUtils]: 62: Hoare triple {351#false} ~handle := #in~handle;havoc ~retValue_acc~17; {351#false} is VALID [2022-02-20 17:55:50,080 INFO L290 TraceCheckUtils]: 63: Hoare triple {351#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {351#false} is VALID [2022-02-20 17:55:50,080 INFO L290 TraceCheckUtils]: 64: Hoare triple {351#false} assume true; {351#false} is VALID [2022-02-20 17:55:50,080 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {351#false} {351#false} #957#return; {351#false} is VALID [2022-02-20 17:55:50,080 INFO L290 TraceCheckUtils]: 66: Hoare triple {351#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {351#false} is VALID [2022-02-20 17:55:50,081 INFO L290 TraceCheckUtils]: 67: Hoare triple {351#false} assume 0 == sign_~privkey~1#1; {351#false} is VALID [2022-02-20 17:55:50,081 INFO L290 TraceCheckUtils]: 68: Hoare triple {351#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {351#false} is VALID [2022-02-20 17:55:50,081 INFO L272 TraceCheckUtils]: 69: Hoare triple {351#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {351#false} is VALID [2022-02-20 17:55:50,081 INFO L290 TraceCheckUtils]: 70: Hoare triple {351#false} ~handle := #in~handle;havoc ~retValue_acc~33; {351#false} is VALID [2022-02-20 17:55:50,082 INFO L290 TraceCheckUtils]: 71: Hoare triple {351#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {351#false} is VALID [2022-02-20 17:55:50,082 INFO L290 TraceCheckUtils]: 72: Hoare triple {351#false} assume true; {351#false} is VALID [2022-02-20 17:55:50,082 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {351#false} {351#false} #959#return; {351#false} is VALID [2022-02-20 17:55:50,082 INFO L290 TraceCheckUtils]: 74: Hoare triple {351#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {351#false} is VALID [2022-02-20 17:55:50,082 INFO L272 TraceCheckUtils]: 75: Hoare triple {351#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {351#false} is VALID [2022-02-20 17:55:50,083 INFO L290 TraceCheckUtils]: 76: Hoare triple {351#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {351#false} is VALID [2022-02-20 17:55:50,083 INFO L290 TraceCheckUtils]: 77: Hoare triple {351#false} assume 1 == ~handle; {351#false} is VALID [2022-02-20 17:55:50,083 INFO L290 TraceCheckUtils]: 78: Hoare triple {351#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {351#false} is VALID [2022-02-20 17:55:50,083 INFO L290 TraceCheckUtils]: 79: Hoare triple {351#false} assume true; {351#false} is VALID [2022-02-20 17:55:50,084 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {351#false} {351#false} #961#return; {351#false} is VALID [2022-02-20 17:55:50,084 INFO L290 TraceCheckUtils]: 81: Hoare triple {351#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {351#false} is VALID [2022-02-20 17:55:50,084 INFO L290 TraceCheckUtils]: 82: Hoare triple {351#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {351#false} is VALID [2022-02-20 17:55:50,084 INFO L290 TraceCheckUtils]: 83: Hoare triple {351#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {351#false} is VALID [2022-02-20 17:55:50,084 INFO L290 TraceCheckUtils]: 84: Hoare triple {351#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {351#false} is VALID [2022-02-20 17:55:50,085 INFO L290 TraceCheckUtils]: 85: Hoare triple {351#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {351#false} is VALID [2022-02-20 17:55:50,085 INFO L272 TraceCheckUtils]: 86: Hoare triple {351#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {351#false} is VALID [2022-02-20 17:55:50,085 INFO L290 TraceCheckUtils]: 87: Hoare triple {351#false} ~handle := #in~handle;~value := #in~value; {351#false} is VALID [2022-02-20 17:55:50,085 INFO L290 TraceCheckUtils]: 88: Hoare triple {351#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {351#false} is VALID [2022-02-20 17:55:50,086 INFO L290 TraceCheckUtils]: 89: Hoare triple {351#false} assume true; {351#false} is VALID [2022-02-20 17:55:50,086 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {351#false} {351#false} #967#return; {351#false} is VALID [2022-02-20 17:55:50,086 INFO L290 TraceCheckUtils]: 91: Hoare triple {351#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {351#false} is VALID [2022-02-20 17:55:50,086 INFO L290 TraceCheckUtils]: 92: Hoare triple {351#false} assume !(-1 == ~mail_is_sensitive~0); {351#false} is VALID [2022-02-20 17:55:50,087 INFO L272 TraceCheckUtils]: 93: Hoare triple {351#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {351#false} is VALID [2022-02-20 17:55:50,087 INFO L290 TraceCheckUtils]: 94: Hoare triple {351#false} ~handle := #in~handle;havoc ~retValue_acc~36; {351#false} is VALID [2022-02-20 17:55:50,087 INFO L290 TraceCheckUtils]: 95: Hoare triple {351#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {351#false} is VALID [2022-02-20 17:55:50,087 INFO L290 TraceCheckUtils]: 96: Hoare triple {351#false} assume true; {351#false} is VALID [2022-02-20 17:55:50,087 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {351#false} {351#false} #971#return; {351#false} is VALID [2022-02-20 17:55:50,088 INFO L290 TraceCheckUtils]: 98: Hoare triple {351#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {351#false} is VALID [2022-02-20 17:55:50,088 INFO L290 TraceCheckUtils]: 99: Hoare triple {351#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {351#false} is VALID [2022-02-20 17:55:50,088 INFO L290 TraceCheckUtils]: 100: Hoare triple {351#false} assume !false; {351#false} is VALID [2022-02-20 17:55:50,089 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:50,089 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:50,089 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1968616569] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:50,089 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:50,090 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:55:50,092 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [159303701] [2022-02-20 17:55:50,093 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:50,097 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 101 [2022-02-20 17:55:50,100 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:50,104 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:50,178 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 86 edges. 86 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:50,178 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:55:50,179 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:50,196 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:55:50,197 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:50,201 INFO L87 Difference]: Start difference. First operand has 347 states, 269 states have (on average 1.516728624535316) internal successors, (408), 273 states have internal predecessors, (408), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (53), 53 states have call predecessors, (53), 53 states have call successors, (53) Second operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:50,575 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:50,575 INFO L93 Difference]: Finished difference Result 540 states and 782 transitions. [2022-02-20 17:55:50,576 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:55:50,576 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 101 [2022-02-20 17:55:50,577 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:50,578 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:50,603 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 782 transitions. [2022-02-20 17:55:50,603 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:50,622 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 782 transitions. [2022-02-20 17:55:50,622 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 782 transitions. [2022-02-20 17:55:51,288 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 782 edges. 782 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:51,324 INFO L225 Difference]: With dead ends: 540 [2022-02-20 17:55:51,324 INFO L226 Difference]: Without dead ends: 340 [2022-02-20 17:55:51,333 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:51,338 INFO L933 BasicCegarLoop]: 510 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 510 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:51,341 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 510 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:51,358 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 340 states. [2022-02-20 17:55:51,411 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 340 to 340. [2022-02-20 17:55:51,412 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:51,417 INFO L82 GeneralOperation]: Start isEquivalent. First operand 340 states. Second operand has 340 states, 263 states have (on average 1.5095057034220531) internal successors, (397), 266 states have internal predecessors, (397), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 17:55:51,422 INFO L74 IsIncluded]: Start isIncluded. First operand 340 states. Second operand has 340 states, 263 states have (on average 1.5095057034220531) internal successors, (397), 266 states have internal predecessors, (397), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 17:55:51,424 INFO L87 Difference]: Start difference. First operand 340 states. Second operand has 340 states, 263 states have (on average 1.5095057034220531) internal successors, (397), 266 states have internal predecessors, (397), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 17:55:51,451 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:51,451 INFO L93 Difference]: Finished difference Result 340 states and 502 transitions. [2022-02-20 17:55:51,451 INFO L276 IsEmpty]: Start isEmpty. Operand 340 states and 502 transitions. [2022-02-20 17:55:51,459 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:51,459 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:51,463 INFO L74 IsIncluded]: Start isIncluded. First operand has 340 states, 263 states have (on average 1.5095057034220531) internal successors, (397), 266 states have internal predecessors, (397), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) Second operand 340 states. [2022-02-20 17:55:51,464 INFO L87 Difference]: Start difference. First operand has 340 states, 263 states have (on average 1.5095057034220531) internal successors, (397), 266 states have internal predecessors, (397), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) Second operand 340 states. [2022-02-20 17:55:51,484 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:51,484 INFO L93 Difference]: Finished difference Result 340 states and 502 transitions. [2022-02-20 17:55:51,484 INFO L276 IsEmpty]: Start isEmpty. Operand 340 states and 502 transitions. [2022-02-20 17:55:51,486 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:51,486 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:51,486 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:51,487 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:51,489 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 340 states, 263 states have (on average 1.5095057034220531) internal successors, (397), 266 states have internal predecessors, (397), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 17:55:51,511 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 340 states to 340 states and 502 transitions. [2022-02-20 17:55:51,513 INFO L78 Accepts]: Start accepts. Automaton has 340 states and 502 transitions. Word has length 101 [2022-02-20 17:55:51,514 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:51,514 INFO L470 AbstractCegarLoop]: Abstraction has 340 states and 502 transitions. [2022-02-20 17:55:51,515 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 29.0) internal successors, (58), 2 states have internal predecessors, (58), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:51,515 INFO L276 IsEmpty]: Start isEmpty. Operand 340 states and 502 transitions. [2022-02-20 17:55:51,518 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-02-20 17:55:51,518 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:51,518 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:51,548 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:51,737 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:55:51,737 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:51,738 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:51,738 INFO L85 PathProgramCache]: Analyzing trace with hash -1284030147, now seen corresponding path program 1 times [2022-02-20 17:55:51,738 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:51,739 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [105183796] [2022-02-20 17:55:51,739 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:51,739 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:51,784 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,829 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:51,831 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,839 INFO L290 TraceCheckUtils]: 0: Hoare triple {2670#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,840 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,840 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,840 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2614#true} #1017#return; {2614#true} is VALID [2022-02-20 17:55:51,846 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:51,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,850 INFO L290 TraceCheckUtils]: 0: Hoare triple {2671#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,851 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,851 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2614#true} #1019#return; {2614#true} is VALID [2022-02-20 17:55:51,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:51,854 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,868 INFO L290 TraceCheckUtils]: 0: Hoare triple {2670#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2672#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:51,869 INFO L290 TraceCheckUtils]: 1: Hoare triple {2672#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2673#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:51,869 INFO L290 TraceCheckUtils]: 2: Hoare triple {2673#(= |setClientId_#in~handle| 1)} assume true; {2673#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:51,870 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2673#(= |setClientId_#in~handle| 1)} {2624#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1021#return; {2615#false} is VALID [2022-02-20 17:55:51,870 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:51,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,875 INFO L290 TraceCheckUtils]: 0: Hoare triple {2671#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,875 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,875 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,876 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2615#false} #1023#return; {2615#false} is VALID [2022-02-20 17:55:51,876 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:51,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,881 INFO L290 TraceCheckUtils]: 0: Hoare triple {2670#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,882 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,882 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2615#false} #1025#return; {2615#false} is VALID [2022-02-20 17:55:51,882 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:51,884 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,886 INFO L290 TraceCheckUtils]: 0: Hoare triple {2671#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,887 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,887 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2615#false} #1027#return; {2615#false} is VALID [2022-02-20 17:55:51,894 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:55:51,896 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,898 INFO L290 TraceCheckUtils]: 0: Hoare triple {2674#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,898 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,898 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,899 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2615#false} #1003#return; {2615#false} is VALID [2022-02-20 17:55:51,906 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:55:51,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,910 INFO L290 TraceCheckUtils]: 0: Hoare triple {2675#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,911 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2615#false} #1005#return; {2615#false} is VALID [2022-02-20 17:55:51,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:55:51,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {2614#true} ~handle := #in~handle;havoc ~retValue_acc~17; {2614#true} is VALID [2022-02-20 17:55:51,916 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {2614#true} is VALID [2022-02-20 17:55:51,916 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,916 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2615#false} #957#return; {2615#false} is VALID [2022-02-20 17:55:51,916 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:55:51,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {2614#true} ~handle := #in~handle;havoc ~retValue_acc~33; {2614#true} is VALID [2022-02-20 17:55:51,920 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {2614#true} is VALID [2022-02-20 17:55:51,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,921 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2615#false} #959#return; {2615#false} is VALID [2022-02-20 17:55:51,921 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:55:51,922 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {2614#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {2614#true} is VALID [2022-02-20 17:55:51,925 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle; {2614#true} is VALID [2022-02-20 17:55:51,925 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {2614#true} is VALID [2022-02-20 17:55:51,926 INFO L290 TraceCheckUtils]: 3: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,926 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2614#true} {2615#false} #961#return; {2615#false} is VALID [2022-02-20 17:55:51,926 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:55:51,927 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,930 INFO L290 TraceCheckUtils]: 0: Hoare triple {2674#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,930 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,931 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,931 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2615#false} #967#return; {2615#false} is VALID [2022-02-20 17:55:51,931 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:55:51,932 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:51,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {2614#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2614#true} is VALID [2022-02-20 17:55:51,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {2614#true} is VALID [2022-02-20 17:55:51,936 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,936 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2614#true} {2615#false} #971#return; {2615#false} is VALID [2022-02-20 17:55:51,936 INFO L290 TraceCheckUtils]: 0: Hoare triple {2614#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2614#true} is VALID [2022-02-20 17:55:51,936 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {2614#true} is VALID [2022-02-20 17:55:51,937 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2614#true} is VALID [2022-02-20 17:55:51,938 INFO L290 TraceCheckUtils]: 3: Hoare triple {2614#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {2614#true} is VALID [2022-02-20 17:55:51,939 INFO L290 TraceCheckUtils]: 4: Hoare triple {2614#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {2614#true} is VALID [2022-02-20 17:55:51,939 INFO L290 TraceCheckUtils]: 5: Hoare triple {2614#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2614#true} is VALID [2022-02-20 17:55:51,940 INFO L272 TraceCheckUtils]: 6: Hoare triple {2614#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2670#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:51,940 INFO L290 TraceCheckUtils]: 7: Hoare triple {2670#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,940 INFO L290 TraceCheckUtils]: 8: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,941 INFO L290 TraceCheckUtils]: 9: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,941 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2614#true} {2614#true} #1017#return; {2614#true} is VALID [2022-02-20 17:55:51,941 INFO L290 TraceCheckUtils]: 11: Hoare triple {2614#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2614#true} is VALID [2022-02-20 17:55:51,942 INFO L272 TraceCheckUtils]: 12: Hoare triple {2614#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2671#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:51,942 INFO L290 TraceCheckUtils]: 13: Hoare triple {2671#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,942 INFO L290 TraceCheckUtils]: 14: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,942 INFO L290 TraceCheckUtils]: 15: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,942 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2614#true} {2614#true} #1019#return; {2614#true} is VALID [2022-02-20 17:55:51,943 INFO L290 TraceCheckUtils]: 17: Hoare triple {2614#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2624#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:51,944 INFO L272 TraceCheckUtils]: 18: Hoare triple {2624#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2670#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:51,944 INFO L290 TraceCheckUtils]: 19: Hoare triple {2670#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2672#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:51,945 INFO L290 TraceCheckUtils]: 20: Hoare triple {2672#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2673#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:51,945 INFO L290 TraceCheckUtils]: 21: Hoare triple {2673#(= |setClientId_#in~handle| 1)} assume true; {2673#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:51,946 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2673#(= |setClientId_#in~handle| 1)} {2624#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1021#return; {2615#false} is VALID [2022-02-20 17:55:51,946 INFO L290 TraceCheckUtils]: 23: Hoare triple {2615#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2615#false} is VALID [2022-02-20 17:55:51,946 INFO L272 TraceCheckUtils]: 24: Hoare triple {2615#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2671#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:51,946 INFO L290 TraceCheckUtils]: 25: Hoare triple {2671#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,946 INFO L290 TraceCheckUtils]: 26: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,947 INFO L290 TraceCheckUtils]: 27: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,947 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2614#true} {2615#false} #1023#return; {2615#false} is VALID [2022-02-20 17:55:51,947 INFO L290 TraceCheckUtils]: 29: Hoare triple {2615#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2615#false} is VALID [2022-02-20 17:55:51,947 INFO L272 TraceCheckUtils]: 30: Hoare triple {2615#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2670#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:51,947 INFO L290 TraceCheckUtils]: 31: Hoare triple {2670#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,947 INFO L290 TraceCheckUtils]: 32: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,948 INFO L290 TraceCheckUtils]: 33: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,948 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2614#true} {2615#false} #1025#return; {2615#false} is VALID [2022-02-20 17:55:51,948 INFO L290 TraceCheckUtils]: 35: Hoare triple {2615#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2615#false} is VALID [2022-02-20 17:55:51,948 INFO L272 TraceCheckUtils]: 36: Hoare triple {2615#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2671#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:51,948 INFO L290 TraceCheckUtils]: 37: Hoare triple {2671#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,949 INFO L290 TraceCheckUtils]: 38: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,949 INFO L290 TraceCheckUtils]: 39: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,949 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2614#true} {2615#false} #1027#return; {2615#false} is VALID [2022-02-20 17:55:51,949 INFO L290 TraceCheckUtils]: 41: Hoare triple {2615#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {2615#false} is VALID [2022-02-20 17:55:51,950 INFO L290 TraceCheckUtils]: 42: Hoare triple {2615#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2615#false} is VALID [2022-02-20 17:55:51,950 INFO L290 TraceCheckUtils]: 43: Hoare triple {2615#false} assume !false; {2615#false} is VALID [2022-02-20 17:55:51,950 INFO L290 TraceCheckUtils]: 44: Hoare triple {2615#false} assume !(test_~splverifierCounter~0#1 < 4); {2615#false} is VALID [2022-02-20 17:55:51,950 INFO L290 TraceCheckUtils]: 45: Hoare triple {2615#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {2615#false} is VALID [2022-02-20 17:55:51,950 INFO L272 TraceCheckUtils]: 46: Hoare triple {2615#false} call sendEmail(~bob~0, ~rjh~0); {2615#false} is VALID [2022-02-20 17:55:51,951 INFO L290 TraceCheckUtils]: 47: Hoare triple {2615#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2615#false} is VALID [2022-02-20 17:55:51,951 INFO L272 TraceCheckUtils]: 48: Hoare triple {2615#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2674#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:51,951 INFO L290 TraceCheckUtils]: 49: Hoare triple {2674#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,951 INFO L290 TraceCheckUtils]: 50: Hoare triple {2614#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,951 INFO L290 TraceCheckUtils]: 51: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,951 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2614#true} {2615#false} #1003#return; {2615#false} is VALID [2022-02-20 17:55:51,952 INFO L272 TraceCheckUtils]: 53: Hoare triple {2615#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2675#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:51,952 INFO L290 TraceCheckUtils]: 54: Hoare triple {2675#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,952 INFO L290 TraceCheckUtils]: 55: Hoare triple {2614#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,952 INFO L290 TraceCheckUtils]: 56: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,952 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2614#true} {2615#false} #1005#return; {2615#false} is VALID [2022-02-20 17:55:51,953 INFO L290 TraceCheckUtils]: 58: Hoare triple {2615#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {2615#false} is VALID [2022-02-20 17:55:51,953 INFO L290 TraceCheckUtils]: 59: Hoare triple {2615#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {2615#false} is VALID [2022-02-20 17:55:51,958 INFO L272 TraceCheckUtils]: 60: Hoare triple {2615#false} call outgoing(~sender#1, ~email~0#1); {2615#false} is VALID [2022-02-20 17:55:51,960 INFO L290 TraceCheckUtils]: 61: Hoare triple {2615#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {2615#false} is VALID [2022-02-20 17:55:51,961 INFO L272 TraceCheckUtils]: 62: Hoare triple {2615#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {2614#true} is VALID [2022-02-20 17:55:51,964 INFO L290 TraceCheckUtils]: 63: Hoare triple {2614#true} ~handle := #in~handle;havoc ~retValue_acc~17; {2614#true} is VALID [2022-02-20 17:55:51,964 INFO L290 TraceCheckUtils]: 64: Hoare triple {2614#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {2614#true} is VALID [2022-02-20 17:55:51,965 INFO L290 TraceCheckUtils]: 65: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,966 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2614#true} {2615#false} #957#return; {2615#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 67: Hoare triple {2615#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {2615#false} is VALID [2022-02-20 17:55:51,966 INFO L290 TraceCheckUtils]: 68: Hoare triple {2615#false} assume 0 == sign_~privkey~1#1; {2615#false} is VALID [2022-02-20 17:55:51,967 INFO L290 TraceCheckUtils]: 69: Hoare triple {2615#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {2615#false} is VALID [2022-02-20 17:55:51,968 INFO L272 TraceCheckUtils]: 70: Hoare triple {2615#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {2614#true} is VALID [2022-02-20 17:55:51,968 INFO L290 TraceCheckUtils]: 71: Hoare triple {2614#true} ~handle := #in~handle;havoc ~retValue_acc~33; {2614#true} is VALID [2022-02-20 17:55:51,968 INFO L290 TraceCheckUtils]: 72: Hoare triple {2614#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {2614#true} is VALID [2022-02-20 17:55:51,968 INFO L290 TraceCheckUtils]: 73: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,969 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2614#true} {2615#false} #959#return; {2615#false} is VALID [2022-02-20 17:55:51,972 INFO L290 TraceCheckUtils]: 75: Hoare triple {2615#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {2615#false} is VALID [2022-02-20 17:55:51,972 INFO L272 TraceCheckUtils]: 76: Hoare triple {2615#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {2614#true} is VALID [2022-02-20 17:55:51,972 INFO L290 TraceCheckUtils]: 77: Hoare triple {2614#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {2614#true} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 78: Hoare triple {2614#true} assume 1 == ~handle; {2614#true} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 79: Hoare triple {2614#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {2614#true} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 80: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,973 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2614#true} {2615#false} #961#return; {2615#false} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 82: Hoare triple {2615#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {2615#false} is VALID [2022-02-20 17:55:51,973 INFO L290 TraceCheckUtils]: 83: Hoare triple {2615#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {2615#false} is VALID [2022-02-20 17:55:51,974 INFO L290 TraceCheckUtils]: 84: Hoare triple {2615#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {2615#false} is VALID [2022-02-20 17:55:51,974 INFO L290 TraceCheckUtils]: 85: Hoare triple {2615#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {2615#false} is VALID [2022-02-20 17:55:51,974 INFO L290 TraceCheckUtils]: 86: Hoare triple {2615#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {2615#false} is VALID [2022-02-20 17:55:51,974 INFO L272 TraceCheckUtils]: 87: Hoare triple {2615#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {2674#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:51,974 INFO L290 TraceCheckUtils]: 88: Hoare triple {2674#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:51,974 INFO L290 TraceCheckUtils]: 89: Hoare triple {2614#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:51,975 INFO L290 TraceCheckUtils]: 90: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,975 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2614#true} {2615#false} #967#return; {2615#false} is VALID [2022-02-20 17:55:51,975 INFO L290 TraceCheckUtils]: 92: Hoare triple {2615#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {2615#false} is VALID [2022-02-20 17:55:51,975 INFO L290 TraceCheckUtils]: 93: Hoare triple {2615#false} assume !(-1 == ~mail_is_sensitive~0); {2615#false} is VALID [2022-02-20 17:55:51,975 INFO L272 TraceCheckUtils]: 94: Hoare triple {2615#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {2614#true} is VALID [2022-02-20 17:55:51,976 INFO L290 TraceCheckUtils]: 95: Hoare triple {2614#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2614#true} is VALID [2022-02-20 17:55:51,976 INFO L290 TraceCheckUtils]: 96: Hoare triple {2614#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {2614#true} is VALID [2022-02-20 17:55:51,976 INFO L290 TraceCheckUtils]: 97: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:51,976 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {2614#true} {2615#false} #971#return; {2615#false} is VALID [2022-02-20 17:55:51,976 INFO L290 TraceCheckUtils]: 99: Hoare triple {2615#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {2615#false} is VALID [2022-02-20 17:55:51,976 INFO L290 TraceCheckUtils]: 100: Hoare triple {2615#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {2615#false} is VALID [2022-02-20 17:55:51,976 INFO L290 TraceCheckUtils]: 101: Hoare triple {2615#false} assume !false; {2615#false} is VALID [2022-02-20 17:55:51,978 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:51,979 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:51,979 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [105183796] [2022-02-20 17:55:51,979 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [105183796] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:51,980 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2127523406] [2022-02-20 17:55:51,981 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:51,981 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:51,981 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:51,984 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:51,992 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:55:52,247 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,251 INFO L263 TraceCheckSpWp]: Trace formula consists of 1052 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:55:52,321 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:52,324 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:52,591 INFO L290 TraceCheckUtils]: 0: Hoare triple {2614#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2614#true} is VALID [2022-02-20 17:55:52,591 INFO L290 TraceCheckUtils]: 1: Hoare triple {2614#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {2614#true} is VALID [2022-02-20 17:55:52,592 INFO L290 TraceCheckUtils]: 2: Hoare triple {2614#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2614#true} is VALID [2022-02-20 17:55:52,592 INFO L290 TraceCheckUtils]: 3: Hoare triple {2614#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {2614#true} is VALID [2022-02-20 17:55:52,592 INFO L290 TraceCheckUtils]: 4: Hoare triple {2614#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {2614#true} is VALID [2022-02-20 17:55:52,592 INFO L290 TraceCheckUtils]: 5: Hoare triple {2614#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2614#true} is VALID [2022-02-20 17:55:52,592 INFO L272 TraceCheckUtils]: 6: Hoare triple {2614#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2614#true} is VALID [2022-02-20 17:55:52,592 INFO L290 TraceCheckUtils]: 7: Hoare triple {2614#true} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:52,592 INFO L290 TraceCheckUtils]: 8: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:52,593 INFO L290 TraceCheckUtils]: 9: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:52,593 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2614#true} {2614#true} #1017#return; {2614#true} is VALID [2022-02-20 17:55:52,593 INFO L290 TraceCheckUtils]: 11: Hoare triple {2614#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2614#true} is VALID [2022-02-20 17:55:52,593 INFO L272 TraceCheckUtils]: 12: Hoare triple {2614#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2614#true} is VALID [2022-02-20 17:55:52,593 INFO L290 TraceCheckUtils]: 13: Hoare triple {2614#true} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:52,593 INFO L290 TraceCheckUtils]: 14: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:52,594 INFO L290 TraceCheckUtils]: 15: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:52,594 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2614#true} {2614#true} #1019#return; {2614#true} is VALID [2022-02-20 17:55:52,594 INFO L290 TraceCheckUtils]: 17: Hoare triple {2614#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2614#true} is VALID [2022-02-20 17:55:52,594 INFO L272 TraceCheckUtils]: 18: Hoare triple {2614#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2614#true} is VALID [2022-02-20 17:55:52,594 INFO L290 TraceCheckUtils]: 19: Hoare triple {2614#true} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:52,594 INFO L290 TraceCheckUtils]: 20: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:52,595 INFO L290 TraceCheckUtils]: 21: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:52,595 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2614#true} {2614#true} #1021#return; {2614#true} is VALID [2022-02-20 17:55:52,595 INFO L290 TraceCheckUtils]: 23: Hoare triple {2614#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2614#true} is VALID [2022-02-20 17:55:52,595 INFO L272 TraceCheckUtils]: 24: Hoare triple {2614#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2614#true} is VALID [2022-02-20 17:55:52,595 INFO L290 TraceCheckUtils]: 25: Hoare triple {2614#true} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:52,595 INFO L290 TraceCheckUtils]: 26: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:52,595 INFO L290 TraceCheckUtils]: 27: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:52,596 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2614#true} {2614#true} #1023#return; {2614#true} is VALID [2022-02-20 17:55:52,596 INFO L290 TraceCheckUtils]: 29: Hoare triple {2614#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2614#true} is VALID [2022-02-20 17:55:52,596 INFO L272 TraceCheckUtils]: 30: Hoare triple {2614#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2614#true} is VALID [2022-02-20 17:55:52,596 INFO L290 TraceCheckUtils]: 31: Hoare triple {2614#true} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:52,596 INFO L290 TraceCheckUtils]: 32: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:52,596 INFO L290 TraceCheckUtils]: 33: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:52,597 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2614#true} {2614#true} #1025#return; {2614#true} is VALID [2022-02-20 17:55:52,597 INFO L290 TraceCheckUtils]: 35: Hoare triple {2614#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2614#true} is VALID [2022-02-20 17:55:52,597 INFO L272 TraceCheckUtils]: 36: Hoare triple {2614#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2614#true} is VALID [2022-02-20 17:55:52,597 INFO L290 TraceCheckUtils]: 37: Hoare triple {2614#true} ~handle := #in~handle;~value := #in~value; {2614#true} is VALID [2022-02-20 17:55:52,597 INFO L290 TraceCheckUtils]: 38: Hoare triple {2614#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2614#true} is VALID [2022-02-20 17:55:52,597 INFO L290 TraceCheckUtils]: 39: Hoare triple {2614#true} assume true; {2614#true} is VALID [2022-02-20 17:55:52,598 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2614#true} {2614#true} #1027#return; {2614#true} is VALID [2022-02-20 17:55:52,598 INFO L290 TraceCheckUtils]: 41: Hoare triple {2614#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {2614#true} is VALID [2022-02-20 17:55:52,598 INFO L290 TraceCheckUtils]: 42: Hoare triple {2614#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:52,599 INFO L290 TraceCheckUtils]: 43: Hoare triple {2805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {2805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:52,599 INFO L290 TraceCheckUtils]: 44: Hoare triple {2805#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2615#false} is VALID [2022-02-20 17:55:52,600 INFO L290 TraceCheckUtils]: 45: Hoare triple {2615#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {2615#false} is VALID [2022-02-20 17:55:52,600 INFO L272 TraceCheckUtils]: 46: Hoare triple {2615#false} call sendEmail(~bob~0, ~rjh~0); {2615#false} is VALID [2022-02-20 17:55:52,600 INFO L290 TraceCheckUtils]: 47: Hoare triple {2615#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2615#false} is VALID [2022-02-20 17:55:52,600 INFO L272 TraceCheckUtils]: 48: Hoare triple {2615#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2615#false} is VALID [2022-02-20 17:55:52,600 INFO L290 TraceCheckUtils]: 49: Hoare triple {2615#false} ~handle := #in~handle;~value := #in~value; {2615#false} is VALID [2022-02-20 17:55:52,600 INFO L290 TraceCheckUtils]: 50: Hoare triple {2615#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2615#false} is VALID [2022-02-20 17:55:52,601 INFO L290 TraceCheckUtils]: 51: Hoare triple {2615#false} assume true; {2615#false} is VALID [2022-02-20 17:55:52,601 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2615#false} {2615#false} #1003#return; {2615#false} is VALID [2022-02-20 17:55:52,601 INFO L272 TraceCheckUtils]: 53: Hoare triple {2615#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2615#false} is VALID [2022-02-20 17:55:52,601 INFO L290 TraceCheckUtils]: 54: Hoare triple {2615#false} ~handle := #in~handle;~value := #in~value; {2615#false} is VALID [2022-02-20 17:55:52,601 INFO L290 TraceCheckUtils]: 55: Hoare triple {2615#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2615#false} is VALID [2022-02-20 17:55:52,601 INFO L290 TraceCheckUtils]: 56: Hoare triple {2615#false} assume true; {2615#false} is VALID [2022-02-20 17:55:52,601 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2615#false} {2615#false} #1005#return; {2615#false} is VALID [2022-02-20 17:55:52,602 INFO L290 TraceCheckUtils]: 58: Hoare triple {2615#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {2615#false} is VALID [2022-02-20 17:55:52,602 INFO L290 TraceCheckUtils]: 59: Hoare triple {2615#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {2615#false} is VALID [2022-02-20 17:55:52,602 INFO L272 TraceCheckUtils]: 60: Hoare triple {2615#false} call outgoing(~sender#1, ~email~0#1); {2615#false} is VALID [2022-02-20 17:55:52,602 INFO L290 TraceCheckUtils]: 61: Hoare triple {2615#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {2615#false} is VALID [2022-02-20 17:55:52,602 INFO L272 TraceCheckUtils]: 62: Hoare triple {2615#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {2615#false} is VALID [2022-02-20 17:55:52,602 INFO L290 TraceCheckUtils]: 63: Hoare triple {2615#false} ~handle := #in~handle;havoc ~retValue_acc~17; {2615#false} is VALID [2022-02-20 17:55:52,603 INFO L290 TraceCheckUtils]: 64: Hoare triple {2615#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {2615#false} is VALID [2022-02-20 17:55:52,603 INFO L290 TraceCheckUtils]: 65: Hoare triple {2615#false} assume true; {2615#false} is VALID [2022-02-20 17:55:52,603 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2615#false} {2615#false} #957#return; {2615#false} is VALID [2022-02-20 17:55:52,603 INFO L290 TraceCheckUtils]: 67: Hoare triple {2615#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {2615#false} is VALID [2022-02-20 17:55:52,603 INFO L290 TraceCheckUtils]: 68: Hoare triple {2615#false} assume 0 == sign_~privkey~1#1; {2615#false} is VALID [2022-02-20 17:55:52,603 INFO L290 TraceCheckUtils]: 69: Hoare triple {2615#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {2615#false} is VALID [2022-02-20 17:55:52,604 INFO L272 TraceCheckUtils]: 70: Hoare triple {2615#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {2615#false} is VALID [2022-02-20 17:55:52,604 INFO L290 TraceCheckUtils]: 71: Hoare triple {2615#false} ~handle := #in~handle;havoc ~retValue_acc~33; {2615#false} is VALID [2022-02-20 17:55:52,604 INFO L290 TraceCheckUtils]: 72: Hoare triple {2615#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {2615#false} is VALID [2022-02-20 17:55:52,604 INFO L290 TraceCheckUtils]: 73: Hoare triple {2615#false} assume true; {2615#false} is VALID [2022-02-20 17:55:52,604 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2615#false} {2615#false} #959#return; {2615#false} is VALID [2022-02-20 17:55:52,604 INFO L290 TraceCheckUtils]: 75: Hoare triple {2615#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {2615#false} is VALID [2022-02-20 17:55:52,604 INFO L272 TraceCheckUtils]: 76: Hoare triple {2615#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {2615#false} is VALID [2022-02-20 17:55:52,605 INFO L290 TraceCheckUtils]: 77: Hoare triple {2615#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {2615#false} is VALID [2022-02-20 17:55:52,605 INFO L290 TraceCheckUtils]: 78: Hoare triple {2615#false} assume 1 == ~handle; {2615#false} is VALID [2022-02-20 17:55:52,605 INFO L290 TraceCheckUtils]: 79: Hoare triple {2615#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {2615#false} is VALID [2022-02-20 17:55:52,605 INFO L290 TraceCheckUtils]: 80: Hoare triple {2615#false} assume true; {2615#false} is VALID [2022-02-20 17:55:52,605 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2615#false} {2615#false} #961#return; {2615#false} is VALID [2022-02-20 17:55:52,605 INFO L290 TraceCheckUtils]: 82: Hoare triple {2615#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {2615#false} is VALID [2022-02-20 17:55:52,606 INFO L290 TraceCheckUtils]: 83: Hoare triple {2615#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {2615#false} is VALID [2022-02-20 17:55:52,606 INFO L290 TraceCheckUtils]: 84: Hoare triple {2615#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {2615#false} is VALID [2022-02-20 17:55:52,607 INFO L290 TraceCheckUtils]: 85: Hoare triple {2615#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {2615#false} is VALID [2022-02-20 17:55:52,607 INFO L290 TraceCheckUtils]: 86: Hoare triple {2615#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {2615#false} is VALID [2022-02-20 17:55:52,608 INFO L272 TraceCheckUtils]: 87: Hoare triple {2615#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {2615#false} is VALID [2022-02-20 17:55:52,610 INFO L290 TraceCheckUtils]: 88: Hoare triple {2615#false} ~handle := #in~handle;~value := #in~value; {2615#false} is VALID [2022-02-20 17:55:52,610 INFO L290 TraceCheckUtils]: 89: Hoare triple {2615#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2615#false} is VALID [2022-02-20 17:55:52,611 INFO L290 TraceCheckUtils]: 90: Hoare triple {2615#false} assume true; {2615#false} is VALID [2022-02-20 17:55:52,611 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2615#false} {2615#false} #967#return; {2615#false} is VALID [2022-02-20 17:55:52,611 INFO L290 TraceCheckUtils]: 92: Hoare triple {2615#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {2615#false} is VALID [2022-02-20 17:55:52,611 INFO L290 TraceCheckUtils]: 93: Hoare triple {2615#false} assume !(-1 == ~mail_is_sensitive~0); {2615#false} is VALID [2022-02-20 17:55:52,611 INFO L272 TraceCheckUtils]: 94: Hoare triple {2615#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {2615#false} is VALID [2022-02-20 17:55:52,611 INFO L290 TraceCheckUtils]: 95: Hoare triple {2615#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2615#false} is VALID [2022-02-20 17:55:52,612 INFO L290 TraceCheckUtils]: 96: Hoare triple {2615#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {2615#false} is VALID [2022-02-20 17:55:52,612 INFO L290 TraceCheckUtils]: 97: Hoare triple {2615#false} assume true; {2615#false} is VALID [2022-02-20 17:55:52,612 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {2615#false} {2615#false} #971#return; {2615#false} is VALID [2022-02-20 17:55:52,612 INFO L290 TraceCheckUtils]: 99: Hoare triple {2615#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {2615#false} is VALID [2022-02-20 17:55:52,612 INFO L290 TraceCheckUtils]: 100: Hoare triple {2615#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {2615#false} is VALID [2022-02-20 17:55:52,612 INFO L290 TraceCheckUtils]: 101: Hoare triple {2615#false} assume !false; {2615#false} is VALID [2022-02-20 17:55:52,613 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:52,613 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:52,613 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2127523406] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:52,613 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:52,613 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:55:52,614 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1719838010] [2022-02-20 17:55:52,614 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:52,615 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 102 [2022-02-20 17:55:52,617 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:52,617 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:52,684 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:52,685 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:52,685 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:52,685 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:52,685 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:52,686 INFO L87 Difference]: Start difference. First operand 340 states and 502 transitions. Second operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:53,172 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:53,172 INFO L93 Difference]: Finished difference Result 530 states and 763 transitions. [2022-02-20 17:55:53,173 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:53,173 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 102 [2022-02-20 17:55:53,173 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:53,174 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:53,184 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 763 transitions. [2022-02-20 17:55:53,185 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:53,204 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 763 transitions. [2022-02-20 17:55:53,204 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 763 transitions. [2022-02-20 17:55:53,772 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 763 edges. 763 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:53,784 INFO L225 Difference]: With dead ends: 530 [2022-02-20 17:55:53,784 INFO L226 Difference]: Without dead ends: 343 [2022-02-20 17:55:53,785 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 123 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:53,786 INFO L933 BasicCegarLoop]: 500 mSDtfsCounter, 1 mSDsluCounter, 498 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 998 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:53,787 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 998 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:53,788 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 343 states. [2022-02-20 17:55:53,808 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 343 to 342. [2022-02-20 17:55:53,809 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:53,810 INFO L82 GeneralOperation]: Start isEquivalent. First operand 343 states. Second operand has 342 states, 265 states have (on average 1.5056603773584907) internal successors, (399), 268 states have internal predecessors, (399), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 17:55:53,811 INFO L74 IsIncluded]: Start isIncluded. First operand 343 states. Second operand has 342 states, 265 states have (on average 1.5056603773584907) internal successors, (399), 268 states have internal predecessors, (399), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 17:55:53,812 INFO L87 Difference]: Start difference. First operand 343 states. Second operand has 342 states, 265 states have (on average 1.5056603773584907) internal successors, (399), 268 states have internal predecessors, (399), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 17:55:53,826 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:53,826 INFO L93 Difference]: Finished difference Result 343 states and 505 transitions. [2022-02-20 17:55:53,826 INFO L276 IsEmpty]: Start isEmpty. Operand 343 states and 505 transitions. [2022-02-20 17:55:53,828 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:53,828 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:53,829 INFO L74 IsIncluded]: Start isIncluded. First operand has 342 states, 265 states have (on average 1.5056603773584907) internal successors, (399), 268 states have internal predecessors, (399), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) Second operand 343 states. [2022-02-20 17:55:53,830 INFO L87 Difference]: Start difference. First operand has 342 states, 265 states have (on average 1.5056603773584907) internal successors, (399), 268 states have internal predecessors, (399), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) Second operand 343 states. [2022-02-20 17:55:53,844 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:53,844 INFO L93 Difference]: Finished difference Result 343 states and 505 transitions. [2022-02-20 17:55:53,844 INFO L276 IsEmpty]: Start isEmpty. Operand 343 states and 505 transitions. [2022-02-20 17:55:53,846 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:53,846 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:53,846 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:53,846 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:53,847 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 342 states, 265 states have (on average 1.5056603773584907) internal successors, (399), 268 states have internal predecessors, (399), 53 states have call successors, (53), 23 states have call predecessors, (53), 23 states have return successors, (52), 52 states have call predecessors, (52), 52 states have call successors, (52) [2022-02-20 17:55:53,862 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 342 states to 342 states and 504 transitions. [2022-02-20 17:55:53,863 INFO L78 Accepts]: Start accepts. Automaton has 342 states and 504 transitions. Word has length 102 [2022-02-20 17:55:53,863 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:53,863 INFO L470 AbstractCegarLoop]: Abstraction has 342 states and 504 transitions. [2022-02-20 17:55:53,864 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 19.666666666666668) internal successors, (59), 3 states have internal predecessors, (59), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:53,864 INFO L276 IsEmpty]: Start isEmpty. Operand 342 states and 504 transitions. [2022-02-20 17:55:53,865 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 17:55:53,865 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:53,865 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:53,885 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:54,075 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:55:54,076 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:54,076 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:54,076 INFO L85 PathProgramCache]: Analyzing trace with hash -1065468452, now seen corresponding path program 1 times [2022-02-20 17:55:54,076 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:54,077 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1798500092] [2022-02-20 17:55:54,077 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:54,077 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:54,114 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,154 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:54,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {4931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,159 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4875#true} #1017#return; {4875#true} is VALID [2022-02-20 17:55:54,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:54,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,168 INFO L290 TraceCheckUtils]: 0: Hoare triple {4932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,168 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4875#true} #1019#return; {4875#true} is VALID [2022-02-20 17:55:54,169 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:54,171 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,184 INFO L290 TraceCheckUtils]: 0: Hoare triple {4931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4933#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:54,184 INFO L290 TraceCheckUtils]: 1: Hoare triple {4933#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4934#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:54,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {4934#(= |setClientId_#in~handle| 1)} assume true; {4934#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:54,185 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4934#(= |setClientId_#in~handle| 1)} {4885#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1021#return; {4876#false} is VALID [2022-02-20 17:55:54,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:54,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,190 INFO L290 TraceCheckUtils]: 0: Hoare triple {4932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,190 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,191 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,191 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4876#false} #1023#return; {4876#false} is VALID [2022-02-20 17:55:54,191 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:54,193 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,196 INFO L290 TraceCheckUtils]: 0: Hoare triple {4931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,196 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,196 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,196 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4876#false} #1025#return; {4876#false} is VALID [2022-02-20 17:55:54,197 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:54,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,201 INFO L290 TraceCheckUtils]: 0: Hoare triple {4932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,201 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,201 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,201 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4876#false} #1027#return; {4876#false} is VALID [2022-02-20 17:55:54,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:55:54,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,212 INFO L290 TraceCheckUtils]: 0: Hoare triple {4935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,212 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,212 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,212 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4876#false} #1003#return; {4876#false} is VALID [2022-02-20 17:55:54,231 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:55:54,233 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {4936#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,236 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4876#false} #1005#return; {4876#false} is VALID [2022-02-20 17:55:54,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:55:54,237 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,240 INFO L290 TraceCheckUtils]: 0: Hoare triple {4875#true} ~handle := #in~handle;havoc ~retValue_acc~17; {4875#true} is VALID [2022-02-20 17:55:54,240 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {4875#true} is VALID [2022-02-20 17:55:54,240 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,240 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4876#false} #957#return; {4876#false} is VALID [2022-02-20 17:55:54,240 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:55:54,241 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,244 INFO L290 TraceCheckUtils]: 0: Hoare triple {4875#true} ~handle := #in~handle;havoc ~retValue_acc~33; {4875#true} is VALID [2022-02-20 17:55:54,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {4875#true} is VALID [2022-02-20 17:55:54,244 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,244 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4876#false} #959#return; {4876#false} is VALID [2022-02-20 17:55:54,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:55:54,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,248 INFO L290 TraceCheckUtils]: 0: Hoare triple {4875#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {4875#true} is VALID [2022-02-20 17:55:54,248 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle; {4875#true} is VALID [2022-02-20 17:55:54,248 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {4875#true} is VALID [2022-02-20 17:55:54,248 INFO L290 TraceCheckUtils]: 3: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,248 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {4875#true} {4876#false} #961#return; {4876#false} is VALID [2022-02-20 17:55:54,249 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:55:54,250 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,252 INFO L290 TraceCheckUtils]: 0: Hoare triple {4935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,252 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,252 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4876#false} #967#return; {4876#false} is VALID [2022-02-20 17:55:54,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:55:54,254 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {4875#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4875#true} is VALID [2022-02-20 17:55:54,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {4875#true} is VALID [2022-02-20 17:55:54,256 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,256 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {4875#true} {4876#false} #971#return; {4876#false} is VALID [2022-02-20 17:55:54,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {4875#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {4875#true} is VALID [2022-02-20 17:55:54,257 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {4875#true} is VALID [2022-02-20 17:55:54,257 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4875#true} is VALID [2022-02-20 17:55:54,257 INFO L290 TraceCheckUtils]: 3: Hoare triple {4875#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {4875#true} is VALID [2022-02-20 17:55:54,257 INFO L290 TraceCheckUtils]: 4: Hoare triple {4875#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {4875#true} is VALID [2022-02-20 17:55:54,257 INFO L290 TraceCheckUtils]: 5: Hoare triple {4875#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4875#true} is VALID [2022-02-20 17:55:54,258 INFO L272 TraceCheckUtils]: 6: Hoare triple {4875#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:54,258 INFO L290 TraceCheckUtils]: 7: Hoare triple {4931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,258 INFO L290 TraceCheckUtils]: 8: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,259 INFO L290 TraceCheckUtils]: 9: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,259 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4875#true} {4875#true} #1017#return; {4875#true} is VALID [2022-02-20 17:55:54,259 INFO L290 TraceCheckUtils]: 11: Hoare triple {4875#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4875#true} is VALID [2022-02-20 17:55:54,260 INFO L272 TraceCheckUtils]: 12: Hoare triple {4875#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:54,260 INFO L290 TraceCheckUtils]: 13: Hoare triple {4932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,260 INFO L290 TraceCheckUtils]: 14: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,260 INFO L290 TraceCheckUtils]: 15: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,260 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4875#true} {4875#true} #1019#return; {4875#true} is VALID [2022-02-20 17:55:54,261 INFO L290 TraceCheckUtils]: 17: Hoare triple {4875#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4885#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:54,261 INFO L272 TraceCheckUtils]: 18: Hoare triple {4885#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:54,262 INFO L290 TraceCheckUtils]: 19: Hoare triple {4931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4933#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:54,262 INFO L290 TraceCheckUtils]: 20: Hoare triple {4933#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4934#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:54,262 INFO L290 TraceCheckUtils]: 21: Hoare triple {4934#(= |setClientId_#in~handle| 1)} assume true; {4934#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:54,263 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4934#(= |setClientId_#in~handle| 1)} {4885#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1021#return; {4876#false} is VALID [2022-02-20 17:55:54,263 INFO L290 TraceCheckUtils]: 23: Hoare triple {4876#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {4876#false} is VALID [2022-02-20 17:55:54,263 INFO L272 TraceCheckUtils]: 24: Hoare triple {4876#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:54,264 INFO L290 TraceCheckUtils]: 25: Hoare triple {4932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,264 INFO L290 TraceCheckUtils]: 26: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,264 INFO L290 TraceCheckUtils]: 27: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,264 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4875#true} {4876#false} #1023#return; {4876#false} is VALID [2022-02-20 17:55:54,264 INFO L290 TraceCheckUtils]: 29: Hoare triple {4876#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4876#false} is VALID [2022-02-20 17:55:54,264 INFO L272 TraceCheckUtils]: 30: Hoare triple {4876#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:54,265 INFO L290 TraceCheckUtils]: 31: Hoare triple {4931#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,265 INFO L290 TraceCheckUtils]: 32: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,265 INFO L290 TraceCheckUtils]: 33: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,265 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4875#true} {4876#false} #1025#return; {4876#false} is VALID [2022-02-20 17:55:54,265 INFO L290 TraceCheckUtils]: 35: Hoare triple {4876#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {4876#false} is VALID [2022-02-20 17:55:54,265 INFO L272 TraceCheckUtils]: 36: Hoare triple {4876#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:54,266 INFO L290 TraceCheckUtils]: 37: Hoare triple {4932#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,266 INFO L290 TraceCheckUtils]: 38: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,266 INFO L290 TraceCheckUtils]: 39: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,266 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4875#true} {4876#false} #1027#return; {4876#false} is VALID [2022-02-20 17:55:54,266 INFO L290 TraceCheckUtils]: 41: Hoare triple {4876#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {4876#false} is VALID [2022-02-20 17:55:54,266 INFO L290 TraceCheckUtils]: 42: Hoare triple {4876#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {4876#false} is VALID [2022-02-20 17:55:54,266 INFO L290 TraceCheckUtils]: 43: Hoare triple {4876#false} assume !false; {4876#false} is VALID [2022-02-20 17:55:54,267 INFO L290 TraceCheckUtils]: 44: Hoare triple {4876#false} assume test_~splverifierCounter~0#1 < 4; {4876#false} is VALID [2022-02-20 17:55:54,267 INFO L290 TraceCheckUtils]: 45: Hoare triple {4876#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {4876#false} is VALID [2022-02-20 17:55:54,267 INFO L290 TraceCheckUtils]: 46: Hoare triple {4876#false} assume !(0 == test_~op1~0#1); {4876#false} is VALID [2022-02-20 17:55:54,267 INFO L290 TraceCheckUtils]: 47: Hoare triple {4876#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {4876#false} is VALID [2022-02-20 17:55:54,267 INFO L290 TraceCheckUtils]: 48: Hoare triple {4876#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4876#false} is VALID [2022-02-20 17:55:54,267 INFO L290 TraceCheckUtils]: 49: Hoare triple {4876#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4876#false} is VALID [2022-02-20 17:55:54,268 INFO L290 TraceCheckUtils]: 50: Hoare triple {4876#false} assume { :end_inline_setClientAutoResponse } true; {4876#false} is VALID [2022-02-20 17:55:54,268 INFO L290 TraceCheckUtils]: 51: Hoare triple {4876#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4876#false} is VALID [2022-02-20 17:55:54,268 INFO L290 TraceCheckUtils]: 52: Hoare triple {4876#false} assume !false; {4876#false} is VALID [2022-02-20 17:55:54,268 INFO L290 TraceCheckUtils]: 53: Hoare triple {4876#false} assume !(test_~splverifierCounter~0#1 < 4); {4876#false} is VALID [2022-02-20 17:55:54,268 INFO L290 TraceCheckUtils]: 54: Hoare triple {4876#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {4876#false} is VALID [2022-02-20 17:55:54,268 INFO L272 TraceCheckUtils]: 55: Hoare triple {4876#false} call sendEmail(~bob~0, ~rjh~0); {4876#false} is VALID [2022-02-20 17:55:54,269 INFO L290 TraceCheckUtils]: 56: Hoare triple {4876#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4876#false} is VALID [2022-02-20 17:55:54,269 INFO L272 TraceCheckUtils]: 57: Hoare triple {4876#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:54,269 INFO L290 TraceCheckUtils]: 58: Hoare triple {4935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,269 INFO L290 TraceCheckUtils]: 59: Hoare triple {4875#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,269 INFO L290 TraceCheckUtils]: 60: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,269 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {4875#true} {4876#false} #1003#return; {4876#false} is VALID [2022-02-20 17:55:54,269 INFO L272 TraceCheckUtils]: 62: Hoare triple {4876#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4936#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:54,270 INFO L290 TraceCheckUtils]: 63: Hoare triple {4936#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,270 INFO L290 TraceCheckUtils]: 64: Hoare triple {4875#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,270 INFO L290 TraceCheckUtils]: 65: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,270 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {4875#true} {4876#false} #1005#return; {4876#false} is VALID [2022-02-20 17:55:54,270 INFO L290 TraceCheckUtils]: 67: Hoare triple {4876#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {4876#false} is VALID [2022-02-20 17:55:54,270 INFO L290 TraceCheckUtils]: 68: Hoare triple {4876#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {4876#false} is VALID [2022-02-20 17:55:54,271 INFO L272 TraceCheckUtils]: 69: Hoare triple {4876#false} call outgoing(~sender#1, ~email~0#1); {4876#false} is VALID [2022-02-20 17:55:54,271 INFO L290 TraceCheckUtils]: 70: Hoare triple {4876#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {4876#false} is VALID [2022-02-20 17:55:54,271 INFO L272 TraceCheckUtils]: 71: Hoare triple {4876#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {4875#true} is VALID [2022-02-20 17:55:54,271 INFO L290 TraceCheckUtils]: 72: Hoare triple {4875#true} ~handle := #in~handle;havoc ~retValue_acc~17; {4875#true} is VALID [2022-02-20 17:55:54,271 INFO L290 TraceCheckUtils]: 73: Hoare triple {4875#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {4875#true} is VALID [2022-02-20 17:55:54,271 INFO L290 TraceCheckUtils]: 74: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,272 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {4875#true} {4876#false} #957#return; {4876#false} is VALID [2022-02-20 17:55:54,272 INFO L290 TraceCheckUtils]: 76: Hoare triple {4876#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {4876#false} is VALID [2022-02-20 17:55:54,272 INFO L290 TraceCheckUtils]: 77: Hoare triple {4876#false} assume 0 == sign_~privkey~1#1; {4876#false} is VALID [2022-02-20 17:55:54,272 INFO L290 TraceCheckUtils]: 78: Hoare triple {4876#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {4876#false} is VALID [2022-02-20 17:55:54,272 INFO L272 TraceCheckUtils]: 79: Hoare triple {4876#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {4875#true} is VALID [2022-02-20 17:55:54,272 INFO L290 TraceCheckUtils]: 80: Hoare triple {4875#true} ~handle := #in~handle;havoc ~retValue_acc~33; {4875#true} is VALID [2022-02-20 17:55:54,272 INFO L290 TraceCheckUtils]: 81: Hoare triple {4875#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {4875#true} is VALID [2022-02-20 17:55:54,273 INFO L290 TraceCheckUtils]: 82: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,273 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {4875#true} {4876#false} #959#return; {4876#false} is VALID [2022-02-20 17:55:54,273 INFO L290 TraceCheckUtils]: 84: Hoare triple {4876#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {4876#false} is VALID [2022-02-20 17:55:54,273 INFO L272 TraceCheckUtils]: 85: Hoare triple {4876#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {4875#true} is VALID [2022-02-20 17:55:54,273 INFO L290 TraceCheckUtils]: 86: Hoare triple {4875#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {4875#true} is VALID [2022-02-20 17:55:54,273 INFO L290 TraceCheckUtils]: 87: Hoare triple {4875#true} assume 1 == ~handle; {4875#true} is VALID [2022-02-20 17:55:54,274 INFO L290 TraceCheckUtils]: 88: Hoare triple {4875#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {4875#true} is VALID [2022-02-20 17:55:54,274 INFO L290 TraceCheckUtils]: 89: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,274 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {4875#true} {4876#false} #961#return; {4876#false} is VALID [2022-02-20 17:55:54,274 INFO L290 TraceCheckUtils]: 91: Hoare triple {4876#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {4876#false} is VALID [2022-02-20 17:55:54,274 INFO L290 TraceCheckUtils]: 92: Hoare triple {4876#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {4876#false} is VALID [2022-02-20 17:55:54,274 INFO L290 TraceCheckUtils]: 93: Hoare triple {4876#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {4876#false} is VALID [2022-02-20 17:55:54,274 INFO L290 TraceCheckUtils]: 94: Hoare triple {4876#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {4876#false} is VALID [2022-02-20 17:55:54,275 INFO L290 TraceCheckUtils]: 95: Hoare triple {4876#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {4876#false} is VALID [2022-02-20 17:55:54,275 INFO L272 TraceCheckUtils]: 96: Hoare triple {4876#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {4935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:54,275 INFO L290 TraceCheckUtils]: 97: Hoare triple {4935#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,275 INFO L290 TraceCheckUtils]: 98: Hoare triple {4875#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,275 INFO L290 TraceCheckUtils]: 99: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,275 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {4875#true} {4876#false} #967#return; {4876#false} is VALID [2022-02-20 17:55:54,276 INFO L290 TraceCheckUtils]: 101: Hoare triple {4876#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {4876#false} is VALID [2022-02-20 17:55:54,276 INFO L290 TraceCheckUtils]: 102: Hoare triple {4876#false} assume !(-1 == ~mail_is_sensitive~0); {4876#false} is VALID [2022-02-20 17:55:54,276 INFO L272 TraceCheckUtils]: 103: Hoare triple {4876#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {4875#true} is VALID [2022-02-20 17:55:54,276 INFO L290 TraceCheckUtils]: 104: Hoare triple {4875#true} ~handle := #in~handle;havoc ~retValue_acc~36; {4875#true} is VALID [2022-02-20 17:55:54,276 INFO L290 TraceCheckUtils]: 105: Hoare triple {4875#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {4875#true} is VALID [2022-02-20 17:55:54,276 INFO L290 TraceCheckUtils]: 106: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,276 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {4875#true} {4876#false} #971#return; {4876#false} is VALID [2022-02-20 17:55:54,277 INFO L290 TraceCheckUtils]: 108: Hoare triple {4876#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {4876#false} is VALID [2022-02-20 17:55:54,277 INFO L290 TraceCheckUtils]: 109: Hoare triple {4876#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {4876#false} is VALID [2022-02-20 17:55:54,277 INFO L290 TraceCheckUtils]: 110: Hoare triple {4876#false} assume !false; {4876#false} is VALID [2022-02-20 17:55:54,277 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:54,278 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:54,278 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1798500092] [2022-02-20 17:55:54,278 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1798500092] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:54,278 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [414916625] [2022-02-20 17:55:54,278 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:54,279 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:54,279 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:54,280 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:54,292 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:55:54,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,554 INFO L263 TraceCheckSpWp]: Trace formula consists of 1079 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:55:54,597 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,607 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:54,849 INFO L290 TraceCheckUtils]: 0: Hoare triple {4875#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {4875#true} is VALID [2022-02-20 17:55:54,850 INFO L290 TraceCheckUtils]: 1: Hoare triple {4875#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {4875#true} is VALID [2022-02-20 17:55:54,850 INFO L290 TraceCheckUtils]: 2: Hoare triple {4875#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4875#true} is VALID [2022-02-20 17:55:54,850 INFO L290 TraceCheckUtils]: 3: Hoare triple {4875#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {4875#true} is VALID [2022-02-20 17:55:54,850 INFO L290 TraceCheckUtils]: 4: Hoare triple {4875#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {4875#true} is VALID [2022-02-20 17:55:54,850 INFO L290 TraceCheckUtils]: 5: Hoare triple {4875#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {4875#true} is VALID [2022-02-20 17:55:54,851 INFO L272 TraceCheckUtils]: 6: Hoare triple {4875#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {4875#true} is VALID [2022-02-20 17:55:54,851 INFO L290 TraceCheckUtils]: 7: Hoare triple {4875#true} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,851 INFO L290 TraceCheckUtils]: 8: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,851 INFO L290 TraceCheckUtils]: 9: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,851 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {4875#true} {4875#true} #1017#return; {4875#true} is VALID [2022-02-20 17:55:54,851 INFO L290 TraceCheckUtils]: 11: Hoare triple {4875#true} assume { :end_inline_setup_bob__wrappee__Base } true; {4875#true} is VALID [2022-02-20 17:55:54,852 INFO L272 TraceCheckUtils]: 12: Hoare triple {4875#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {4875#true} is VALID [2022-02-20 17:55:54,852 INFO L290 TraceCheckUtils]: 13: Hoare triple {4875#true} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,852 INFO L290 TraceCheckUtils]: 14: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,852 INFO L290 TraceCheckUtils]: 15: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,852 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {4875#true} {4875#true} #1019#return; {4875#true} is VALID [2022-02-20 17:55:54,853 INFO L290 TraceCheckUtils]: 17: Hoare triple {4875#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {4875#true} is VALID [2022-02-20 17:55:54,853 INFO L272 TraceCheckUtils]: 18: Hoare triple {4875#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {4875#true} is VALID [2022-02-20 17:55:54,853 INFO L290 TraceCheckUtils]: 19: Hoare triple {4875#true} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,853 INFO L290 TraceCheckUtils]: 20: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,853 INFO L290 TraceCheckUtils]: 21: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,853 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {4875#true} {4875#true} #1021#return; {4875#true} is VALID [2022-02-20 17:55:54,853 INFO L290 TraceCheckUtils]: 23: Hoare triple {4875#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {4875#true} is VALID [2022-02-20 17:55:54,854 INFO L272 TraceCheckUtils]: 24: Hoare triple {4875#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {4875#true} is VALID [2022-02-20 17:55:54,854 INFO L290 TraceCheckUtils]: 25: Hoare triple {4875#true} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,854 INFO L290 TraceCheckUtils]: 26: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,854 INFO L290 TraceCheckUtils]: 27: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,854 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4875#true} {4875#true} #1023#return; {4875#true} is VALID [2022-02-20 17:55:54,854 INFO L290 TraceCheckUtils]: 29: Hoare triple {4875#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {4875#true} is VALID [2022-02-20 17:55:54,855 INFO L272 TraceCheckUtils]: 30: Hoare triple {4875#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {4875#true} is VALID [2022-02-20 17:55:54,855 INFO L290 TraceCheckUtils]: 31: Hoare triple {4875#true} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,855 INFO L290 TraceCheckUtils]: 32: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,855 INFO L290 TraceCheckUtils]: 33: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,855 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {4875#true} {4875#true} #1025#return; {4875#true} is VALID [2022-02-20 17:55:54,855 INFO L290 TraceCheckUtils]: 35: Hoare triple {4875#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {4875#true} is VALID [2022-02-20 17:55:54,855 INFO L272 TraceCheckUtils]: 36: Hoare triple {4875#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {4875#true} is VALID [2022-02-20 17:55:54,856 INFO L290 TraceCheckUtils]: 37: Hoare triple {4875#true} ~handle := #in~handle;~value := #in~value; {4875#true} is VALID [2022-02-20 17:55:54,856 INFO L290 TraceCheckUtils]: 38: Hoare triple {4875#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {4875#true} is VALID [2022-02-20 17:55:54,856 INFO L290 TraceCheckUtils]: 39: Hoare triple {4875#true} assume true; {4875#true} is VALID [2022-02-20 17:55:54,856 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {4875#true} {4875#true} #1027#return; {4875#true} is VALID [2022-02-20 17:55:54,856 INFO L290 TraceCheckUtils]: 41: Hoare triple {4875#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {4875#true} is VALID [2022-02-20 17:55:54,857 INFO L290 TraceCheckUtils]: 42: Hoare triple {4875#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5066#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:54,857 INFO L290 TraceCheckUtils]: 43: Hoare triple {5066#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5066#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:54,857 INFO L290 TraceCheckUtils]: 44: Hoare triple {5066#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5066#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:54,858 INFO L290 TraceCheckUtils]: 45: Hoare triple {5066#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5066#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:54,858 INFO L290 TraceCheckUtils]: 46: Hoare triple {5066#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {4876#false} is VALID [2022-02-20 17:55:54,858 INFO L290 TraceCheckUtils]: 47: Hoare triple {4876#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {4876#false} is VALID [2022-02-20 17:55:54,858 INFO L290 TraceCheckUtils]: 48: Hoare triple {4876#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {4876#false} is VALID [2022-02-20 17:55:54,859 INFO L290 TraceCheckUtils]: 49: Hoare triple {4876#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {4876#false} is VALID [2022-02-20 17:55:54,859 INFO L290 TraceCheckUtils]: 50: Hoare triple {4876#false} assume { :end_inline_setClientAutoResponse } true; {4876#false} is VALID [2022-02-20 17:55:54,859 INFO L290 TraceCheckUtils]: 51: Hoare triple {4876#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {4876#false} is VALID [2022-02-20 17:55:54,859 INFO L290 TraceCheckUtils]: 52: Hoare triple {4876#false} assume !false; {4876#false} is VALID [2022-02-20 17:55:54,859 INFO L290 TraceCheckUtils]: 53: Hoare triple {4876#false} assume !(test_~splverifierCounter~0#1 < 4); {4876#false} is VALID [2022-02-20 17:55:54,859 INFO L290 TraceCheckUtils]: 54: Hoare triple {4876#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {4876#false} is VALID [2022-02-20 17:55:54,860 INFO L272 TraceCheckUtils]: 55: Hoare triple {4876#false} call sendEmail(~bob~0, ~rjh~0); {4876#false} is VALID [2022-02-20 17:55:54,860 INFO L290 TraceCheckUtils]: 56: Hoare triple {4876#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {4876#false} is VALID [2022-02-20 17:55:54,860 INFO L272 TraceCheckUtils]: 57: Hoare triple {4876#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {4876#false} is VALID [2022-02-20 17:55:54,860 INFO L290 TraceCheckUtils]: 58: Hoare triple {4876#false} ~handle := #in~handle;~value := #in~value; {4876#false} is VALID [2022-02-20 17:55:54,860 INFO L290 TraceCheckUtils]: 59: Hoare triple {4876#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4876#false} is VALID [2022-02-20 17:55:54,860 INFO L290 TraceCheckUtils]: 60: Hoare triple {4876#false} assume true; {4876#false} is VALID [2022-02-20 17:55:54,860 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {4876#false} {4876#false} #1003#return; {4876#false} is VALID [2022-02-20 17:55:54,861 INFO L272 TraceCheckUtils]: 62: Hoare triple {4876#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {4876#false} is VALID [2022-02-20 17:55:54,861 INFO L290 TraceCheckUtils]: 63: Hoare triple {4876#false} ~handle := #in~handle;~value := #in~value; {4876#false} is VALID [2022-02-20 17:55:54,861 INFO L290 TraceCheckUtils]: 64: Hoare triple {4876#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {4876#false} is VALID [2022-02-20 17:55:54,861 INFO L290 TraceCheckUtils]: 65: Hoare triple {4876#false} assume true; {4876#false} is VALID [2022-02-20 17:55:54,861 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {4876#false} {4876#false} #1005#return; {4876#false} is VALID [2022-02-20 17:55:54,861 INFO L290 TraceCheckUtils]: 67: Hoare triple {4876#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {4876#false} is VALID [2022-02-20 17:55:54,862 INFO L290 TraceCheckUtils]: 68: Hoare triple {4876#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {4876#false} is VALID [2022-02-20 17:55:54,862 INFO L272 TraceCheckUtils]: 69: Hoare triple {4876#false} call outgoing(~sender#1, ~email~0#1); {4876#false} is VALID [2022-02-20 17:55:54,862 INFO L290 TraceCheckUtils]: 70: Hoare triple {4876#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {4876#false} is VALID [2022-02-20 17:55:54,862 INFO L272 TraceCheckUtils]: 71: Hoare triple {4876#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {4876#false} is VALID [2022-02-20 17:55:54,862 INFO L290 TraceCheckUtils]: 72: Hoare triple {4876#false} ~handle := #in~handle;havoc ~retValue_acc~17; {4876#false} is VALID [2022-02-20 17:55:54,862 INFO L290 TraceCheckUtils]: 73: Hoare triple {4876#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {4876#false} is VALID [2022-02-20 17:55:54,862 INFO L290 TraceCheckUtils]: 74: Hoare triple {4876#false} assume true; {4876#false} is VALID [2022-02-20 17:55:54,863 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {4876#false} {4876#false} #957#return; {4876#false} is VALID [2022-02-20 17:55:54,863 INFO L290 TraceCheckUtils]: 76: Hoare triple {4876#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {4876#false} is VALID [2022-02-20 17:55:54,863 INFO L290 TraceCheckUtils]: 77: Hoare triple {4876#false} assume 0 == sign_~privkey~1#1; {4876#false} is VALID [2022-02-20 17:55:54,863 INFO L290 TraceCheckUtils]: 78: Hoare triple {4876#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {4876#false} is VALID [2022-02-20 17:55:54,863 INFO L272 TraceCheckUtils]: 79: Hoare triple {4876#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {4876#false} is VALID [2022-02-20 17:55:54,863 INFO L290 TraceCheckUtils]: 80: Hoare triple {4876#false} ~handle := #in~handle;havoc ~retValue_acc~33; {4876#false} is VALID [2022-02-20 17:55:54,864 INFO L290 TraceCheckUtils]: 81: Hoare triple {4876#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {4876#false} is VALID [2022-02-20 17:55:54,864 INFO L290 TraceCheckUtils]: 82: Hoare triple {4876#false} assume true; {4876#false} is VALID [2022-02-20 17:55:54,864 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {4876#false} {4876#false} #959#return; {4876#false} is VALID [2022-02-20 17:55:54,864 INFO L290 TraceCheckUtils]: 84: Hoare triple {4876#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {4876#false} is VALID [2022-02-20 17:55:54,864 INFO L272 TraceCheckUtils]: 85: Hoare triple {4876#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {4876#false} is VALID [2022-02-20 17:55:54,864 INFO L290 TraceCheckUtils]: 86: Hoare triple {4876#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {4876#false} is VALID [2022-02-20 17:55:54,864 INFO L290 TraceCheckUtils]: 87: Hoare triple {4876#false} assume 1 == ~handle; {4876#false} is VALID [2022-02-20 17:55:54,865 INFO L290 TraceCheckUtils]: 88: Hoare triple {4876#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {4876#false} is VALID [2022-02-20 17:55:54,865 INFO L290 TraceCheckUtils]: 89: Hoare triple {4876#false} assume true; {4876#false} is VALID [2022-02-20 17:55:54,865 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {4876#false} {4876#false} #961#return; {4876#false} is VALID [2022-02-20 17:55:54,865 INFO L290 TraceCheckUtils]: 91: Hoare triple {4876#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {4876#false} is VALID [2022-02-20 17:55:54,865 INFO L290 TraceCheckUtils]: 92: Hoare triple {4876#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {4876#false} is VALID [2022-02-20 17:55:54,865 INFO L290 TraceCheckUtils]: 93: Hoare triple {4876#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {4876#false} is VALID [2022-02-20 17:55:54,865 INFO L290 TraceCheckUtils]: 94: Hoare triple {4876#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {4876#false} is VALID [2022-02-20 17:55:54,866 INFO L290 TraceCheckUtils]: 95: Hoare triple {4876#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {4876#false} is VALID [2022-02-20 17:55:54,866 INFO L272 TraceCheckUtils]: 96: Hoare triple {4876#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {4876#false} is VALID [2022-02-20 17:55:54,866 INFO L290 TraceCheckUtils]: 97: Hoare triple {4876#false} ~handle := #in~handle;~value := #in~value; {4876#false} is VALID [2022-02-20 17:55:54,866 INFO L290 TraceCheckUtils]: 98: Hoare triple {4876#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {4876#false} is VALID [2022-02-20 17:55:54,866 INFO L290 TraceCheckUtils]: 99: Hoare triple {4876#false} assume true; {4876#false} is VALID [2022-02-20 17:55:54,866 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {4876#false} {4876#false} #967#return; {4876#false} is VALID [2022-02-20 17:55:54,867 INFO L290 TraceCheckUtils]: 101: Hoare triple {4876#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {4876#false} is VALID [2022-02-20 17:55:54,867 INFO L290 TraceCheckUtils]: 102: Hoare triple {4876#false} assume !(-1 == ~mail_is_sensitive~0); {4876#false} is VALID [2022-02-20 17:55:54,867 INFO L272 TraceCheckUtils]: 103: Hoare triple {4876#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {4876#false} is VALID [2022-02-20 17:55:54,867 INFO L290 TraceCheckUtils]: 104: Hoare triple {4876#false} ~handle := #in~handle;havoc ~retValue_acc~36; {4876#false} is VALID [2022-02-20 17:55:54,867 INFO L290 TraceCheckUtils]: 105: Hoare triple {4876#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {4876#false} is VALID [2022-02-20 17:55:54,867 INFO L290 TraceCheckUtils]: 106: Hoare triple {4876#false} assume true; {4876#false} is VALID [2022-02-20 17:55:54,867 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {4876#false} {4876#false} #971#return; {4876#false} is VALID [2022-02-20 17:55:54,868 INFO L290 TraceCheckUtils]: 108: Hoare triple {4876#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {4876#false} is VALID [2022-02-20 17:55:54,868 INFO L290 TraceCheckUtils]: 109: Hoare triple {4876#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {4876#false} is VALID [2022-02-20 17:55:54,868 INFO L290 TraceCheckUtils]: 110: Hoare triple {4876#false} assume !false; {4876#false} is VALID [2022-02-20 17:55:54,868 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:54,868 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:54,869 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [414916625] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:54,869 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:54,869 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:55:54,869 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1404340271] [2022-02-20 17:55:54,869 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:54,870 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 111 [2022-02-20 17:55:54,870 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:54,871 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:54,934 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:54,934 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:54,934 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:54,934 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:54,935 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:54,935 INFO L87 Difference]: Start difference. First operand 342 states and 504 transitions. Second operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:55,474 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:55,474 INFO L93 Difference]: Finished difference Result 714 states and 1067 transitions. [2022-02-20 17:55:55,475 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:55,475 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 111 [2022-02-20 17:55:55,475 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:55,476 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:55,489 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1065 transitions. [2022-02-20 17:55:55,489 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:55,501 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1065 transitions. [2022-02-20 17:55:55,501 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1065 transitions. [2022-02-20 17:55:56,267 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1065 edges. 1065 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:56,283 INFO L225 Difference]: With dead ends: 714 [2022-02-20 17:55:56,283 INFO L226 Difference]: Without dead ends: 399 [2022-02-20 17:55:56,285 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 140 GetRequests, 132 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:56,286 INFO L933 BasicCegarLoop]: 527 mSDtfsCounter, 107 mSDsluCounter, 456 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 122 SdHoareTripleChecker+Valid, 983 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:56,286 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [122 Valid, 983 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:56,287 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 399 states. [2022-02-20 17:55:56,303 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 399 to 391. [2022-02-20 17:55:56,303 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:56,305 INFO L82 GeneralOperation]: Start isEquivalent. First operand 399 states. Second operand has 391 states, 303 states have (on average 1.5214521452145215) internal successors, (461), 306 states have internal predecessors, (461), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 17:55:56,306 INFO L74 IsIncluded]: Start isIncluded. First operand 399 states. Second operand has 391 states, 303 states have (on average 1.5214521452145215) internal successors, (461), 306 states have internal predecessors, (461), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 17:55:56,308 INFO L87 Difference]: Start difference. First operand 399 states. Second operand has 391 states, 303 states have (on average 1.5214521452145215) internal successors, (461), 306 states have internal predecessors, (461), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 17:55:56,324 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:56,324 INFO L93 Difference]: Finished difference Result 399 states and 597 transitions. [2022-02-20 17:55:56,324 INFO L276 IsEmpty]: Start isEmpty. Operand 399 states and 597 transitions. [2022-02-20 17:55:56,326 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:56,326 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:56,328 INFO L74 IsIncluded]: Start isIncluded. First operand has 391 states, 303 states have (on average 1.5214521452145215) internal successors, (461), 306 states have internal predecessors, (461), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) Second operand 399 states. [2022-02-20 17:55:56,329 INFO L87 Difference]: Start difference. First operand has 391 states, 303 states have (on average 1.5214521452145215) internal successors, (461), 306 states have internal predecessors, (461), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) Second operand 399 states. [2022-02-20 17:55:56,344 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:56,345 INFO L93 Difference]: Finished difference Result 399 states and 597 transitions. [2022-02-20 17:55:56,345 INFO L276 IsEmpty]: Start isEmpty. Operand 399 states and 597 transitions. [2022-02-20 17:55:56,347 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:56,347 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:56,347 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:56,347 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:56,348 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 391 states, 303 states have (on average 1.5214521452145215) internal successors, (461), 306 states have internal predecessors, (461), 64 states have call successors, (64), 23 states have call predecessors, (64), 23 states have return successors, (63), 63 states have call predecessors, (63), 63 states have call successors, (63) [2022-02-20 17:55:56,368 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 391 states to 391 states and 588 transitions. [2022-02-20 17:55:56,368 INFO L78 Accepts]: Start accepts. Automaton has 391 states and 588 transitions. Word has length 111 [2022-02-20 17:55:56,368 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:56,369 INFO L470 AbstractCegarLoop]: Abstraction has 391 states and 588 transitions. [2022-02-20 17:55:56,371 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2022-02-20 17:55:56,371 INFO L276 IsEmpty]: Start isEmpty. Operand 391 states and 588 transitions. [2022-02-20 17:55:56,378 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2022-02-20 17:55:56,378 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:56,379 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:56,410 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:56,595 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:56,596 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:56,596 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:56,596 INFO L85 PathProgramCache]: Analyzing trace with hash -875235926, now seen corresponding path program 1 times [2022-02-20 17:55:56,596 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:56,596 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [574825923] [2022-02-20 17:55:56,596 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:56,596 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:56,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:56,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {7674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,662 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,663 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7618#true} #1017#return; {7618#true} is VALID [2022-02-20 17:55:56,668 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:56,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,673 INFO L290 TraceCheckUtils]: 0: Hoare triple {7675#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,673 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,673 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,673 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7618#true} #1019#return; {7618#true} is VALID [2022-02-20 17:55:56,673 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:56,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,689 INFO L290 TraceCheckUtils]: 0: Hoare triple {7674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7676#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:56,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {7676#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7677#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:56,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {7677#(= |setClientId_#in~handle| 1)} assume true; {7677#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:56,691 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7677#(= |setClientId_#in~handle| 1)} {7628#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1021#return; {7619#false} is VALID [2022-02-20 17:55:56,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:56,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,700 INFO L290 TraceCheckUtils]: 0: Hoare triple {7675#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,700 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,700 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,701 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7619#false} #1023#return; {7619#false} is VALID [2022-02-20 17:55:56,701 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:56,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,706 INFO L290 TraceCheckUtils]: 0: Hoare triple {7674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,706 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,706 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,706 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7619#false} #1025#return; {7619#false} is VALID [2022-02-20 17:55:56,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:56,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {7675#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,711 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,711 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,711 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7619#false} #1027#return; {7619#false} is VALID [2022-02-20 17:55:56,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:55:56,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {7678#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,722 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,722 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,722 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7619#false} #1003#return; {7619#false} is VALID [2022-02-20 17:55:56,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:55:56,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,735 INFO L290 TraceCheckUtils]: 0: Hoare triple {7679#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,735 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,735 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7619#false} #1005#return; {7619#false} is VALID [2022-02-20 17:55:56,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:55:56,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,739 INFO L290 TraceCheckUtils]: 0: Hoare triple {7618#true} ~handle := #in~handle;havoc ~retValue_acc~17; {7618#true} is VALID [2022-02-20 17:55:56,739 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {7618#true} is VALID [2022-02-20 17:55:56,739 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,739 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7619#false} #957#return; {7619#false} is VALID [2022-02-20 17:55:56,739 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:55:56,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {7618#true} ~handle := #in~handle;havoc ~retValue_acc~33; {7618#true} is VALID [2022-02-20 17:55:56,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {7618#true} is VALID [2022-02-20 17:55:56,743 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,743 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7619#false} #959#return; {7619#false} is VALID [2022-02-20 17:55:56,743 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:55:56,744 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {7618#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {7618#true} is VALID [2022-02-20 17:55:56,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle; {7618#true} is VALID [2022-02-20 17:55:56,748 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {7618#true} is VALID [2022-02-20 17:55:56,748 INFO L290 TraceCheckUtils]: 3: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,748 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {7618#true} {7619#false} #961#return; {7619#false} is VALID [2022-02-20 17:55:56,749 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:55:56,750 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,752 INFO L290 TraceCheckUtils]: 0: Hoare triple {7678#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,752 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,753 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,753 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7619#false} #967#return; {7619#false} is VALID [2022-02-20 17:55:56,753 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:55:56,754 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,756 INFO L290 TraceCheckUtils]: 0: Hoare triple {7618#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7618#true} is VALID [2022-02-20 17:55:56,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {7618#true} is VALID [2022-02-20 17:55:56,757 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,757 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {7618#true} {7619#false} #971#return; {7619#false} is VALID [2022-02-20 17:55:56,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {7618#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {7618#true} is VALID [2022-02-20 17:55:56,757 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {7618#true} is VALID [2022-02-20 17:55:56,757 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7618#true} is VALID [2022-02-20 17:55:56,758 INFO L290 TraceCheckUtils]: 3: Hoare triple {7618#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {7618#true} is VALID [2022-02-20 17:55:56,758 INFO L290 TraceCheckUtils]: 4: Hoare triple {7618#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {7618#true} is VALID [2022-02-20 17:55:56,758 INFO L290 TraceCheckUtils]: 5: Hoare triple {7618#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7618#true} is VALID [2022-02-20 17:55:56,759 INFO L272 TraceCheckUtils]: 6: Hoare triple {7618#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:56,759 INFO L290 TraceCheckUtils]: 7: Hoare triple {7674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,759 INFO L290 TraceCheckUtils]: 8: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,759 INFO L290 TraceCheckUtils]: 9: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,759 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7618#true} {7618#true} #1017#return; {7618#true} is VALID [2022-02-20 17:55:56,759 INFO L290 TraceCheckUtils]: 11: Hoare triple {7618#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7618#true} is VALID [2022-02-20 17:55:56,760 INFO L272 TraceCheckUtils]: 12: Hoare triple {7618#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7675#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:56,760 INFO L290 TraceCheckUtils]: 13: Hoare triple {7675#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,760 INFO L290 TraceCheckUtils]: 14: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,761 INFO L290 TraceCheckUtils]: 15: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,761 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7618#true} {7618#true} #1019#return; {7618#true} is VALID [2022-02-20 17:55:56,761 INFO L290 TraceCheckUtils]: 17: Hoare triple {7618#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7628#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:56,762 INFO L272 TraceCheckUtils]: 18: Hoare triple {7628#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:56,762 INFO L290 TraceCheckUtils]: 19: Hoare triple {7674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7676#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:56,763 INFO L290 TraceCheckUtils]: 20: Hoare triple {7676#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7677#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:56,763 INFO L290 TraceCheckUtils]: 21: Hoare triple {7677#(= |setClientId_#in~handle| 1)} assume true; {7677#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:56,764 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7677#(= |setClientId_#in~handle| 1)} {7628#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1021#return; {7619#false} is VALID [2022-02-20 17:55:56,764 INFO L290 TraceCheckUtils]: 23: Hoare triple {7619#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7619#false} is VALID [2022-02-20 17:55:56,764 INFO L272 TraceCheckUtils]: 24: Hoare triple {7619#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7675#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:56,764 INFO L290 TraceCheckUtils]: 25: Hoare triple {7675#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,764 INFO L290 TraceCheckUtils]: 26: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,764 INFO L290 TraceCheckUtils]: 27: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,765 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7618#true} {7619#false} #1023#return; {7619#false} is VALID [2022-02-20 17:55:56,765 INFO L290 TraceCheckUtils]: 29: Hoare triple {7619#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7619#false} is VALID [2022-02-20 17:55:56,765 INFO L272 TraceCheckUtils]: 30: Hoare triple {7619#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:56,765 INFO L290 TraceCheckUtils]: 31: Hoare triple {7674#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,765 INFO L290 TraceCheckUtils]: 32: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,765 INFO L290 TraceCheckUtils]: 33: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,766 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7618#true} {7619#false} #1025#return; {7619#false} is VALID [2022-02-20 17:55:56,766 INFO L290 TraceCheckUtils]: 35: Hoare triple {7619#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7619#false} is VALID [2022-02-20 17:55:56,766 INFO L272 TraceCheckUtils]: 36: Hoare triple {7619#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7675#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:56,766 INFO L290 TraceCheckUtils]: 37: Hoare triple {7675#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,766 INFO L290 TraceCheckUtils]: 38: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,766 INFO L290 TraceCheckUtils]: 39: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,766 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7618#true} {7619#false} #1027#return; {7619#false} is VALID [2022-02-20 17:55:56,767 INFO L290 TraceCheckUtils]: 41: Hoare triple {7619#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {7619#false} is VALID [2022-02-20 17:55:56,767 INFO L290 TraceCheckUtils]: 42: Hoare triple {7619#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7619#false} is VALID [2022-02-20 17:55:56,767 INFO L290 TraceCheckUtils]: 43: Hoare triple {7619#false} assume !false; {7619#false} is VALID [2022-02-20 17:55:56,767 INFO L290 TraceCheckUtils]: 44: Hoare triple {7619#false} assume test_~splverifierCounter~0#1 < 4; {7619#false} is VALID [2022-02-20 17:55:56,767 INFO L290 TraceCheckUtils]: 45: Hoare triple {7619#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7619#false} is VALID [2022-02-20 17:55:56,767 INFO L290 TraceCheckUtils]: 46: Hoare triple {7619#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {7619#false} is VALID [2022-02-20 17:55:56,768 INFO L290 TraceCheckUtils]: 47: Hoare triple {7619#false} assume !(0 != test_~tmp___9~0#1); {7619#false} is VALID [2022-02-20 17:55:56,768 INFO L290 TraceCheckUtils]: 48: Hoare triple {7619#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {7619#false} is VALID [2022-02-20 17:55:56,768 INFO L290 TraceCheckUtils]: 49: Hoare triple {7619#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {7619#false} is VALID [2022-02-20 17:55:56,768 INFO L290 TraceCheckUtils]: 50: Hoare triple {7619#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {7619#false} is VALID [2022-02-20 17:55:56,768 INFO L290 TraceCheckUtils]: 51: Hoare triple {7619#false} assume { :end_inline_setClientAutoResponse } true; {7619#false} is VALID [2022-02-20 17:55:56,768 INFO L290 TraceCheckUtils]: 52: Hoare triple {7619#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {7619#false} is VALID [2022-02-20 17:55:56,768 INFO L290 TraceCheckUtils]: 53: Hoare triple {7619#false} assume !false; {7619#false} is VALID [2022-02-20 17:55:56,769 INFO L290 TraceCheckUtils]: 54: Hoare triple {7619#false} assume !(test_~splverifierCounter~0#1 < 4); {7619#false} is VALID [2022-02-20 17:55:56,769 INFO L290 TraceCheckUtils]: 55: Hoare triple {7619#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {7619#false} is VALID [2022-02-20 17:55:56,769 INFO L272 TraceCheckUtils]: 56: Hoare triple {7619#false} call sendEmail(~bob~0, ~rjh~0); {7619#false} is VALID [2022-02-20 17:55:56,769 INFO L290 TraceCheckUtils]: 57: Hoare triple {7619#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7619#false} is VALID [2022-02-20 17:55:56,769 INFO L272 TraceCheckUtils]: 58: Hoare triple {7619#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7678#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:56,769 INFO L290 TraceCheckUtils]: 59: Hoare triple {7678#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,769 INFO L290 TraceCheckUtils]: 60: Hoare triple {7618#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,770 INFO L290 TraceCheckUtils]: 61: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,770 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {7618#true} {7619#false} #1003#return; {7619#false} is VALID [2022-02-20 17:55:56,770 INFO L272 TraceCheckUtils]: 63: Hoare triple {7619#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7679#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:56,770 INFO L290 TraceCheckUtils]: 64: Hoare triple {7679#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,770 INFO L290 TraceCheckUtils]: 65: Hoare triple {7618#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,770 INFO L290 TraceCheckUtils]: 66: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,770 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {7618#true} {7619#false} #1005#return; {7619#false} is VALID [2022-02-20 17:55:56,771 INFO L290 TraceCheckUtils]: 68: Hoare triple {7619#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {7619#false} is VALID [2022-02-20 17:55:56,771 INFO L290 TraceCheckUtils]: 69: Hoare triple {7619#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {7619#false} is VALID [2022-02-20 17:55:56,771 INFO L272 TraceCheckUtils]: 70: Hoare triple {7619#false} call outgoing(~sender#1, ~email~0#1); {7619#false} is VALID [2022-02-20 17:55:56,771 INFO L290 TraceCheckUtils]: 71: Hoare triple {7619#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {7619#false} is VALID [2022-02-20 17:55:56,771 INFO L272 TraceCheckUtils]: 72: Hoare triple {7619#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {7618#true} is VALID [2022-02-20 17:55:56,771 INFO L290 TraceCheckUtils]: 73: Hoare triple {7618#true} ~handle := #in~handle;havoc ~retValue_acc~17; {7618#true} is VALID [2022-02-20 17:55:56,772 INFO L290 TraceCheckUtils]: 74: Hoare triple {7618#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {7618#true} is VALID [2022-02-20 17:55:56,772 INFO L290 TraceCheckUtils]: 75: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,772 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {7618#true} {7619#false} #957#return; {7619#false} is VALID [2022-02-20 17:55:56,772 INFO L290 TraceCheckUtils]: 77: Hoare triple {7619#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {7619#false} is VALID [2022-02-20 17:55:56,772 INFO L290 TraceCheckUtils]: 78: Hoare triple {7619#false} assume 0 == sign_~privkey~1#1; {7619#false} is VALID [2022-02-20 17:55:56,772 INFO L290 TraceCheckUtils]: 79: Hoare triple {7619#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {7619#false} is VALID [2022-02-20 17:55:56,772 INFO L272 TraceCheckUtils]: 80: Hoare triple {7619#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {7618#true} is VALID [2022-02-20 17:55:56,773 INFO L290 TraceCheckUtils]: 81: Hoare triple {7618#true} ~handle := #in~handle;havoc ~retValue_acc~33; {7618#true} is VALID [2022-02-20 17:55:56,773 INFO L290 TraceCheckUtils]: 82: Hoare triple {7618#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {7618#true} is VALID [2022-02-20 17:55:56,773 INFO L290 TraceCheckUtils]: 83: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,773 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {7618#true} {7619#false} #959#return; {7619#false} is VALID [2022-02-20 17:55:56,773 INFO L290 TraceCheckUtils]: 85: Hoare triple {7619#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {7619#false} is VALID [2022-02-20 17:55:56,773 INFO L272 TraceCheckUtils]: 86: Hoare triple {7619#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {7618#true} is VALID [2022-02-20 17:55:56,773 INFO L290 TraceCheckUtils]: 87: Hoare triple {7618#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {7618#true} is VALID [2022-02-20 17:55:56,774 INFO L290 TraceCheckUtils]: 88: Hoare triple {7618#true} assume 1 == ~handle; {7618#true} is VALID [2022-02-20 17:55:56,774 INFO L290 TraceCheckUtils]: 89: Hoare triple {7618#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {7618#true} is VALID [2022-02-20 17:55:56,774 INFO L290 TraceCheckUtils]: 90: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,774 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7618#true} {7619#false} #961#return; {7619#false} is VALID [2022-02-20 17:55:56,774 INFO L290 TraceCheckUtils]: 92: Hoare triple {7619#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {7619#false} is VALID [2022-02-20 17:55:56,774 INFO L290 TraceCheckUtils]: 93: Hoare triple {7619#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {7619#false} is VALID [2022-02-20 17:55:56,774 INFO L290 TraceCheckUtils]: 94: Hoare triple {7619#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {7619#false} is VALID [2022-02-20 17:55:56,775 INFO L290 TraceCheckUtils]: 95: Hoare triple {7619#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {7619#false} is VALID [2022-02-20 17:55:56,775 INFO L290 TraceCheckUtils]: 96: Hoare triple {7619#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {7619#false} is VALID [2022-02-20 17:55:56,775 INFO L272 TraceCheckUtils]: 97: Hoare triple {7619#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {7678#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:56,775 INFO L290 TraceCheckUtils]: 98: Hoare triple {7678#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:56,775 INFO L290 TraceCheckUtils]: 99: Hoare triple {7618#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:56,775 INFO L290 TraceCheckUtils]: 100: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,775 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {7618#true} {7619#false} #967#return; {7619#false} is VALID [2022-02-20 17:55:56,776 INFO L290 TraceCheckUtils]: 102: Hoare triple {7619#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {7619#false} is VALID [2022-02-20 17:55:56,776 INFO L290 TraceCheckUtils]: 103: Hoare triple {7619#false} assume !(-1 == ~mail_is_sensitive~0); {7619#false} is VALID [2022-02-20 17:55:56,776 INFO L272 TraceCheckUtils]: 104: Hoare triple {7619#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {7618#true} is VALID [2022-02-20 17:55:56,776 INFO L290 TraceCheckUtils]: 105: Hoare triple {7618#true} ~handle := #in~handle;havoc ~retValue_acc~36; {7618#true} is VALID [2022-02-20 17:55:56,776 INFO L290 TraceCheckUtils]: 106: Hoare triple {7618#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {7618#true} is VALID [2022-02-20 17:55:56,776 INFO L290 TraceCheckUtils]: 107: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:56,777 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {7618#true} {7619#false} #971#return; {7619#false} is VALID [2022-02-20 17:55:56,777 INFO L290 TraceCheckUtils]: 109: Hoare triple {7619#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {7619#false} is VALID [2022-02-20 17:55:56,777 INFO L290 TraceCheckUtils]: 110: Hoare triple {7619#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {7619#false} is VALID [2022-02-20 17:55:56,777 INFO L290 TraceCheckUtils]: 111: Hoare triple {7619#false} assume !false; {7619#false} is VALID [2022-02-20 17:55:56,777 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:56,778 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:56,778 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [574825923] [2022-02-20 17:55:56,778 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [574825923] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:56,778 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1323483600] [2022-02-20 17:55:56,778 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:56,778 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:56,779 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:56,780 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:56,790 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:55:57,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,049 INFO L263 TraceCheckSpWp]: Trace formula consists of 1086 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:55:57,097 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,100 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:57,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {7618#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {7618#true} is VALID [2022-02-20 17:55:57,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {7618#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {7618#true} is VALID [2022-02-20 17:55:57,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {7618#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7618#true} is VALID [2022-02-20 17:55:57,449 INFO L290 TraceCheckUtils]: 3: Hoare triple {7618#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {7618#true} is VALID [2022-02-20 17:55:57,449 INFO L290 TraceCheckUtils]: 4: Hoare triple {7618#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 5: Hoare triple {7618#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L272 TraceCheckUtils]: 6: Hoare triple {7618#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 7: Hoare triple {7618#true} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 8: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 9: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {7618#true} {7618#true} #1017#return; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 11: Hoare triple {7618#true} assume { :end_inline_setup_bob__wrappee__Base } true; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L272 TraceCheckUtils]: 12: Hoare triple {7618#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 13: Hoare triple {7618#true} ~handle := #in~handle;~value := #in~value; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 14: Hoare triple {7618#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 15: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 17:55:57,450 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7618#true} {7618#true} #1019#return; {7618#true} is VALID [2022-02-20 17:55:57,456 INFO L290 TraceCheckUtils]: 17: Hoare triple {7618#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {7734#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:55:57,456 INFO L272 TraceCheckUtils]: 18: Hoare triple {7734#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {7618#true} is VALID [2022-02-20 17:55:57,456 INFO L290 TraceCheckUtils]: 19: Hoare triple {7618#true} ~handle := #in~handle;~value := #in~value; {7741#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:55:57,457 INFO L290 TraceCheckUtils]: 20: Hoare triple {7741#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7745#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:57,457 INFO L290 TraceCheckUtils]: 21: Hoare triple {7745#(<= |setClientId_#in~handle| 1)} assume true; {7745#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:57,458 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {7745#(<= |setClientId_#in~handle| 1)} {7734#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1021#return; {7619#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 23: Hoare triple {7619#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {7619#false} is VALID [2022-02-20 17:55:57,458 INFO L272 TraceCheckUtils]: 24: Hoare triple {7619#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {7619#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 25: Hoare triple {7619#false} ~handle := #in~handle;~value := #in~value; {7619#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 26: Hoare triple {7619#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7619#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 27: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,458 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {7619#false} {7619#false} #1023#return; {7619#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 29: Hoare triple {7619#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {7619#false} is VALID [2022-02-20 17:55:57,458 INFO L272 TraceCheckUtils]: 30: Hoare triple {7619#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {7619#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 31: Hoare triple {7619#false} ~handle := #in~handle;~value := #in~value; {7619#false} is VALID [2022-02-20 17:55:57,459 INFO L290 TraceCheckUtils]: 32: Hoare triple {7619#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {7619#false} is VALID [2022-02-20 17:55:57,459 INFO L290 TraceCheckUtils]: 33: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,459 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7619#false} {7619#false} #1025#return; {7619#false} is VALID [2022-02-20 17:55:57,459 INFO L290 TraceCheckUtils]: 35: Hoare triple {7619#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {7619#false} is VALID [2022-02-20 17:55:57,459 INFO L272 TraceCheckUtils]: 36: Hoare triple {7619#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {7619#false} is VALID [2022-02-20 17:55:57,459 INFO L290 TraceCheckUtils]: 37: Hoare triple {7619#false} ~handle := #in~handle;~value := #in~value; {7619#false} is VALID [2022-02-20 17:55:57,459 INFO L290 TraceCheckUtils]: 38: Hoare triple {7619#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {7619#false} is VALID [2022-02-20 17:55:57,459 INFO L290 TraceCheckUtils]: 39: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,459 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {7619#false} {7619#false} #1027#return; {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 41: Hoare triple {7619#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 42: Hoare triple {7619#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 43: Hoare triple {7619#false} assume !false; {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 44: Hoare triple {7619#false} assume test_~splverifierCounter~0#1 < 4; {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 45: Hoare triple {7619#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 46: Hoare triple {7619#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 47: Hoare triple {7619#false} assume !(0 != test_~tmp___9~0#1); {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 48: Hoare triple {7619#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 49: Hoare triple {7619#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {7619#false} is VALID [2022-02-20 17:55:57,460 INFO L290 TraceCheckUtils]: 50: Hoare triple {7619#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L290 TraceCheckUtils]: 51: Hoare triple {7619#false} assume { :end_inline_setClientAutoResponse } true; {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L290 TraceCheckUtils]: 52: Hoare triple {7619#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L290 TraceCheckUtils]: 53: Hoare triple {7619#false} assume !false; {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L290 TraceCheckUtils]: 54: Hoare triple {7619#false} assume !(test_~splverifierCounter~0#1 < 4); {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L290 TraceCheckUtils]: 55: Hoare triple {7619#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L272 TraceCheckUtils]: 56: Hoare triple {7619#false} call sendEmail(~bob~0, ~rjh~0); {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L290 TraceCheckUtils]: 57: Hoare triple {7619#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L272 TraceCheckUtils]: 58: Hoare triple {7619#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L290 TraceCheckUtils]: 59: Hoare triple {7619#false} ~handle := #in~handle;~value := #in~value; {7619#false} is VALID [2022-02-20 17:55:57,461 INFO L290 TraceCheckUtils]: 60: Hoare triple {7619#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L290 TraceCheckUtils]: 61: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {7619#false} {7619#false} #1003#return; {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L272 TraceCheckUtils]: 63: Hoare triple {7619#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L290 TraceCheckUtils]: 64: Hoare triple {7619#false} ~handle := #in~handle;~value := #in~value; {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L290 TraceCheckUtils]: 65: Hoare triple {7619#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L290 TraceCheckUtils]: 66: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {7619#false} {7619#false} #1005#return; {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L290 TraceCheckUtils]: 68: Hoare triple {7619#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L290 TraceCheckUtils]: 69: Hoare triple {7619#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {7619#false} is VALID [2022-02-20 17:55:57,462 INFO L272 TraceCheckUtils]: 70: Hoare triple {7619#false} call outgoing(~sender#1, ~email~0#1); {7619#false} is VALID [2022-02-20 17:55:57,463 INFO L290 TraceCheckUtils]: 71: Hoare triple {7619#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {7619#false} is VALID [2022-02-20 17:55:57,463 INFO L272 TraceCheckUtils]: 72: Hoare triple {7619#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {7619#false} is VALID [2022-02-20 17:55:57,463 INFO L290 TraceCheckUtils]: 73: Hoare triple {7619#false} ~handle := #in~handle;havoc ~retValue_acc~17; {7619#false} is VALID [2022-02-20 17:55:57,463 INFO L290 TraceCheckUtils]: 74: Hoare triple {7619#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {7619#false} is VALID [2022-02-20 17:55:57,463 INFO L290 TraceCheckUtils]: 75: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,463 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {7619#false} {7619#false} #957#return; {7619#false} is VALID [2022-02-20 17:55:57,471 INFO L290 TraceCheckUtils]: 77: Hoare triple {7619#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {7619#false} is VALID [2022-02-20 17:55:57,471 INFO L290 TraceCheckUtils]: 78: Hoare triple {7619#false} assume 0 == sign_~privkey~1#1; {7619#false} is VALID [2022-02-20 17:55:57,471 INFO L290 TraceCheckUtils]: 79: Hoare triple {7619#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {7619#false} is VALID [2022-02-20 17:55:57,472 INFO L272 TraceCheckUtils]: 80: Hoare triple {7619#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {7619#false} is VALID [2022-02-20 17:55:57,472 INFO L290 TraceCheckUtils]: 81: Hoare triple {7619#false} ~handle := #in~handle;havoc ~retValue_acc~33; {7619#false} is VALID [2022-02-20 17:55:57,472 INFO L290 TraceCheckUtils]: 82: Hoare triple {7619#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {7619#false} is VALID [2022-02-20 17:55:57,472 INFO L290 TraceCheckUtils]: 83: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,472 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {7619#false} {7619#false} #959#return; {7619#false} is VALID [2022-02-20 17:55:57,472 INFO L290 TraceCheckUtils]: 85: Hoare triple {7619#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {7619#false} is VALID [2022-02-20 17:55:57,473 INFO L272 TraceCheckUtils]: 86: Hoare triple {7619#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {7619#false} is VALID [2022-02-20 17:55:57,473 INFO L290 TraceCheckUtils]: 87: Hoare triple {7619#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {7619#false} is VALID [2022-02-20 17:55:57,473 INFO L290 TraceCheckUtils]: 88: Hoare triple {7619#false} assume 1 == ~handle; {7619#false} is VALID [2022-02-20 17:55:57,473 INFO L290 TraceCheckUtils]: 89: Hoare triple {7619#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {7619#false} is VALID [2022-02-20 17:55:57,473 INFO L290 TraceCheckUtils]: 90: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,473 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {7619#false} {7619#false} #961#return; {7619#false} is VALID [2022-02-20 17:55:57,474 INFO L290 TraceCheckUtils]: 92: Hoare triple {7619#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {7619#false} is VALID [2022-02-20 17:55:57,474 INFO L290 TraceCheckUtils]: 93: Hoare triple {7619#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {7619#false} is VALID [2022-02-20 17:55:57,474 INFO L290 TraceCheckUtils]: 94: Hoare triple {7619#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {7619#false} is VALID [2022-02-20 17:55:57,474 INFO L290 TraceCheckUtils]: 95: Hoare triple {7619#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {7619#false} is VALID [2022-02-20 17:55:57,474 INFO L290 TraceCheckUtils]: 96: Hoare triple {7619#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {7619#false} is VALID [2022-02-20 17:55:57,474 INFO L272 TraceCheckUtils]: 97: Hoare triple {7619#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {7619#false} is VALID [2022-02-20 17:55:57,474 INFO L290 TraceCheckUtils]: 98: Hoare triple {7619#false} ~handle := #in~handle;~value := #in~value; {7619#false} is VALID [2022-02-20 17:55:57,475 INFO L290 TraceCheckUtils]: 99: Hoare triple {7619#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {7619#false} is VALID [2022-02-20 17:55:57,475 INFO L290 TraceCheckUtils]: 100: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,475 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {7619#false} {7619#false} #967#return; {7619#false} is VALID [2022-02-20 17:55:57,475 INFO L290 TraceCheckUtils]: 102: Hoare triple {7619#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {7619#false} is VALID [2022-02-20 17:55:57,475 INFO L290 TraceCheckUtils]: 103: Hoare triple {7619#false} assume !(-1 == ~mail_is_sensitive~0); {7619#false} is VALID [2022-02-20 17:55:57,475 INFO L272 TraceCheckUtils]: 104: Hoare triple {7619#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {7619#false} is VALID [2022-02-20 17:55:57,476 INFO L290 TraceCheckUtils]: 105: Hoare triple {7619#false} ~handle := #in~handle;havoc ~retValue_acc~36; {7619#false} is VALID [2022-02-20 17:55:57,476 INFO L290 TraceCheckUtils]: 106: Hoare triple {7619#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {7619#false} is VALID [2022-02-20 17:55:57,476 INFO L290 TraceCheckUtils]: 107: Hoare triple {7619#false} assume true; {7619#false} is VALID [2022-02-20 17:55:57,476 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {7619#false} {7619#false} #971#return; {7619#false} is VALID [2022-02-20 17:55:57,476 INFO L290 TraceCheckUtils]: 109: Hoare triple {7619#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {7619#false} is VALID [2022-02-20 17:55:57,476 INFO L290 TraceCheckUtils]: 110: Hoare triple {7619#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {7619#false} is VALID [2022-02-20 17:55:57,476 INFO L290 TraceCheckUtils]: 111: Hoare triple {7619#false} assume !false; {7619#false} is VALID [2022-02-20 17:55:57,477 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:55:57,477 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:57,478 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1323483600] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:57,478 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:57,478 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:55:57,478 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [142964316] [2022-02-20 17:55:57,478 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:57,480 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 17:55:57,480 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:57,480 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:55:57,551 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:57,552 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:55:57,552 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:57,553 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:55:57,553 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:55:57,554 INFO L87 Difference]: Start difference. First operand 391 states and 588 transitions. Second operand has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:55:58,538 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:58,538 INFO L93 Difference]: Finished difference Result 773 states and 1166 transitions. [2022-02-20 17:55:58,538 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:55:58,539 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 112 [2022-02-20 17:55:58,539 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:58,539 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:55:58,549 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 994 transitions. [2022-02-20 17:55:58,550 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:55:58,559 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 994 transitions. [2022-02-20 17:55:58,559 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 994 transitions. [2022-02-20 17:55:59,208 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 994 edges. 994 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:59,223 INFO L225 Difference]: With dead ends: 773 [2022-02-20 17:55:59,223 INFO L226 Difference]: Without dead ends: 393 [2022-02-20 17:55:59,224 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 142 GetRequests, 131 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:55:59,225 INFO L933 BasicCegarLoop]: 493 mSDtfsCounter, 125 mSDsluCounter, 1335 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 145 SdHoareTripleChecker+Valid, 1828 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:59,226 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [145 Valid, 1828 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:59,226 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 393 states. [2022-02-20 17:55:59,277 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 393 to 393. [2022-02-20 17:55:59,277 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:59,279 INFO L82 GeneralOperation]: Start isEquivalent. First operand 393 states. Second operand has 393 states, 304 states have (on average 1.519736842105263) internal successors, (462), 308 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 17:55:59,280 INFO L74 IsIncluded]: Start isIncluded. First operand 393 states. Second operand has 393 states, 304 states have (on average 1.519736842105263) internal successors, (462), 308 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 17:55:59,281 INFO L87 Difference]: Start difference. First operand 393 states. Second operand has 393 states, 304 states have (on average 1.519736842105263) internal successors, (462), 308 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 17:55:59,294 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:59,294 INFO L93 Difference]: Finished difference Result 393 states and 591 transitions. [2022-02-20 17:55:59,294 INFO L276 IsEmpty]: Start isEmpty. Operand 393 states and 591 transitions. [2022-02-20 17:55:59,295 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:59,296 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:59,297 INFO L74 IsIncluded]: Start isIncluded. First operand has 393 states, 304 states have (on average 1.519736842105263) internal successors, (462), 308 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) Second operand 393 states. [2022-02-20 17:55:59,298 INFO L87 Difference]: Start difference. First operand has 393 states, 304 states have (on average 1.519736842105263) internal successors, (462), 308 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) Second operand 393 states. [2022-02-20 17:55:59,311 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:59,311 INFO L93 Difference]: Finished difference Result 393 states and 591 transitions. [2022-02-20 17:55:59,311 INFO L276 IsEmpty]: Start isEmpty. Operand 393 states and 591 transitions. [2022-02-20 17:55:59,313 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:59,313 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:59,313 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:59,313 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:59,314 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 393 states, 304 states have (on average 1.519736842105263) internal successors, (462), 308 states have internal predecessors, (462), 64 states have call successors, (64), 23 states have call predecessors, (64), 24 states have return successors, (65), 63 states have call predecessors, (65), 63 states have call successors, (65) [2022-02-20 17:55:59,329 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 393 states to 393 states and 591 transitions. [2022-02-20 17:55:59,329 INFO L78 Accepts]: Start accepts. Automaton has 393 states and 591 transitions. Word has length 112 [2022-02-20 17:55:59,329 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:59,329 INFO L470 AbstractCegarLoop]: Abstraction has 393 states and 591 transitions. [2022-02-20 17:55:59,330 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 19.25) internal successors, (77), 5 states have internal predecessors, (77), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:55:59,330 INFO L276 IsEmpty]: Start isEmpty. Operand 393 states and 591 transitions. [2022-02-20 17:55:59,332 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 114 [2022-02-20 17:55:59,332 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:59,332 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:59,356 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:59,547 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:59,547 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:59,548 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:59,548 INFO L85 PathProgramCache]: Analyzing trace with hash 1490413496, now seen corresponding path program 1 times [2022-02-20 17:55:59,548 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:59,548 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1858234039] [2022-02-20 17:55:59,548 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:59,548 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:59,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:59,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {10508#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,620 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,620 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10450#true} #1017#return; {10450#true} is VALID [2022-02-20 17:55:59,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:59,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {10509#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,631 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10450#true} #1019#return; {10450#true} is VALID [2022-02-20 17:55:59,631 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:59,633 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,648 INFO L290 TraceCheckUtils]: 0: Hoare triple {10508#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10510#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,648 INFO L290 TraceCheckUtils]: 1: Hoare triple {10510#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10510#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,648 INFO L290 TraceCheckUtils]: 2: Hoare triple {10510#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10511#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,649 INFO L290 TraceCheckUtils]: 3: Hoare triple {10511#(= 2 |setClientId_#in~handle|)} assume true; {10511#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,649 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10511#(= 2 |setClientId_#in~handle|)} {10460#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1021#return; {10466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:59,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:55:59,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,668 INFO L290 TraceCheckUtils]: 0: Hoare triple {10509#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10512#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:59,669 INFO L290 TraceCheckUtils]: 1: Hoare triple {10512#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10513#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:59,669 INFO L290 TraceCheckUtils]: 2: Hoare triple {10513#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10513#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:59,670 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10513#(= |setClientPrivateKey_#in~handle| 1)} {10466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1023#return; {10451#false} is VALID [2022-02-20 17:55:59,670 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:55:59,672 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {10508#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,674 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10451#false} #1025#return; {10451#false} is VALID [2022-02-20 17:55:59,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:55:59,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {10509#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,678 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,678 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,678 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10451#false} #1027#return; {10451#false} is VALID [2022-02-20 17:55:59,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:55:59,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,690 INFO L290 TraceCheckUtils]: 0: Hoare triple {10514#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,691 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10451#false} #1003#return; {10451#false} is VALID [2022-02-20 17:55:59,700 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:55:59,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {10515#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,703 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,703 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,704 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10451#false} #1005#return; {10451#false} is VALID [2022-02-20 17:55:59,704 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:55:59,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,706 INFO L290 TraceCheckUtils]: 0: Hoare triple {10450#true} ~handle := #in~handle;havoc ~retValue_acc~17; {10450#true} is VALID [2022-02-20 17:55:59,706 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {10450#true} is VALID [2022-02-20 17:55:59,706 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,707 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10451#false} #957#return; {10451#false} is VALID [2022-02-20 17:55:59,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:55:59,708 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,709 INFO L290 TraceCheckUtils]: 0: Hoare triple {10450#true} ~handle := #in~handle;havoc ~retValue_acc~33; {10450#true} is VALID [2022-02-20 17:55:59,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10450#true} is VALID [2022-02-20 17:55:59,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,710 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10451#false} #959#return; {10451#false} is VALID [2022-02-20 17:55:59,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:55:59,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {10450#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {10450#true} is VALID [2022-02-20 17:55:59,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle; {10450#true} is VALID [2022-02-20 17:55:59,713 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {10450#true} is VALID [2022-02-20 17:55:59,713 INFO L290 TraceCheckUtils]: 3: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,713 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10450#true} {10451#false} #961#return; {10451#false} is VALID [2022-02-20 17:55:59,713 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:55:59,714 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,716 INFO L290 TraceCheckUtils]: 0: Hoare triple {10514#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,716 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,716 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,717 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10451#false} #967#return; {10451#false} is VALID [2022-02-20 17:55:59,717 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:55:59,718 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,719 INFO L290 TraceCheckUtils]: 0: Hoare triple {10450#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10450#true} is VALID [2022-02-20 17:55:59,720 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {10450#true} is VALID [2022-02-20 17:55:59,720 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,720 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10450#true} {10451#false} #971#return; {10451#false} is VALID [2022-02-20 17:55:59,720 INFO L290 TraceCheckUtils]: 0: Hoare triple {10450#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {10450#true} is VALID [2022-02-20 17:55:59,720 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {10450#true} is VALID [2022-02-20 17:55:59,720 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10450#true} is VALID [2022-02-20 17:55:59,720 INFO L290 TraceCheckUtils]: 3: Hoare triple {10450#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {10450#true} is VALID [2022-02-20 17:55:59,720 INFO L290 TraceCheckUtils]: 4: Hoare triple {10450#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {10450#true} is VALID [2022-02-20 17:55:59,720 INFO L290 TraceCheckUtils]: 5: Hoare triple {10450#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10450#true} is VALID [2022-02-20 17:55:59,721 INFO L272 TraceCheckUtils]: 6: Hoare triple {10450#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10508#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:59,721 INFO L290 TraceCheckUtils]: 7: Hoare triple {10508#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,721 INFO L290 TraceCheckUtils]: 8: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,721 INFO L290 TraceCheckUtils]: 9: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,722 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10450#true} {10450#true} #1017#return; {10450#true} is VALID [2022-02-20 17:55:59,722 INFO L290 TraceCheckUtils]: 11: Hoare triple {10450#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10450#true} is VALID [2022-02-20 17:55:59,722 INFO L272 TraceCheckUtils]: 12: Hoare triple {10450#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10509#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:59,722 INFO L290 TraceCheckUtils]: 13: Hoare triple {10509#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,723 INFO L290 TraceCheckUtils]: 14: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,723 INFO L290 TraceCheckUtils]: 15: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,723 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10450#true} {10450#true} #1019#return; {10450#true} is VALID [2022-02-20 17:55:59,723 INFO L290 TraceCheckUtils]: 17: Hoare triple {10450#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10460#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:55:59,724 INFO L272 TraceCheckUtils]: 18: Hoare triple {10460#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10508#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:59,724 INFO L290 TraceCheckUtils]: 19: Hoare triple {10508#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10510#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,725 INFO L290 TraceCheckUtils]: 20: Hoare triple {10510#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {10510#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,725 INFO L290 TraceCheckUtils]: 21: Hoare triple {10510#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10511#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,725 INFO L290 TraceCheckUtils]: 22: Hoare triple {10511#(= 2 |setClientId_#in~handle|)} assume true; {10511#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,726 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10511#(= 2 |setClientId_#in~handle|)} {10460#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1021#return; {10466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:59,726 INFO L290 TraceCheckUtils]: 24: Hoare triple {10466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {10466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:55:59,727 INFO L272 TraceCheckUtils]: 25: Hoare triple {10466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10509#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:59,727 INFO L290 TraceCheckUtils]: 26: Hoare triple {10509#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10512#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:55:59,728 INFO L290 TraceCheckUtils]: 27: Hoare triple {10512#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10513#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:59,728 INFO L290 TraceCheckUtils]: 28: Hoare triple {10513#(= |setClientPrivateKey_#in~handle| 1)} assume true; {10513#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:55:59,729 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10513#(= |setClientPrivateKey_#in~handle| 1)} {10466#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1023#return; {10451#false} is VALID [2022-02-20 17:55:59,729 INFO L290 TraceCheckUtils]: 30: Hoare triple {10451#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10451#false} is VALID [2022-02-20 17:55:59,729 INFO L272 TraceCheckUtils]: 31: Hoare triple {10451#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10508#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:59,729 INFO L290 TraceCheckUtils]: 32: Hoare triple {10508#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,729 INFO L290 TraceCheckUtils]: 33: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,729 INFO L290 TraceCheckUtils]: 34: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,729 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10450#true} {10451#false} #1025#return; {10451#false} is VALID [2022-02-20 17:55:59,729 INFO L290 TraceCheckUtils]: 36: Hoare triple {10451#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10451#false} is VALID [2022-02-20 17:55:59,729 INFO L272 TraceCheckUtils]: 37: Hoare triple {10451#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10509#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:59,730 INFO L290 TraceCheckUtils]: 38: Hoare triple {10509#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,730 INFO L290 TraceCheckUtils]: 39: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,730 INFO L290 TraceCheckUtils]: 40: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,730 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10450#true} {10451#false} #1027#return; {10451#false} is VALID [2022-02-20 17:55:59,730 INFO L290 TraceCheckUtils]: 42: Hoare triple {10451#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {10451#false} is VALID [2022-02-20 17:55:59,730 INFO L290 TraceCheckUtils]: 43: Hoare triple {10451#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10451#false} is VALID [2022-02-20 17:55:59,730 INFO L290 TraceCheckUtils]: 44: Hoare triple {10451#false} assume !false; {10451#false} is VALID [2022-02-20 17:55:59,730 INFO L290 TraceCheckUtils]: 45: Hoare triple {10451#false} assume test_~splverifierCounter~0#1 < 4; {10451#false} is VALID [2022-02-20 17:55:59,730 INFO L290 TraceCheckUtils]: 46: Hoare triple {10451#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 47: Hoare triple {10451#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 48: Hoare triple {10451#false} assume !(0 != test_~tmp___9~0#1); {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 49: Hoare triple {10451#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 50: Hoare triple {10451#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 51: Hoare triple {10451#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 52: Hoare triple {10451#false} assume { :end_inline_setClientAutoResponse } true; {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 53: Hoare triple {10451#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 54: Hoare triple {10451#false} assume !false; {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 55: Hoare triple {10451#false} assume !(test_~splverifierCounter~0#1 < 4); {10451#false} is VALID [2022-02-20 17:55:59,731 INFO L290 TraceCheckUtils]: 56: Hoare triple {10451#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {10451#false} is VALID [2022-02-20 17:55:59,732 INFO L272 TraceCheckUtils]: 57: Hoare triple {10451#false} call sendEmail(~bob~0, ~rjh~0); {10451#false} is VALID [2022-02-20 17:55:59,732 INFO L290 TraceCheckUtils]: 58: Hoare triple {10451#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10451#false} is VALID [2022-02-20 17:55:59,732 INFO L272 TraceCheckUtils]: 59: Hoare triple {10451#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10514#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:59,732 INFO L290 TraceCheckUtils]: 60: Hoare triple {10514#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,732 INFO L290 TraceCheckUtils]: 61: Hoare triple {10450#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,732 INFO L290 TraceCheckUtils]: 62: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,732 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {10450#true} {10451#false} #1003#return; {10451#false} is VALID [2022-02-20 17:55:59,732 INFO L272 TraceCheckUtils]: 64: Hoare triple {10451#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10515#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:59,732 INFO L290 TraceCheckUtils]: 65: Hoare triple {10515#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,732 INFO L290 TraceCheckUtils]: 66: Hoare triple {10450#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,733 INFO L290 TraceCheckUtils]: 67: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,733 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {10450#true} {10451#false} #1005#return; {10451#false} is VALID [2022-02-20 17:55:59,733 INFO L290 TraceCheckUtils]: 69: Hoare triple {10451#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {10451#false} is VALID [2022-02-20 17:55:59,733 INFO L290 TraceCheckUtils]: 70: Hoare triple {10451#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {10451#false} is VALID [2022-02-20 17:55:59,733 INFO L272 TraceCheckUtils]: 71: Hoare triple {10451#false} call outgoing(~sender#1, ~email~0#1); {10451#false} is VALID [2022-02-20 17:55:59,733 INFO L290 TraceCheckUtils]: 72: Hoare triple {10451#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {10451#false} is VALID [2022-02-20 17:55:59,733 INFO L272 TraceCheckUtils]: 73: Hoare triple {10451#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {10450#true} is VALID [2022-02-20 17:55:59,733 INFO L290 TraceCheckUtils]: 74: Hoare triple {10450#true} ~handle := #in~handle;havoc ~retValue_acc~17; {10450#true} is VALID [2022-02-20 17:55:59,733 INFO L290 TraceCheckUtils]: 75: Hoare triple {10450#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {10450#true} is VALID [2022-02-20 17:55:59,734 INFO L290 TraceCheckUtils]: 76: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,734 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {10450#true} {10451#false} #957#return; {10451#false} is VALID [2022-02-20 17:55:59,734 INFO L290 TraceCheckUtils]: 78: Hoare triple {10451#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {10451#false} is VALID [2022-02-20 17:55:59,734 INFO L290 TraceCheckUtils]: 79: Hoare triple {10451#false} assume 0 == sign_~privkey~1#1; {10451#false} is VALID [2022-02-20 17:55:59,734 INFO L290 TraceCheckUtils]: 80: Hoare triple {10451#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {10451#false} is VALID [2022-02-20 17:55:59,734 INFO L272 TraceCheckUtils]: 81: Hoare triple {10451#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {10450#true} is VALID [2022-02-20 17:55:59,734 INFO L290 TraceCheckUtils]: 82: Hoare triple {10450#true} ~handle := #in~handle;havoc ~retValue_acc~33; {10450#true} is VALID [2022-02-20 17:55:59,734 INFO L290 TraceCheckUtils]: 83: Hoare triple {10450#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10450#true} is VALID [2022-02-20 17:55:59,734 INFO L290 TraceCheckUtils]: 84: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,734 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {10450#true} {10451#false} #959#return; {10451#false} is VALID [2022-02-20 17:55:59,735 INFO L290 TraceCheckUtils]: 86: Hoare triple {10451#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {10451#false} is VALID [2022-02-20 17:55:59,735 INFO L272 TraceCheckUtils]: 87: Hoare triple {10451#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {10450#true} is VALID [2022-02-20 17:55:59,735 INFO L290 TraceCheckUtils]: 88: Hoare triple {10450#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {10450#true} is VALID [2022-02-20 17:55:59,735 INFO L290 TraceCheckUtils]: 89: Hoare triple {10450#true} assume 1 == ~handle; {10450#true} is VALID [2022-02-20 17:55:59,735 INFO L290 TraceCheckUtils]: 90: Hoare triple {10450#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {10450#true} is VALID [2022-02-20 17:55:59,735 INFO L290 TraceCheckUtils]: 91: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,735 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {10450#true} {10451#false} #961#return; {10451#false} is VALID [2022-02-20 17:55:59,735 INFO L290 TraceCheckUtils]: 93: Hoare triple {10451#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {10451#false} is VALID [2022-02-20 17:55:59,735 INFO L290 TraceCheckUtils]: 94: Hoare triple {10451#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {10451#false} is VALID [2022-02-20 17:55:59,735 INFO L290 TraceCheckUtils]: 95: Hoare triple {10451#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {10451#false} is VALID [2022-02-20 17:55:59,735 INFO L290 TraceCheckUtils]: 96: Hoare triple {10451#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {10451#false} is VALID [2022-02-20 17:55:59,736 INFO L290 TraceCheckUtils]: 97: Hoare triple {10451#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {10451#false} is VALID [2022-02-20 17:55:59,738 INFO L272 TraceCheckUtils]: 98: Hoare triple {10451#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {10514#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:59,738 INFO L290 TraceCheckUtils]: 99: Hoare triple {10514#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:55:59,738 INFO L290 TraceCheckUtils]: 100: Hoare triple {10450#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10450#true} is VALID [2022-02-20 17:55:59,738 INFO L290 TraceCheckUtils]: 101: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,738 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {10450#true} {10451#false} #967#return; {10451#false} is VALID [2022-02-20 17:55:59,738 INFO L290 TraceCheckUtils]: 103: Hoare triple {10451#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {10451#false} is VALID [2022-02-20 17:55:59,738 INFO L290 TraceCheckUtils]: 104: Hoare triple {10451#false} assume !(-1 == ~mail_is_sensitive~0); {10451#false} is VALID [2022-02-20 17:55:59,738 INFO L272 TraceCheckUtils]: 105: Hoare triple {10451#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {10450#true} is VALID [2022-02-20 17:55:59,738 INFO L290 TraceCheckUtils]: 106: Hoare triple {10450#true} ~handle := #in~handle;havoc ~retValue_acc~36; {10450#true} is VALID [2022-02-20 17:55:59,739 INFO L290 TraceCheckUtils]: 107: Hoare triple {10450#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {10450#true} is VALID [2022-02-20 17:55:59,739 INFO L290 TraceCheckUtils]: 108: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:55:59,739 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {10450#true} {10451#false} #971#return; {10451#false} is VALID [2022-02-20 17:55:59,739 INFO L290 TraceCheckUtils]: 110: Hoare triple {10451#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {10451#false} is VALID [2022-02-20 17:55:59,739 INFO L290 TraceCheckUtils]: 111: Hoare triple {10451#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {10451#false} is VALID [2022-02-20 17:55:59,739 INFO L290 TraceCheckUtils]: 112: Hoare triple {10451#false} assume !false; {10451#false} is VALID [2022-02-20 17:55:59,739 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:55:59,740 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:59,740 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1858234039] [2022-02-20 17:55:59,740 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1858234039] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:59,740 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1165863627] [2022-02-20 17:55:59,740 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:59,740 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:59,740 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:59,741 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:59,769 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:55:59,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,994 INFO L263 TraceCheckSpWp]: Trace formula consists of 1087 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:56:00,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:00,048 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:56:00,357 INFO L290 TraceCheckUtils]: 0: Hoare triple {10450#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {10450#true} is VALID [2022-02-20 17:56:00,357 INFO L290 TraceCheckUtils]: 1: Hoare triple {10450#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {10450#true} is VALID [2022-02-20 17:56:00,357 INFO L290 TraceCheckUtils]: 2: Hoare triple {10450#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L290 TraceCheckUtils]: 3: Hoare triple {10450#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L290 TraceCheckUtils]: 4: Hoare triple {10450#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L290 TraceCheckUtils]: 5: Hoare triple {10450#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L272 TraceCheckUtils]: 6: Hoare triple {10450#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L290 TraceCheckUtils]: 7: Hoare triple {10450#true} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L290 TraceCheckUtils]: 8: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L290 TraceCheckUtils]: 9: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10450#true} {10450#true} #1017#return; {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L290 TraceCheckUtils]: 11: Hoare triple {10450#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10450#true} is VALID [2022-02-20 17:56:00,358 INFO L272 TraceCheckUtils]: 12: Hoare triple {10450#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10450#true} is VALID [2022-02-20 17:56:00,359 INFO L290 TraceCheckUtils]: 13: Hoare triple {10450#true} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:56:00,359 INFO L290 TraceCheckUtils]: 14: Hoare triple {10450#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10450#true} is VALID [2022-02-20 17:56:00,359 INFO L290 TraceCheckUtils]: 15: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:56:00,359 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10450#true} {10450#true} #1019#return; {10450#true} is VALID [2022-02-20 17:56:00,359 INFO L290 TraceCheckUtils]: 17: Hoare triple {10450#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10570#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:56:00,360 INFO L272 TraceCheckUtils]: 18: Hoare triple {10570#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10450#true} is VALID [2022-02-20 17:56:00,360 INFO L290 TraceCheckUtils]: 19: Hoare triple {10450#true} ~handle := #in~handle;~value := #in~value; {10450#true} is VALID [2022-02-20 17:56:00,360 INFO L290 TraceCheckUtils]: 20: Hoare triple {10450#true} assume !(1 == ~handle); {10450#true} is VALID [2022-02-20 17:56:00,360 INFO L290 TraceCheckUtils]: 21: Hoare triple {10450#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {10450#true} is VALID [2022-02-20 17:56:00,360 INFO L290 TraceCheckUtils]: 22: Hoare triple {10450#true} assume true; {10450#true} is VALID [2022-02-20 17:56:00,361 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {10450#true} {10570#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1021#return; {10570#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:56:00,361 INFO L290 TraceCheckUtils]: 24: Hoare triple {10570#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {10570#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:56:00,361 INFO L272 TraceCheckUtils]: 25: Hoare triple {10570#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10450#true} is VALID [2022-02-20 17:56:00,362 INFO L290 TraceCheckUtils]: 26: Hoare triple {10450#true} ~handle := #in~handle;~value := #in~value; {10598#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:56:00,362 INFO L290 TraceCheckUtils]: 27: Hoare triple {10598#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10602#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:00,362 INFO L290 TraceCheckUtils]: 28: Hoare triple {10602#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {10602#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:00,363 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {10602#(<= |setClientPrivateKey_#in~handle| 1)} {10570#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1023#return; {10451#false} is VALID [2022-02-20 17:56:00,363 INFO L290 TraceCheckUtils]: 30: Hoare triple {10451#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10451#false} is VALID [2022-02-20 17:56:00,363 INFO L272 TraceCheckUtils]: 31: Hoare triple {10451#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10451#false} is VALID [2022-02-20 17:56:00,363 INFO L290 TraceCheckUtils]: 32: Hoare triple {10451#false} ~handle := #in~handle;~value := #in~value; {10451#false} is VALID [2022-02-20 17:56:00,363 INFO L290 TraceCheckUtils]: 33: Hoare triple {10451#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10451#false} is VALID [2022-02-20 17:56:00,364 INFO L290 TraceCheckUtils]: 34: Hoare triple {10451#false} assume true; {10451#false} is VALID [2022-02-20 17:56:00,364 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {10451#false} {10451#false} #1025#return; {10451#false} is VALID [2022-02-20 17:56:00,364 INFO L290 TraceCheckUtils]: 36: Hoare triple {10451#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10451#false} is VALID [2022-02-20 17:56:00,364 INFO L272 TraceCheckUtils]: 37: Hoare triple {10451#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10451#false} is VALID [2022-02-20 17:56:00,364 INFO L290 TraceCheckUtils]: 38: Hoare triple {10451#false} ~handle := #in~handle;~value := #in~value; {10451#false} is VALID [2022-02-20 17:56:00,364 INFO L290 TraceCheckUtils]: 39: Hoare triple {10451#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10451#false} is VALID [2022-02-20 17:56:00,364 INFO L290 TraceCheckUtils]: 40: Hoare triple {10451#false} assume true; {10451#false} is VALID [2022-02-20 17:56:00,364 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {10451#false} {10451#false} #1027#return; {10451#false} is VALID [2022-02-20 17:56:00,364 INFO L290 TraceCheckUtils]: 42: Hoare triple {10451#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 43: Hoare triple {10451#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 44: Hoare triple {10451#false} assume !false; {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 45: Hoare triple {10451#false} assume test_~splverifierCounter~0#1 < 4; {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 46: Hoare triple {10451#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 47: Hoare triple {10451#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 48: Hoare triple {10451#false} assume !(0 != test_~tmp___9~0#1); {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 49: Hoare triple {10451#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 50: Hoare triple {10451#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 51: Hoare triple {10451#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {10451#false} is VALID [2022-02-20 17:56:00,365 INFO L290 TraceCheckUtils]: 52: Hoare triple {10451#false} assume { :end_inline_setClientAutoResponse } true; {10451#false} is VALID [2022-02-20 17:56:00,366 INFO L290 TraceCheckUtils]: 53: Hoare triple {10451#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {10451#false} is VALID [2022-02-20 17:56:00,366 INFO L290 TraceCheckUtils]: 54: Hoare triple {10451#false} assume !false; {10451#false} is VALID [2022-02-20 17:56:00,366 INFO L290 TraceCheckUtils]: 55: Hoare triple {10451#false} assume !(test_~splverifierCounter~0#1 < 4); {10451#false} is VALID [2022-02-20 17:56:00,366 INFO L290 TraceCheckUtils]: 56: Hoare triple {10451#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {10451#false} is VALID [2022-02-20 17:56:00,366 INFO L272 TraceCheckUtils]: 57: Hoare triple {10451#false} call sendEmail(~bob~0, ~rjh~0); {10451#false} is VALID [2022-02-20 17:56:00,366 INFO L290 TraceCheckUtils]: 58: Hoare triple {10451#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10451#false} is VALID [2022-02-20 17:56:00,366 INFO L272 TraceCheckUtils]: 59: Hoare triple {10451#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10451#false} is VALID [2022-02-20 17:56:00,366 INFO L290 TraceCheckUtils]: 60: Hoare triple {10451#false} ~handle := #in~handle;~value := #in~value; {10451#false} is VALID [2022-02-20 17:56:00,366 INFO L290 TraceCheckUtils]: 61: Hoare triple {10451#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L290 TraceCheckUtils]: 62: Hoare triple {10451#false} assume true; {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {10451#false} {10451#false} #1003#return; {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L272 TraceCheckUtils]: 64: Hoare triple {10451#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L290 TraceCheckUtils]: 65: Hoare triple {10451#false} ~handle := #in~handle;~value := #in~value; {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L290 TraceCheckUtils]: 66: Hoare triple {10451#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L290 TraceCheckUtils]: 67: Hoare triple {10451#false} assume true; {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {10451#false} {10451#false} #1005#return; {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L290 TraceCheckUtils]: 69: Hoare triple {10451#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L290 TraceCheckUtils]: 70: Hoare triple {10451#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {10451#false} is VALID [2022-02-20 17:56:00,367 INFO L272 TraceCheckUtils]: 71: Hoare triple {10451#false} call outgoing(~sender#1, ~email~0#1); {10451#false} is VALID [2022-02-20 17:56:00,368 INFO L290 TraceCheckUtils]: 72: Hoare triple {10451#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {10451#false} is VALID [2022-02-20 17:56:00,368 INFO L272 TraceCheckUtils]: 73: Hoare triple {10451#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {10451#false} is VALID [2022-02-20 17:56:00,368 INFO L290 TraceCheckUtils]: 74: Hoare triple {10451#false} ~handle := #in~handle;havoc ~retValue_acc~17; {10451#false} is VALID [2022-02-20 17:56:00,368 INFO L290 TraceCheckUtils]: 75: Hoare triple {10451#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {10451#false} is VALID [2022-02-20 17:56:00,368 INFO L290 TraceCheckUtils]: 76: Hoare triple {10451#false} assume true; {10451#false} is VALID [2022-02-20 17:56:00,368 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {10451#false} {10451#false} #957#return; {10451#false} is VALID [2022-02-20 17:56:00,368 INFO L290 TraceCheckUtils]: 78: Hoare triple {10451#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {10451#false} is VALID [2022-02-20 17:56:00,368 INFO L290 TraceCheckUtils]: 79: Hoare triple {10451#false} assume 0 == sign_~privkey~1#1; {10451#false} is VALID [2022-02-20 17:56:00,368 INFO L290 TraceCheckUtils]: 80: Hoare triple {10451#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L272 TraceCheckUtils]: 81: Hoare triple {10451#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L290 TraceCheckUtils]: 82: Hoare triple {10451#false} ~handle := #in~handle;havoc ~retValue_acc~33; {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L290 TraceCheckUtils]: 83: Hoare triple {10451#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L290 TraceCheckUtils]: 84: Hoare triple {10451#false} assume true; {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {10451#false} {10451#false} #959#return; {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L290 TraceCheckUtils]: 86: Hoare triple {10451#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L272 TraceCheckUtils]: 87: Hoare triple {10451#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L290 TraceCheckUtils]: 88: Hoare triple {10451#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L290 TraceCheckUtils]: 89: Hoare triple {10451#false} assume 1 == ~handle; {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L290 TraceCheckUtils]: 90: Hoare triple {10451#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {10451#false} is VALID [2022-02-20 17:56:00,369 INFO L290 TraceCheckUtils]: 91: Hoare triple {10451#false} assume true; {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {10451#false} {10451#false} #961#return; {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L290 TraceCheckUtils]: 93: Hoare triple {10451#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L290 TraceCheckUtils]: 94: Hoare triple {10451#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L290 TraceCheckUtils]: 95: Hoare triple {10451#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L290 TraceCheckUtils]: 96: Hoare triple {10451#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L290 TraceCheckUtils]: 97: Hoare triple {10451#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L272 TraceCheckUtils]: 98: Hoare triple {10451#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L290 TraceCheckUtils]: 99: Hoare triple {10451#false} ~handle := #in~handle;~value := #in~value; {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L290 TraceCheckUtils]: 100: Hoare triple {10451#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10451#false} is VALID [2022-02-20 17:56:00,370 INFO L290 TraceCheckUtils]: 101: Hoare triple {10451#false} assume true; {10451#false} is VALID [2022-02-20 17:56:00,371 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {10451#false} {10451#false} #967#return; {10451#false} is VALID [2022-02-20 17:56:00,371 INFO L290 TraceCheckUtils]: 103: Hoare triple {10451#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {10451#false} is VALID [2022-02-20 17:56:00,371 INFO L290 TraceCheckUtils]: 104: Hoare triple {10451#false} assume !(-1 == ~mail_is_sensitive~0); {10451#false} is VALID [2022-02-20 17:56:00,371 INFO L272 TraceCheckUtils]: 105: Hoare triple {10451#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {10451#false} is VALID [2022-02-20 17:56:00,371 INFO L290 TraceCheckUtils]: 106: Hoare triple {10451#false} ~handle := #in~handle;havoc ~retValue_acc~36; {10451#false} is VALID [2022-02-20 17:56:00,376 INFO L290 TraceCheckUtils]: 107: Hoare triple {10451#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {10451#false} is VALID [2022-02-20 17:56:00,376 INFO L290 TraceCheckUtils]: 108: Hoare triple {10451#false} assume true; {10451#false} is VALID [2022-02-20 17:56:00,377 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {10451#false} {10451#false} #971#return; {10451#false} is VALID [2022-02-20 17:56:00,378 INFO L290 TraceCheckUtils]: 110: Hoare triple {10451#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {10451#false} is VALID [2022-02-20 17:56:00,378 INFO L290 TraceCheckUtils]: 111: Hoare triple {10451#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {10451#false} is VALID [2022-02-20 17:56:00,379 INFO L290 TraceCheckUtils]: 112: Hoare triple {10451#false} assume !false; {10451#false} is VALID [2022-02-20 17:56:00,380 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:56:00,380 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:56:00,383 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1165863627] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:00,383 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:56:00,384 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:56:00,387 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [481643243] [2022-02-20 17:56:00,388 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:00,389 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 113 [2022-02-20 17:56:00,389 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:00,389 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:00,460 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 107 edges. 107 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:00,460 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:56:00,460 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:00,461 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:56:00,461 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:56:00,461 INFO L87 Difference]: Start difference. First operand 393 states and 591 transitions. Second operand has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:01,479 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:01,479 INFO L93 Difference]: Finished difference Result 775 states and 1171 transitions. [2022-02-20 17:56:01,479 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:56:01,480 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 113 [2022-02-20 17:56:01,480 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:01,480 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:01,489 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 993 transitions. [2022-02-20 17:56:01,489 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:01,497 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 993 transitions. [2022-02-20 17:56:01,498 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 993 transitions. [2022-02-20 17:56:02,180 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 993 edges. 993 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:02,194 INFO L225 Difference]: With dead ends: 775 [2022-02-20 17:56:02,194 INFO L226 Difference]: Without dead ends: 395 [2022-02-20 17:56:02,196 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 145 GetRequests, 131 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:56:02,196 INFO L933 BasicCegarLoop]: 491 mSDtfsCounter, 124 mSDsluCounter, 1326 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1817 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:02,196 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1817 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:56:02,197 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 395 states. [2022-02-20 17:56:02,288 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 395 to 395. [2022-02-20 17:56:02,288 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:02,289 INFO L82 GeneralOperation]: Start isEquivalent. First operand 395 states. Second operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 17:56:02,290 INFO L74 IsIncluded]: Start isIncluded. First operand 395 states. Second operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 17:56:02,291 INFO L87 Difference]: Start difference. First operand 395 states. Second operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 17:56:02,304 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:02,304 INFO L93 Difference]: Finished difference Result 395 states and 597 transitions. [2022-02-20 17:56:02,304 INFO L276 IsEmpty]: Start isEmpty. Operand 395 states and 597 transitions. [2022-02-20 17:56:02,306 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:02,306 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:02,307 INFO L74 IsIncluded]: Start isIncluded. First operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) Second operand 395 states. [2022-02-20 17:56:02,308 INFO L87 Difference]: Start difference. First operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) Second operand 395 states. [2022-02-20 17:56:02,320 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:02,321 INFO L93 Difference]: Finished difference Result 395 states and 597 transitions. [2022-02-20 17:56:02,321 INFO L276 IsEmpty]: Start isEmpty. Operand 395 states and 597 transitions. [2022-02-20 17:56:02,322 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:02,322 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:02,322 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:02,322 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:02,324 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 17:56:02,338 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 395 states to 395 states and 597 transitions. [2022-02-20 17:56:02,338 INFO L78 Accepts]: Start accepts. Automaton has 395 states and 597 transitions. Word has length 113 [2022-02-20 17:56:02,338 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:02,339 INFO L470 AbstractCegarLoop]: Abstraction has 395 states and 597 transitions. [2022-02-20 17:56:02,339 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 15.8) internal successors, (79), 5 states have internal predecessors, (79), 3 states have call successors, (15), 2 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:02,339 INFO L276 IsEmpty]: Start isEmpty. Operand 395 states and 597 transitions. [2022-02-20 17:56:02,341 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 115 [2022-02-20 17:56:02,341 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:02,341 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:02,370 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:56:02,554 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:56:02,554 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:02,554 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:02,555 INFO L85 PathProgramCache]: Analyzing trace with hash -1538264855, now seen corresponding path program 1 times [2022-02-20 17:56:02,555 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:02,555 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1560924131] [2022-02-20 17:56:02,555 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:02,555 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:02,590 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:02,629 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,631 INFO L290 TraceCheckUtils]: 0: Hoare triple {13353#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,631 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,631 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13295#true} {13295#true} #1017#return; {13295#true} is VALID [2022-02-20 17:56:02,637 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:02,639 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,643 INFO L290 TraceCheckUtils]: 0: Hoare triple {13354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,643 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,643 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13295#true} {13295#true} #1019#return; {13295#true} is VALID [2022-02-20 17:56:02,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:02,646 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,649 INFO L290 TraceCheckUtils]: 0: Hoare triple {13353#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,649 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume !(1 == ~handle); {13295#true} is VALID [2022-02-20 17:56:02,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,650 INFO L290 TraceCheckUtils]: 3: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,650 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13295#true} {13295#true} #1021#return; {13295#true} is VALID [2022-02-20 17:56:02,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:02,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {13354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,655 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume !(1 == ~handle); {13295#true} is VALID [2022-02-20 17:56:02,655 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,655 INFO L290 TraceCheckUtils]: 3: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,655 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13295#true} {13295#true} #1023#return; {13295#true} is VALID [2022-02-20 17:56:02,656 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:02,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,673 INFO L290 TraceCheckUtils]: 0: Hoare triple {13353#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13355#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:02,673 INFO L290 TraceCheckUtils]: 1: Hoare triple {13355#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13356#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:02,673 INFO L290 TraceCheckUtils]: 2: Hoare triple {13356#(= |setClientId_#in~handle| 1)} assume true; {13356#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:02,674 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13356#(= |setClientId_#in~handle| 1)} {13315#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1025#return; {13296#false} is VALID [2022-02-20 17:56:02,674 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:56:02,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,678 INFO L290 TraceCheckUtils]: 0: Hoare triple {13354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,678 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,678 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,678 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13295#true} {13296#false} #1027#return; {13296#false} is VALID [2022-02-20 17:56:02,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:56:02,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,691 INFO L290 TraceCheckUtils]: 0: Hoare triple {13357#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,692 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13295#true} {13296#false} #1003#return; {13296#false} is VALID [2022-02-20 17:56:02,699 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:56:02,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,702 INFO L290 TraceCheckUtils]: 0: Hoare triple {13358#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,703 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,703 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,703 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13295#true} {13296#false} #1005#return; {13296#false} is VALID [2022-02-20 17:56:02,703 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:56:02,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,706 INFO L290 TraceCheckUtils]: 0: Hoare triple {13295#true} ~handle := #in~handle;havoc ~retValue_acc~17; {13295#true} is VALID [2022-02-20 17:56:02,706 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {13295#true} is VALID [2022-02-20 17:56:02,706 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,706 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13295#true} {13296#false} #957#return; {13296#false} is VALID [2022-02-20 17:56:02,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:56:02,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,711 INFO L290 TraceCheckUtils]: 0: Hoare triple {13295#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13295#true} is VALID [2022-02-20 17:56:02,711 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13295#true} is VALID [2022-02-20 17:56:02,711 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,711 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13295#true} {13296#false} #959#return; {13296#false} is VALID [2022-02-20 17:56:02,711 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:56:02,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {13295#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {13295#true} is VALID [2022-02-20 17:56:02,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle; {13295#true} is VALID [2022-02-20 17:56:02,714 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {13295#true} is VALID [2022-02-20 17:56:02,714 INFO L290 TraceCheckUtils]: 3: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,715 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13295#true} {13296#false} #961#return; {13296#false} is VALID [2022-02-20 17:56:02,715 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:56:02,716 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,717 INFO L290 TraceCheckUtils]: 0: Hoare triple {13357#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,718 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,718 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13295#true} {13296#false} #967#return; {13296#false} is VALID [2022-02-20 17:56:02,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:56:02,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,720 INFO L290 TraceCheckUtils]: 0: Hoare triple {13295#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13295#true} is VALID [2022-02-20 17:56:02,720 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {13295#true} is VALID [2022-02-20 17:56:02,721 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,721 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13295#true} {13296#false} #971#return; {13296#false} is VALID [2022-02-20 17:56:02,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {13295#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {13295#true} is VALID [2022-02-20 17:56:02,721 INFO L290 TraceCheckUtils]: 1: Hoare triple {13295#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {13295#true} is VALID [2022-02-20 17:56:02,721 INFO L290 TraceCheckUtils]: 2: Hoare triple {13295#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13295#true} is VALID [2022-02-20 17:56:02,721 INFO L290 TraceCheckUtils]: 3: Hoare triple {13295#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {13295#true} is VALID [2022-02-20 17:56:02,722 INFO L290 TraceCheckUtils]: 4: Hoare triple {13295#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {13295#true} is VALID [2022-02-20 17:56:02,722 INFO L290 TraceCheckUtils]: 5: Hoare triple {13295#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13295#true} is VALID [2022-02-20 17:56:02,722 INFO L272 TraceCheckUtils]: 6: Hoare triple {13295#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13353#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:02,723 INFO L290 TraceCheckUtils]: 7: Hoare triple {13353#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,723 INFO L290 TraceCheckUtils]: 8: Hoare triple {13295#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,723 INFO L290 TraceCheckUtils]: 9: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,723 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13295#true} {13295#true} #1017#return; {13295#true} is VALID [2022-02-20 17:56:02,723 INFO L290 TraceCheckUtils]: 11: Hoare triple {13295#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13295#true} is VALID [2022-02-20 17:56:02,724 INFO L272 TraceCheckUtils]: 12: Hoare triple {13295#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:02,724 INFO L290 TraceCheckUtils]: 13: Hoare triple {13354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,724 INFO L290 TraceCheckUtils]: 14: Hoare triple {13295#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,724 INFO L290 TraceCheckUtils]: 15: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,724 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13295#true} {13295#true} #1019#return; {13295#true} is VALID [2022-02-20 17:56:02,725 INFO L290 TraceCheckUtils]: 17: Hoare triple {13295#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13295#true} is VALID [2022-02-20 17:56:02,725 INFO L272 TraceCheckUtils]: 18: Hoare triple {13295#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13353#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:02,725 INFO L290 TraceCheckUtils]: 19: Hoare triple {13353#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,726 INFO L290 TraceCheckUtils]: 20: Hoare triple {13295#true} assume !(1 == ~handle); {13295#true} is VALID [2022-02-20 17:56:02,726 INFO L290 TraceCheckUtils]: 21: Hoare triple {13295#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,726 INFO L290 TraceCheckUtils]: 22: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,726 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13295#true} {13295#true} #1021#return; {13295#true} is VALID [2022-02-20 17:56:02,726 INFO L290 TraceCheckUtils]: 24: Hoare triple {13295#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {13295#true} is VALID [2022-02-20 17:56:02,727 INFO L272 TraceCheckUtils]: 25: Hoare triple {13295#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:02,727 INFO L290 TraceCheckUtils]: 26: Hoare triple {13354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,727 INFO L290 TraceCheckUtils]: 27: Hoare triple {13295#true} assume !(1 == ~handle); {13295#true} is VALID [2022-02-20 17:56:02,727 INFO L290 TraceCheckUtils]: 28: Hoare triple {13295#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,727 INFO L290 TraceCheckUtils]: 29: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,728 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {13295#true} {13295#true} #1023#return; {13295#true} is VALID [2022-02-20 17:56:02,728 INFO L290 TraceCheckUtils]: 31: Hoare triple {13295#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13315#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:02,729 INFO L272 TraceCheckUtils]: 32: Hoare triple {13315#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13353#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:02,729 INFO L290 TraceCheckUtils]: 33: Hoare triple {13353#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13355#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:02,730 INFO L290 TraceCheckUtils]: 34: Hoare triple {13355#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13356#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:02,730 INFO L290 TraceCheckUtils]: 35: Hoare triple {13356#(= |setClientId_#in~handle| 1)} assume true; {13356#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:02,730 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {13356#(= |setClientId_#in~handle| 1)} {13315#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1025#return; {13296#false} is VALID [2022-02-20 17:56:02,730 INFO L290 TraceCheckUtils]: 37: Hoare triple {13296#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13296#false} is VALID [2022-02-20 17:56:02,731 INFO L272 TraceCheckUtils]: 38: Hoare triple {13296#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:02,731 INFO L290 TraceCheckUtils]: 39: Hoare triple {13354#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,731 INFO L290 TraceCheckUtils]: 40: Hoare triple {13295#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,731 INFO L290 TraceCheckUtils]: 41: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,731 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {13295#true} {13296#false} #1027#return; {13296#false} is VALID [2022-02-20 17:56:02,731 INFO L290 TraceCheckUtils]: 43: Hoare triple {13296#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {13296#false} is VALID [2022-02-20 17:56:02,732 INFO L290 TraceCheckUtils]: 44: Hoare triple {13296#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13296#false} is VALID [2022-02-20 17:56:02,732 INFO L290 TraceCheckUtils]: 45: Hoare triple {13296#false} assume !false; {13296#false} is VALID [2022-02-20 17:56:02,732 INFO L290 TraceCheckUtils]: 46: Hoare triple {13296#false} assume test_~splverifierCounter~0#1 < 4; {13296#false} is VALID [2022-02-20 17:56:02,732 INFO L290 TraceCheckUtils]: 47: Hoare triple {13296#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13296#false} is VALID [2022-02-20 17:56:02,745 INFO L290 TraceCheckUtils]: 48: Hoare triple {13296#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {13296#false} is VALID [2022-02-20 17:56:02,745 INFO L290 TraceCheckUtils]: 49: Hoare triple {13296#false} assume !(0 != test_~tmp___9~0#1); {13296#false} is VALID [2022-02-20 17:56:02,745 INFO L290 TraceCheckUtils]: 50: Hoare triple {13296#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {13296#false} is VALID [2022-02-20 17:56:02,745 INFO L290 TraceCheckUtils]: 51: Hoare triple {13296#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {13296#false} is VALID [2022-02-20 17:56:02,745 INFO L290 TraceCheckUtils]: 52: Hoare triple {13296#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {13296#false} is VALID [2022-02-20 17:56:02,746 INFO L290 TraceCheckUtils]: 53: Hoare triple {13296#false} assume { :end_inline_setClientAutoResponse } true; {13296#false} is VALID [2022-02-20 17:56:02,746 INFO L290 TraceCheckUtils]: 54: Hoare triple {13296#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {13296#false} is VALID [2022-02-20 17:56:02,746 INFO L290 TraceCheckUtils]: 55: Hoare triple {13296#false} assume !false; {13296#false} is VALID [2022-02-20 17:56:02,746 INFO L290 TraceCheckUtils]: 56: Hoare triple {13296#false} assume !(test_~splverifierCounter~0#1 < 4); {13296#false} is VALID [2022-02-20 17:56:02,746 INFO L290 TraceCheckUtils]: 57: Hoare triple {13296#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {13296#false} is VALID [2022-02-20 17:56:02,746 INFO L272 TraceCheckUtils]: 58: Hoare triple {13296#false} call sendEmail(~bob~0, ~rjh~0); {13296#false} is VALID [2022-02-20 17:56:02,747 INFO L290 TraceCheckUtils]: 59: Hoare triple {13296#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13296#false} is VALID [2022-02-20 17:56:02,747 INFO L272 TraceCheckUtils]: 60: Hoare triple {13296#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13357#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:02,747 INFO L290 TraceCheckUtils]: 61: Hoare triple {13357#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,747 INFO L290 TraceCheckUtils]: 62: Hoare triple {13295#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,747 INFO L290 TraceCheckUtils]: 63: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,747 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {13295#true} {13296#false} #1003#return; {13296#false} is VALID [2022-02-20 17:56:02,747 INFO L272 TraceCheckUtils]: 65: Hoare triple {13296#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13358#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:02,748 INFO L290 TraceCheckUtils]: 66: Hoare triple {13358#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,748 INFO L290 TraceCheckUtils]: 67: Hoare triple {13295#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,748 INFO L290 TraceCheckUtils]: 68: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,748 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {13295#true} {13296#false} #1005#return; {13296#false} is VALID [2022-02-20 17:56:02,748 INFO L290 TraceCheckUtils]: 70: Hoare triple {13296#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {13296#false} is VALID [2022-02-20 17:56:02,748 INFO L290 TraceCheckUtils]: 71: Hoare triple {13296#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {13296#false} is VALID [2022-02-20 17:56:02,748 INFO L272 TraceCheckUtils]: 72: Hoare triple {13296#false} call outgoing(~sender#1, ~email~0#1); {13296#false} is VALID [2022-02-20 17:56:02,749 INFO L290 TraceCheckUtils]: 73: Hoare triple {13296#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {13296#false} is VALID [2022-02-20 17:56:02,749 INFO L272 TraceCheckUtils]: 74: Hoare triple {13296#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {13295#true} is VALID [2022-02-20 17:56:02,749 INFO L290 TraceCheckUtils]: 75: Hoare triple {13295#true} ~handle := #in~handle;havoc ~retValue_acc~17; {13295#true} is VALID [2022-02-20 17:56:02,749 INFO L290 TraceCheckUtils]: 76: Hoare triple {13295#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {13295#true} is VALID [2022-02-20 17:56:02,749 INFO L290 TraceCheckUtils]: 77: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,749 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {13295#true} {13296#false} #957#return; {13296#false} is VALID [2022-02-20 17:56:02,749 INFO L290 TraceCheckUtils]: 79: Hoare triple {13296#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {13296#false} is VALID [2022-02-20 17:56:02,750 INFO L290 TraceCheckUtils]: 80: Hoare triple {13296#false} assume 0 == sign_~privkey~1#1; {13296#false} is VALID [2022-02-20 17:56:02,750 INFO L290 TraceCheckUtils]: 81: Hoare triple {13296#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {13296#false} is VALID [2022-02-20 17:56:02,750 INFO L272 TraceCheckUtils]: 82: Hoare triple {13296#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {13295#true} is VALID [2022-02-20 17:56:02,750 INFO L290 TraceCheckUtils]: 83: Hoare triple {13295#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13295#true} is VALID [2022-02-20 17:56:02,750 INFO L290 TraceCheckUtils]: 84: Hoare triple {13295#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13295#true} is VALID [2022-02-20 17:56:02,750 INFO L290 TraceCheckUtils]: 85: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,751 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {13295#true} {13296#false} #959#return; {13296#false} is VALID [2022-02-20 17:56:02,751 INFO L290 TraceCheckUtils]: 87: Hoare triple {13296#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {13296#false} is VALID [2022-02-20 17:56:02,751 INFO L272 TraceCheckUtils]: 88: Hoare triple {13296#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {13295#true} is VALID [2022-02-20 17:56:02,751 INFO L290 TraceCheckUtils]: 89: Hoare triple {13295#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {13295#true} is VALID [2022-02-20 17:56:02,751 INFO L290 TraceCheckUtils]: 90: Hoare triple {13295#true} assume 1 == ~handle; {13295#true} is VALID [2022-02-20 17:56:02,751 INFO L290 TraceCheckUtils]: 91: Hoare triple {13295#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {13295#true} is VALID [2022-02-20 17:56:02,751 INFO L290 TraceCheckUtils]: 92: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,752 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {13295#true} {13296#false} #961#return; {13296#false} is VALID [2022-02-20 17:56:02,752 INFO L290 TraceCheckUtils]: 94: Hoare triple {13296#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {13296#false} is VALID [2022-02-20 17:56:02,752 INFO L290 TraceCheckUtils]: 95: Hoare triple {13296#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {13296#false} is VALID [2022-02-20 17:56:02,752 INFO L290 TraceCheckUtils]: 96: Hoare triple {13296#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {13296#false} is VALID [2022-02-20 17:56:02,752 INFO L290 TraceCheckUtils]: 97: Hoare triple {13296#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {13296#false} is VALID [2022-02-20 17:56:02,752 INFO L290 TraceCheckUtils]: 98: Hoare triple {13296#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {13296#false} is VALID [2022-02-20 17:56:02,752 INFO L272 TraceCheckUtils]: 99: Hoare triple {13296#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {13357#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:02,753 INFO L290 TraceCheckUtils]: 100: Hoare triple {13357#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13295#true} is VALID [2022-02-20 17:56:02,753 INFO L290 TraceCheckUtils]: 101: Hoare triple {13295#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13295#true} is VALID [2022-02-20 17:56:02,753 INFO L290 TraceCheckUtils]: 102: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,753 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {13295#true} {13296#false} #967#return; {13296#false} is VALID [2022-02-20 17:56:02,753 INFO L290 TraceCheckUtils]: 104: Hoare triple {13296#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {13296#false} is VALID [2022-02-20 17:56:02,753 INFO L290 TraceCheckUtils]: 105: Hoare triple {13296#false} assume !(-1 == ~mail_is_sensitive~0); {13296#false} is VALID [2022-02-20 17:56:02,753 INFO L272 TraceCheckUtils]: 106: Hoare triple {13296#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {13295#true} is VALID [2022-02-20 17:56:02,754 INFO L290 TraceCheckUtils]: 107: Hoare triple {13295#true} ~handle := #in~handle;havoc ~retValue_acc~36; {13295#true} is VALID [2022-02-20 17:56:02,754 INFO L290 TraceCheckUtils]: 108: Hoare triple {13295#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {13295#true} is VALID [2022-02-20 17:56:02,754 INFO L290 TraceCheckUtils]: 109: Hoare triple {13295#true} assume true; {13295#true} is VALID [2022-02-20 17:56:02,754 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {13295#true} {13296#false} #971#return; {13296#false} is VALID [2022-02-20 17:56:02,754 INFO L290 TraceCheckUtils]: 111: Hoare triple {13296#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {13296#false} is VALID [2022-02-20 17:56:02,754 INFO L290 TraceCheckUtils]: 112: Hoare triple {13296#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {13296#false} is VALID [2022-02-20 17:56:02,754 INFO L290 TraceCheckUtils]: 113: Hoare triple {13296#false} assume !false; {13296#false} is VALID [2022-02-20 17:56:02,755 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:56:02,755 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:02,755 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1560924131] [2022-02-20 17:56:02,755 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1560924131] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:02,756 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:02,756 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:56:02,756 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1060223417] [2022-02-20 17:56:02,756 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:02,757 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 114 [2022-02-20 17:56:02,757 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:02,757 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:02,831 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 103 edges. 103 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:02,832 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:56:02,832 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:02,832 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:56:02,832 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:56:02,833 INFO L87 Difference]: Start difference. First operand 395 states and 597 transitions. Second operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:09,296 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:09,296 INFO L93 Difference]: Finished difference Result 882 states and 1335 transitions. [2022-02-20 17:56:09,296 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:56:09,297 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 114 [2022-02-20 17:56:09,298 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:09,298 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:09,318 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1149 transitions. [2022-02-20 17:56:09,319 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:09,332 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1149 transitions. [2022-02-20 17:56:09,332 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1149 transitions. [2022-02-20 17:56:10,345 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1149 edges. 1149 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:10,365 INFO L225 Difference]: With dead ends: 882 [2022-02-20 17:56:10,366 INFO L226 Difference]: Without dead ends: 510 [2022-02-20 17:56:10,367 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:56:10,368 INFO L933 BasicCegarLoop]: 565 mSDtfsCounter, 1213 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1845 mSolverCounterSat, 424 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1230 SdHoareTripleChecker+Valid, 1380 SdHoareTripleChecker+Invalid, 2269 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 424 IncrementalHoareTripleChecker+Valid, 1845 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:10,368 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1230 Valid, 1380 Invalid, 2269 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [424 Valid, 1845 Invalid, 0 Unknown, 0 Unchecked, 2.8s Time] [2022-02-20 17:56:10,369 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 510 states. [2022-02-20 17:56:10,471 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 510 to 395. [2022-02-20 17:56:10,471 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:10,472 INFO L82 GeneralOperation]: Start isEquivalent. First operand 510 states. Second operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 17:56:10,473 INFO L74 IsIncluded]: Start isIncluded. First operand 510 states. Second operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 17:56:10,474 INFO L87 Difference]: Start difference. First operand 510 states. Second operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 17:56:10,493 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:10,494 INFO L93 Difference]: Finished difference Result 510 states and 769 transitions. [2022-02-20 17:56:10,494 INFO L276 IsEmpty]: Start isEmpty. Operand 510 states and 769 transitions. [2022-02-20 17:56:10,496 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:10,496 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:10,497 INFO L74 IsIncluded]: Start isIncluded. First operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) Second operand 510 states. [2022-02-20 17:56:10,498 INFO L87 Difference]: Start difference. First operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) Second operand 510 states. [2022-02-20 17:56:10,518 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:10,518 INFO L93 Difference]: Finished difference Result 510 states and 769 transitions. [2022-02-20 17:56:10,518 INFO L276 IsEmpty]: Start isEmpty. Operand 510 states and 769 transitions. [2022-02-20 17:56:10,521 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:10,521 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:10,521 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:10,521 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:10,522 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 395 states, 305 states have (on average 1.518032786885246) internal successors, (463), 310 states have internal predecessors, (463), 64 states have call successors, (64), 23 states have call predecessors, (64), 25 states have return successors, (69), 63 states have call predecessors, (69), 63 states have call successors, (69) [2022-02-20 17:56:10,536 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 395 states to 395 states and 596 transitions. [2022-02-20 17:56:10,537 INFO L78 Accepts]: Start accepts. Automaton has 395 states and 596 transitions. Word has length 114 [2022-02-20 17:56:10,537 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:10,537 INFO L470 AbstractCegarLoop]: Abstraction has 395 states and 596 transitions. [2022-02-20 17:56:10,537 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.375) internal successors, (75), 5 states have internal predecessors, (75), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:10,537 INFO L276 IsEmpty]: Start isEmpty. Operand 395 states and 596 transitions. [2022-02-20 17:56:10,540 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 116 [2022-02-20 17:56:10,540 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:10,540 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:10,540 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:56:10,540 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:10,541 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:10,541 INFO L85 PathProgramCache]: Analyzing trace with hash 1533725465, now seen corresponding path program 2 times [2022-02-20 17:56:10,541 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:10,541 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1121160236] [2022-02-20 17:56:10,541 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:10,541 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:10,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,596 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:10,598 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {16266#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,600 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,600 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,600 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16207#true} {16207#true} #1017#return; {16207#true} is VALID [2022-02-20 17:56:10,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:10,607 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,609 INFO L290 TraceCheckUtils]: 0: Hoare triple {16267#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,609 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,609 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,609 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16207#true} {16207#true} #1019#return; {16207#true} is VALID [2022-02-20 17:56:10,609 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:10,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,613 INFO L290 TraceCheckUtils]: 0: Hoare triple {16266#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,614 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume !(1 == ~handle); {16207#true} is VALID [2022-02-20 17:56:10,614 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,614 INFO L290 TraceCheckUtils]: 3: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,614 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16207#true} {16207#true} #1021#return; {16207#true} is VALID [2022-02-20 17:56:10,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:10,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {16267#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,618 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume !(1 == ~handle); {16207#true} is VALID [2022-02-20 17:56:10,618 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,618 INFO L290 TraceCheckUtils]: 3: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,618 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16207#true} {16207#true} #1023#return; {16207#true} is VALID [2022-02-20 17:56:10,618 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:10,626 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,640 INFO L290 TraceCheckUtils]: 0: Hoare triple {16266#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16268#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:10,641 INFO L290 TraceCheckUtils]: 1: Hoare triple {16268#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16268#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:10,641 INFO L290 TraceCheckUtils]: 2: Hoare triple {16268#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16269#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:10,641 INFO L290 TraceCheckUtils]: 3: Hoare triple {16269#(= 2 |setClientId_#in~handle|)} assume true; {16269#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:10,642 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16269#(= 2 |setClientId_#in~handle|)} {16227#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1025#return; {16208#false} is VALID [2022-02-20 17:56:10,642 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:56:10,644 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,646 INFO L290 TraceCheckUtils]: 0: Hoare triple {16267#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,647 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,647 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,647 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16207#true} {16208#false} #1027#return; {16208#false} is VALID [2022-02-20 17:56:10,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:56:10,654 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {16270#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,656 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16207#true} {16208#false} #1003#return; {16208#false} is VALID [2022-02-20 17:56:10,663 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:56:10,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {16271#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,667 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16207#true} {16208#false} #1005#return; {16208#false} is VALID [2022-02-20 17:56:10,667 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:56:10,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {16207#true} ~handle := #in~handle;havoc ~retValue_acc~17; {16207#true} is VALID [2022-02-20 17:56:10,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {16207#true} is VALID [2022-02-20 17:56:10,671 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,671 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16207#true} {16208#false} #957#return; {16208#false} is VALID [2022-02-20 17:56:10,671 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:56:10,672 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {16207#true} ~handle := #in~handle;havoc ~retValue_acc~33; {16207#true} is VALID [2022-02-20 17:56:10,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {16207#true} is VALID [2022-02-20 17:56:10,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,674 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16207#true} {16208#false} #959#return; {16208#false} is VALID [2022-02-20 17:56:10,675 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:56:10,676 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,679 INFO L290 TraceCheckUtils]: 0: Hoare triple {16207#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {16207#true} is VALID [2022-02-20 17:56:10,679 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle; {16207#true} is VALID [2022-02-20 17:56:10,679 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {16207#true} is VALID [2022-02-20 17:56:10,679 INFO L290 TraceCheckUtils]: 3: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,680 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16207#true} {16208#false} #961#return; {16208#false} is VALID [2022-02-20 17:56:10,680 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:56:10,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,684 INFO L290 TraceCheckUtils]: 0: Hoare triple {16270#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,684 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,685 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,685 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16207#true} {16208#false} #967#return; {16208#false} is VALID [2022-02-20 17:56:10,685 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 17:56:10,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:10,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {16207#true} ~handle := #in~handle;havoc ~retValue_acc~36; {16207#true} is VALID [2022-02-20 17:56:10,687 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {16207#true} is VALID [2022-02-20 17:56:10,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,688 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16207#true} {16208#false} #971#return; {16208#false} is VALID [2022-02-20 17:56:10,688 INFO L290 TraceCheckUtils]: 0: Hoare triple {16207#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {16207#true} is VALID [2022-02-20 17:56:10,688 INFO L290 TraceCheckUtils]: 1: Hoare triple {16207#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {16207#true} is VALID [2022-02-20 17:56:10,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {16207#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16207#true} is VALID [2022-02-20 17:56:10,688 INFO L290 TraceCheckUtils]: 3: Hoare triple {16207#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {16207#true} is VALID [2022-02-20 17:56:10,688 INFO L290 TraceCheckUtils]: 4: Hoare triple {16207#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {16207#true} is VALID [2022-02-20 17:56:10,688 INFO L290 TraceCheckUtils]: 5: Hoare triple {16207#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {16207#true} is VALID [2022-02-20 17:56:10,689 INFO L272 TraceCheckUtils]: 6: Hoare triple {16207#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16266#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:10,689 INFO L290 TraceCheckUtils]: 7: Hoare triple {16266#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,689 INFO L290 TraceCheckUtils]: 8: Hoare triple {16207#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,689 INFO L290 TraceCheckUtils]: 9: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,689 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {16207#true} {16207#true} #1017#return; {16207#true} is VALID [2022-02-20 17:56:10,689 INFO L290 TraceCheckUtils]: 11: Hoare triple {16207#true} assume { :end_inline_setup_bob__wrappee__Base } true; {16207#true} is VALID [2022-02-20 17:56:10,690 INFO L272 TraceCheckUtils]: 12: Hoare triple {16207#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16267#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:10,690 INFO L290 TraceCheckUtils]: 13: Hoare triple {16267#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,690 INFO L290 TraceCheckUtils]: 14: Hoare triple {16207#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,690 INFO L290 TraceCheckUtils]: 15: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,690 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16207#true} {16207#true} #1019#return; {16207#true} is VALID [2022-02-20 17:56:10,691 INFO L290 TraceCheckUtils]: 17: Hoare triple {16207#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {16207#true} is VALID [2022-02-20 17:56:10,691 INFO L272 TraceCheckUtils]: 18: Hoare triple {16207#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16266#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:10,691 INFO L290 TraceCheckUtils]: 19: Hoare triple {16266#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,691 INFO L290 TraceCheckUtils]: 20: Hoare triple {16207#true} assume !(1 == ~handle); {16207#true} is VALID [2022-02-20 17:56:10,692 INFO L290 TraceCheckUtils]: 21: Hoare triple {16207#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,692 INFO L290 TraceCheckUtils]: 22: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,692 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {16207#true} {16207#true} #1021#return; {16207#true} is VALID [2022-02-20 17:56:10,692 INFO L290 TraceCheckUtils]: 24: Hoare triple {16207#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {16207#true} is VALID [2022-02-20 17:56:10,692 INFO L272 TraceCheckUtils]: 25: Hoare triple {16207#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16267#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:10,693 INFO L290 TraceCheckUtils]: 26: Hoare triple {16267#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,693 INFO L290 TraceCheckUtils]: 27: Hoare triple {16207#true} assume !(1 == ~handle); {16207#true} is VALID [2022-02-20 17:56:10,693 INFO L290 TraceCheckUtils]: 28: Hoare triple {16207#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,693 INFO L290 TraceCheckUtils]: 29: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,693 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16207#true} {16207#true} #1023#return; {16207#true} is VALID [2022-02-20 17:56:10,693 INFO L290 TraceCheckUtils]: 31: Hoare triple {16207#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {16227#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:10,694 INFO L272 TraceCheckUtils]: 32: Hoare triple {16227#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16266#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:10,694 INFO L290 TraceCheckUtils]: 33: Hoare triple {16266#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16268#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:10,695 INFO L290 TraceCheckUtils]: 34: Hoare triple {16268#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {16268#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:10,695 INFO L290 TraceCheckUtils]: 35: Hoare triple {16268#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16269#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:10,695 INFO L290 TraceCheckUtils]: 36: Hoare triple {16269#(= 2 |setClientId_#in~handle|)} assume true; {16269#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:10,696 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {16269#(= 2 |setClientId_#in~handle|)} {16227#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1025#return; {16208#false} is VALID [2022-02-20 17:56:10,696 INFO L290 TraceCheckUtils]: 38: Hoare triple {16208#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {16208#false} is VALID [2022-02-20 17:56:10,696 INFO L272 TraceCheckUtils]: 39: Hoare triple {16208#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16267#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:10,696 INFO L290 TraceCheckUtils]: 40: Hoare triple {16267#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,696 INFO L290 TraceCheckUtils]: 41: Hoare triple {16207#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,696 INFO L290 TraceCheckUtils]: 42: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,696 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {16207#true} {16208#false} #1027#return; {16208#false} is VALID [2022-02-20 17:56:10,696 INFO L290 TraceCheckUtils]: 44: Hoare triple {16208#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 45: Hoare triple {16208#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 46: Hoare triple {16208#false} assume !false; {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 47: Hoare triple {16208#false} assume test_~splverifierCounter~0#1 < 4; {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 48: Hoare triple {16208#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 49: Hoare triple {16208#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 50: Hoare triple {16208#false} assume !(0 != test_~tmp___9~0#1); {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 51: Hoare triple {16208#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 52: Hoare triple {16208#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 53: Hoare triple {16208#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {16208#false} is VALID [2022-02-20 17:56:10,697 INFO L290 TraceCheckUtils]: 54: Hoare triple {16208#false} assume { :end_inline_setClientAutoResponse } true; {16208#false} is VALID [2022-02-20 17:56:10,698 INFO L290 TraceCheckUtils]: 55: Hoare triple {16208#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {16208#false} is VALID [2022-02-20 17:56:10,698 INFO L290 TraceCheckUtils]: 56: Hoare triple {16208#false} assume !false; {16208#false} is VALID [2022-02-20 17:56:10,698 INFO L290 TraceCheckUtils]: 57: Hoare triple {16208#false} assume !(test_~splverifierCounter~0#1 < 4); {16208#false} is VALID [2022-02-20 17:56:10,698 INFO L290 TraceCheckUtils]: 58: Hoare triple {16208#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {16208#false} is VALID [2022-02-20 17:56:10,698 INFO L272 TraceCheckUtils]: 59: Hoare triple {16208#false} call sendEmail(~bob~0, ~rjh~0); {16208#false} is VALID [2022-02-20 17:56:10,698 INFO L290 TraceCheckUtils]: 60: Hoare triple {16208#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16208#false} is VALID [2022-02-20 17:56:10,698 INFO L272 TraceCheckUtils]: 61: Hoare triple {16208#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16270#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:10,698 INFO L290 TraceCheckUtils]: 62: Hoare triple {16270#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,698 INFO L290 TraceCheckUtils]: 63: Hoare triple {16207#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,698 INFO L290 TraceCheckUtils]: 64: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,699 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {16207#true} {16208#false} #1003#return; {16208#false} is VALID [2022-02-20 17:56:10,699 INFO L272 TraceCheckUtils]: 66: Hoare triple {16208#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {16271#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:10,699 INFO L290 TraceCheckUtils]: 67: Hoare triple {16271#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,699 INFO L290 TraceCheckUtils]: 68: Hoare triple {16207#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,699 INFO L290 TraceCheckUtils]: 69: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,699 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {16207#true} {16208#false} #1005#return; {16208#false} is VALID [2022-02-20 17:56:10,699 INFO L290 TraceCheckUtils]: 71: Hoare triple {16208#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {16208#false} is VALID [2022-02-20 17:56:10,699 INFO L290 TraceCheckUtils]: 72: Hoare triple {16208#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {16208#false} is VALID [2022-02-20 17:56:10,699 INFO L272 TraceCheckUtils]: 73: Hoare triple {16208#false} call outgoing(~sender#1, ~email~0#1); {16208#false} is VALID [2022-02-20 17:56:10,699 INFO L290 TraceCheckUtils]: 74: Hoare triple {16208#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {16208#false} is VALID [2022-02-20 17:56:10,700 INFO L272 TraceCheckUtils]: 75: Hoare triple {16208#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {16207#true} is VALID [2022-02-20 17:56:10,700 INFO L290 TraceCheckUtils]: 76: Hoare triple {16207#true} ~handle := #in~handle;havoc ~retValue_acc~17; {16207#true} is VALID [2022-02-20 17:56:10,700 INFO L290 TraceCheckUtils]: 77: Hoare triple {16207#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {16207#true} is VALID [2022-02-20 17:56:10,700 INFO L290 TraceCheckUtils]: 78: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,700 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {16207#true} {16208#false} #957#return; {16208#false} is VALID [2022-02-20 17:56:10,700 INFO L290 TraceCheckUtils]: 80: Hoare triple {16208#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {16208#false} is VALID [2022-02-20 17:56:10,700 INFO L290 TraceCheckUtils]: 81: Hoare triple {16208#false} assume 0 == sign_~privkey~1#1; {16208#false} is VALID [2022-02-20 17:56:10,700 INFO L290 TraceCheckUtils]: 82: Hoare triple {16208#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {16208#false} is VALID [2022-02-20 17:56:10,700 INFO L272 TraceCheckUtils]: 83: Hoare triple {16208#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {16207#true} is VALID [2022-02-20 17:56:10,701 INFO L290 TraceCheckUtils]: 84: Hoare triple {16207#true} ~handle := #in~handle;havoc ~retValue_acc~33; {16207#true} is VALID [2022-02-20 17:56:10,701 INFO L290 TraceCheckUtils]: 85: Hoare triple {16207#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {16207#true} is VALID [2022-02-20 17:56:10,701 INFO L290 TraceCheckUtils]: 86: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,701 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {16207#true} {16208#false} #959#return; {16208#false} is VALID [2022-02-20 17:56:10,701 INFO L290 TraceCheckUtils]: 88: Hoare triple {16208#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {16208#false} is VALID [2022-02-20 17:56:10,701 INFO L272 TraceCheckUtils]: 89: Hoare triple {16208#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {16207#true} is VALID [2022-02-20 17:56:10,701 INFO L290 TraceCheckUtils]: 90: Hoare triple {16207#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {16207#true} is VALID [2022-02-20 17:56:10,701 INFO L290 TraceCheckUtils]: 91: Hoare triple {16207#true} assume 1 == ~handle; {16207#true} is VALID [2022-02-20 17:56:10,701 INFO L290 TraceCheckUtils]: 92: Hoare triple {16207#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {16207#true} is VALID [2022-02-20 17:56:10,701 INFO L290 TraceCheckUtils]: 93: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,702 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {16207#true} {16208#false} #961#return; {16208#false} is VALID [2022-02-20 17:56:10,702 INFO L290 TraceCheckUtils]: 95: Hoare triple {16208#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {16208#false} is VALID [2022-02-20 17:56:10,702 INFO L290 TraceCheckUtils]: 96: Hoare triple {16208#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {16208#false} is VALID [2022-02-20 17:56:10,702 INFO L290 TraceCheckUtils]: 97: Hoare triple {16208#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {16208#false} is VALID [2022-02-20 17:56:10,702 INFO L290 TraceCheckUtils]: 98: Hoare triple {16208#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {16208#false} is VALID [2022-02-20 17:56:10,702 INFO L290 TraceCheckUtils]: 99: Hoare triple {16208#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {16208#false} is VALID [2022-02-20 17:56:10,702 INFO L272 TraceCheckUtils]: 100: Hoare triple {16208#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {16270#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:10,702 INFO L290 TraceCheckUtils]: 101: Hoare triple {16270#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16207#true} is VALID [2022-02-20 17:56:10,702 INFO L290 TraceCheckUtils]: 102: Hoare triple {16207#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16207#true} is VALID [2022-02-20 17:56:10,702 INFO L290 TraceCheckUtils]: 103: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,703 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {16207#true} {16208#false} #967#return; {16208#false} is VALID [2022-02-20 17:56:10,703 INFO L290 TraceCheckUtils]: 105: Hoare triple {16208#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {16208#false} is VALID [2022-02-20 17:56:10,703 INFO L290 TraceCheckUtils]: 106: Hoare triple {16208#false} assume !(-1 == ~mail_is_sensitive~0); {16208#false} is VALID [2022-02-20 17:56:10,703 INFO L272 TraceCheckUtils]: 107: Hoare triple {16208#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {16207#true} is VALID [2022-02-20 17:56:10,703 INFO L290 TraceCheckUtils]: 108: Hoare triple {16207#true} ~handle := #in~handle;havoc ~retValue_acc~36; {16207#true} is VALID [2022-02-20 17:56:10,703 INFO L290 TraceCheckUtils]: 109: Hoare triple {16207#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {16207#true} is VALID [2022-02-20 17:56:10,703 INFO L290 TraceCheckUtils]: 110: Hoare triple {16207#true} assume true; {16207#true} is VALID [2022-02-20 17:56:10,703 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {16207#true} {16208#false} #971#return; {16208#false} is VALID [2022-02-20 17:56:10,703 INFO L290 TraceCheckUtils]: 112: Hoare triple {16208#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {16208#false} is VALID [2022-02-20 17:56:10,704 INFO L290 TraceCheckUtils]: 113: Hoare triple {16208#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {16208#false} is VALID [2022-02-20 17:56:10,704 INFO L290 TraceCheckUtils]: 114: Hoare triple {16208#false} assume !false; {16208#false} is VALID [2022-02-20 17:56:10,704 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:56:10,704 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:10,704 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1121160236] [2022-02-20 17:56:10,704 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1121160236] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:10,704 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:10,705 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:56:10,705 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1119816147] [2022-02-20 17:56:10,705 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:10,706 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 115 [2022-02-20 17:56:10,706 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:10,706 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:10,780 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 104 edges. 104 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:10,781 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:56:10,781 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:10,781 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:56:10,782 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:56:10,782 INFO L87 Difference]: Start difference. First operand 395 states and 596 transitions. Second operand has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:16,657 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:16,658 INFO L93 Difference]: Finished difference Result 884 states and 1338 transitions. [2022-02-20 17:56:16,658 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:56:16,658 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) Word has length 115 [2022-02-20 17:56:16,659 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:16,660 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:16,672 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1150 transitions. [2022-02-20 17:56:16,672 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:16,685 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1150 transitions. [2022-02-20 17:56:16,686 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1150 transitions. [2022-02-20 17:56:17,691 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1150 edges. 1150 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:17,711 INFO L225 Difference]: With dead ends: 884 [2022-02-20 17:56:17,711 INFO L226 Difference]: Without dead ends: 512 [2022-02-20 17:56:17,713 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 44 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:56:17,713 INFO L933 BasicCegarLoop]: 566 mSDtfsCounter, 1208 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1860 mSolverCounterSat, 419 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1225 SdHoareTripleChecker+Valid, 1381 SdHoareTripleChecker+Invalid, 2279 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 419 IncrementalHoareTripleChecker+Valid, 1860 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:17,714 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1225 Valid, 1381 Invalid, 2279 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [419 Valid, 1860 Invalid, 0 Unknown, 0 Unchecked, 2.6s Time] [2022-02-20 17:56:17,715 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 512 states. [2022-02-20 17:56:17,806 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 512 to 397. [2022-02-20 17:56:17,806 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:17,807 INFO L82 GeneralOperation]: Start isEquivalent. First operand 512 states. Second operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 17:56:17,808 INFO L74 IsIncluded]: Start isIncluded. First operand 512 states. Second operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 17:56:17,809 INFO L87 Difference]: Start difference. First operand 512 states. Second operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 17:56:17,828 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:17,828 INFO L93 Difference]: Finished difference Result 512 states and 772 transitions. [2022-02-20 17:56:17,828 INFO L276 IsEmpty]: Start isEmpty. Operand 512 states and 772 transitions. [2022-02-20 17:56:17,831 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:17,831 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:17,832 INFO L74 IsIncluded]: Start isIncluded. First operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) Second operand 512 states. [2022-02-20 17:56:17,833 INFO L87 Difference]: Start difference. First operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) Second operand 512 states. [2022-02-20 17:56:17,852 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:17,852 INFO L93 Difference]: Finished difference Result 512 states and 772 transitions. [2022-02-20 17:56:17,852 INFO L276 IsEmpty]: Start isEmpty. Operand 512 states and 772 transitions. [2022-02-20 17:56:17,855 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:17,855 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:17,855 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:17,855 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:17,856 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (71), 63 states have call predecessors, (71), 63 states have call successors, (71) [2022-02-20 17:56:17,870 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 397 states to 397 states and 599 transitions. [2022-02-20 17:56:17,870 INFO L78 Accepts]: Start accepts. Automaton has 397 states and 599 transitions. Word has length 115 [2022-02-20 17:56:17,870 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:17,870 INFO L470 AbstractCegarLoop]: Abstraction has 397 states and 599 transitions. [2022-02-20 17:56:17,870 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 9.5) internal successors, (76), 5 states have internal predecessors, (76), 3 states have call successors, (15), 6 states have call predecessors, (15), 2 states have return successors, (13), 2 states have call predecessors, (13), 3 states have call successors, (13) [2022-02-20 17:56:17,871 INFO L276 IsEmpty]: Start isEmpty. Operand 397 states and 599 transitions. [2022-02-20 17:56:17,872 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 117 [2022-02-20 17:56:17,872 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:17,872 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:17,872 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:56:17,873 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:17,873 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:17,873 INFO L85 PathProgramCache]: Analyzing trace with hash -580111292, now seen corresponding path program 1 times [2022-02-20 17:56:17,873 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:17,874 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2143058502] [2022-02-20 17:56:17,874 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:17,874 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:17,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:17,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {19189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:17,945 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:17,945 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:17,945 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19128#true} {19128#true} #1017#return; {19128#true} is VALID [2022-02-20 17:56:17,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:17,953 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,955 INFO L290 TraceCheckUtils]: 0: Hoare triple {19190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:17,955 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:17,955 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:17,955 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19128#true} {19128#true} #1019#return; {19128#true} is VALID [2022-02-20 17:56:17,955 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:17,956 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,958 INFO L290 TraceCheckUtils]: 0: Hoare triple {19189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:17,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume !(1 == ~handle); {19128#true} is VALID [2022-02-20 17:56:17,958 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:17,958 INFO L290 TraceCheckUtils]: 3: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:17,959 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19128#true} {19128#true} #1021#return; {19128#true} is VALID [2022-02-20 17:56:17,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:17,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {19190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:17,962 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume !(1 == ~handle); {19128#true} is VALID [2022-02-20 17:56:17,962 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:17,963 INFO L290 TraceCheckUtils]: 3: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:17,963 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19128#true} {19128#true} #1023#return; {19128#true} is VALID [2022-02-20 17:56:17,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:17,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,987 INFO L290 TraceCheckUtils]: 0: Hoare triple {19189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19191#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,988 INFO L290 TraceCheckUtils]: 1: Hoare triple {19191#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19191#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,988 INFO L290 TraceCheckUtils]: 2: Hoare triple {19191#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19191#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,988 INFO L290 TraceCheckUtils]: 3: Hoare triple {19191#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19192#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,989 INFO L290 TraceCheckUtils]: 4: Hoare triple {19192#(= 3 |setClientId_#in~handle|)} assume true; {19192#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,989 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {19192#(= 3 |setClientId_#in~handle|)} {19148#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1025#return; {19155#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:56:17,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:17,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:18,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {19190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19193#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:18,012 INFO L290 TraceCheckUtils]: 1: Hoare triple {19193#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19194#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:18,012 INFO L290 TraceCheckUtils]: 2: Hoare triple {19194#(= |setClientPrivateKey_#in~handle| 1)} assume true; {19194#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:18,012 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19194#(= |setClientPrivateKey_#in~handle| 1)} {19155#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1027#return; {19129#false} is VALID [2022-02-20 17:56:18,021 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:56:18,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:18,024 INFO L290 TraceCheckUtils]: 0: Hoare triple {19195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,025 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19128#true} {19129#false} #1003#return; {19129#false} is VALID [2022-02-20 17:56:18,034 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:56:18,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:18,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {19196#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,039 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,040 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19128#true} {19129#false} #1005#return; {19129#false} is VALID [2022-02-20 17:56:18,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:56:18,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:18,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {19128#true} ~handle := #in~handle;havoc ~retValue_acc~17; {19128#true} is VALID [2022-02-20 17:56:18,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {19128#true} is VALID [2022-02-20 17:56:18,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,044 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19128#true} {19129#false} #957#return; {19129#false} is VALID [2022-02-20 17:56:18,044 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:56:18,045 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:18,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {19128#true} ~handle := #in~handle;havoc ~retValue_acc~33; {19128#true} is VALID [2022-02-20 17:56:18,047 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {19128#true} is VALID [2022-02-20 17:56:18,048 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,048 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19128#true} {19129#false} #959#return; {19129#false} is VALID [2022-02-20 17:56:18,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:56:18,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:18,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {19128#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {19128#true} is VALID [2022-02-20 17:56:18,051 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume 1 == ~handle; {19128#true} is VALID [2022-02-20 17:56:18,051 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {19128#true} is VALID [2022-02-20 17:56:18,051 INFO L290 TraceCheckUtils]: 3: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,051 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19128#true} {19129#false} #961#return; {19129#false} is VALID [2022-02-20 17:56:18,051 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:56:18,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:18,054 INFO L290 TraceCheckUtils]: 0: Hoare triple {19195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,054 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,054 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,055 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19128#true} {19129#false} #967#return; {19129#false} is VALID [2022-02-20 17:56:18,055 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:56:18,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:18,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {19128#true} ~handle := #in~handle;havoc ~retValue_acc~36; {19128#true} is VALID [2022-02-20 17:56:18,058 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {19128#true} is VALID [2022-02-20 17:56:18,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,059 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19128#true} {19129#false} #971#return; {19129#false} is VALID [2022-02-20 17:56:18,059 INFO L290 TraceCheckUtils]: 0: Hoare triple {19128#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {19128#true} is VALID [2022-02-20 17:56:18,059 INFO L290 TraceCheckUtils]: 1: Hoare triple {19128#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {19128#true} is VALID [2022-02-20 17:56:18,059 INFO L290 TraceCheckUtils]: 2: Hoare triple {19128#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19128#true} is VALID [2022-02-20 17:56:18,059 INFO L290 TraceCheckUtils]: 3: Hoare triple {19128#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {19128#true} is VALID [2022-02-20 17:56:18,059 INFO L290 TraceCheckUtils]: 4: Hoare triple {19128#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {19128#true} is VALID [2022-02-20 17:56:18,060 INFO L290 TraceCheckUtils]: 5: Hoare triple {19128#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19128#true} is VALID [2022-02-20 17:56:18,060 INFO L272 TraceCheckUtils]: 6: Hoare triple {19128#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:18,060 INFO L290 TraceCheckUtils]: 7: Hoare triple {19189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,061 INFO L290 TraceCheckUtils]: 8: Hoare triple {19128#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,061 INFO L290 TraceCheckUtils]: 9: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,067 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19128#true} {19128#true} #1017#return; {19128#true} is VALID [2022-02-20 17:56:18,067 INFO L290 TraceCheckUtils]: 11: Hoare triple {19128#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19128#true} is VALID [2022-02-20 17:56:18,068 INFO L272 TraceCheckUtils]: 12: Hoare triple {19128#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:18,068 INFO L290 TraceCheckUtils]: 13: Hoare triple {19190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,069 INFO L290 TraceCheckUtils]: 14: Hoare triple {19128#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,069 INFO L290 TraceCheckUtils]: 15: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,069 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19128#true} {19128#true} #1019#return; {19128#true} is VALID [2022-02-20 17:56:18,069 INFO L290 TraceCheckUtils]: 17: Hoare triple {19128#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19128#true} is VALID [2022-02-20 17:56:18,070 INFO L272 TraceCheckUtils]: 18: Hoare triple {19128#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:18,070 INFO L290 TraceCheckUtils]: 19: Hoare triple {19189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,070 INFO L290 TraceCheckUtils]: 20: Hoare triple {19128#true} assume !(1 == ~handle); {19128#true} is VALID [2022-02-20 17:56:18,070 INFO L290 TraceCheckUtils]: 21: Hoare triple {19128#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,070 INFO L290 TraceCheckUtils]: 22: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,071 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19128#true} {19128#true} #1021#return; {19128#true} is VALID [2022-02-20 17:56:18,071 INFO L290 TraceCheckUtils]: 24: Hoare triple {19128#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19128#true} is VALID [2022-02-20 17:56:18,071 INFO L272 TraceCheckUtils]: 25: Hoare triple {19128#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:18,071 INFO L290 TraceCheckUtils]: 26: Hoare triple {19190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,072 INFO L290 TraceCheckUtils]: 27: Hoare triple {19128#true} assume !(1 == ~handle); {19128#true} is VALID [2022-02-20 17:56:18,072 INFO L290 TraceCheckUtils]: 28: Hoare triple {19128#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,072 INFO L290 TraceCheckUtils]: 29: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,072 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19128#true} {19128#true} #1023#return; {19128#true} is VALID [2022-02-20 17:56:18,073 INFO L290 TraceCheckUtils]: 31: Hoare triple {19128#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19148#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:18,073 INFO L272 TraceCheckUtils]: 32: Hoare triple {19148#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:18,074 INFO L290 TraceCheckUtils]: 33: Hoare triple {19189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19191#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:18,074 INFO L290 TraceCheckUtils]: 34: Hoare triple {19191#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19191#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:18,074 INFO L290 TraceCheckUtils]: 35: Hoare triple {19191#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {19191#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:18,075 INFO L290 TraceCheckUtils]: 36: Hoare triple {19191#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {19192#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:18,075 INFO L290 TraceCheckUtils]: 37: Hoare triple {19192#(= 3 |setClientId_#in~handle|)} assume true; {19192#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:18,075 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {19192#(= 3 |setClientId_#in~handle|)} {19148#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1025#return; {19155#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:56:18,076 INFO L290 TraceCheckUtils]: 39: Hoare triple {19155#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {19155#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:56:18,076 INFO L272 TraceCheckUtils]: 40: Hoare triple {19155#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:18,077 INFO L290 TraceCheckUtils]: 41: Hoare triple {19190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19193#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:18,077 INFO L290 TraceCheckUtils]: 42: Hoare triple {19193#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19194#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:18,078 INFO L290 TraceCheckUtils]: 43: Hoare triple {19194#(= |setClientPrivateKey_#in~handle| 1)} assume true; {19194#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:18,078 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {19194#(= |setClientPrivateKey_#in~handle| 1)} {19155#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1027#return; {19129#false} is VALID [2022-02-20 17:56:18,078 INFO L290 TraceCheckUtils]: 45: Hoare triple {19129#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {19129#false} is VALID [2022-02-20 17:56:18,078 INFO L290 TraceCheckUtils]: 46: Hoare triple {19129#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19129#false} is VALID [2022-02-20 17:56:18,079 INFO L290 TraceCheckUtils]: 47: Hoare triple {19129#false} assume !false; {19129#false} is VALID [2022-02-20 17:56:18,079 INFO L290 TraceCheckUtils]: 48: Hoare triple {19129#false} assume test_~splverifierCounter~0#1 < 4; {19129#false} is VALID [2022-02-20 17:56:18,079 INFO L290 TraceCheckUtils]: 49: Hoare triple {19129#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19129#false} is VALID [2022-02-20 17:56:18,079 INFO L290 TraceCheckUtils]: 50: Hoare triple {19129#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {19129#false} is VALID [2022-02-20 17:56:18,079 INFO L290 TraceCheckUtils]: 51: Hoare triple {19129#false} assume !(0 != test_~tmp___9~0#1); {19129#false} is VALID [2022-02-20 17:56:18,079 INFO L290 TraceCheckUtils]: 52: Hoare triple {19129#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {19129#false} is VALID [2022-02-20 17:56:18,079 INFO L290 TraceCheckUtils]: 53: Hoare triple {19129#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {19129#false} is VALID [2022-02-20 17:56:18,080 INFO L290 TraceCheckUtils]: 54: Hoare triple {19129#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {19129#false} is VALID [2022-02-20 17:56:18,080 INFO L290 TraceCheckUtils]: 55: Hoare triple {19129#false} assume { :end_inline_setClientAutoResponse } true; {19129#false} is VALID [2022-02-20 17:56:18,080 INFO L290 TraceCheckUtils]: 56: Hoare triple {19129#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {19129#false} is VALID [2022-02-20 17:56:18,080 INFO L290 TraceCheckUtils]: 57: Hoare triple {19129#false} assume !false; {19129#false} is VALID [2022-02-20 17:56:18,080 INFO L290 TraceCheckUtils]: 58: Hoare triple {19129#false} assume !(test_~splverifierCounter~0#1 < 4); {19129#false} is VALID [2022-02-20 17:56:18,080 INFO L290 TraceCheckUtils]: 59: Hoare triple {19129#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {19129#false} is VALID [2022-02-20 17:56:18,080 INFO L272 TraceCheckUtils]: 60: Hoare triple {19129#false} call sendEmail(~bob~0, ~rjh~0); {19129#false} is VALID [2022-02-20 17:56:18,081 INFO L290 TraceCheckUtils]: 61: Hoare triple {19129#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19129#false} is VALID [2022-02-20 17:56:18,081 INFO L272 TraceCheckUtils]: 62: Hoare triple {19129#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:18,081 INFO L290 TraceCheckUtils]: 63: Hoare triple {19195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,081 INFO L290 TraceCheckUtils]: 64: Hoare triple {19128#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,081 INFO L290 TraceCheckUtils]: 65: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,081 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {19128#true} {19129#false} #1003#return; {19129#false} is VALID [2022-02-20 17:56:18,081 INFO L272 TraceCheckUtils]: 67: Hoare triple {19129#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19196#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:18,082 INFO L290 TraceCheckUtils]: 68: Hoare triple {19196#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,082 INFO L290 TraceCheckUtils]: 69: Hoare triple {19128#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,082 INFO L290 TraceCheckUtils]: 70: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,082 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {19128#true} {19129#false} #1005#return; {19129#false} is VALID [2022-02-20 17:56:18,082 INFO L290 TraceCheckUtils]: 72: Hoare triple {19129#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {19129#false} is VALID [2022-02-20 17:56:18,082 INFO L290 TraceCheckUtils]: 73: Hoare triple {19129#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {19129#false} is VALID [2022-02-20 17:56:18,082 INFO L272 TraceCheckUtils]: 74: Hoare triple {19129#false} call outgoing(~sender#1, ~email~0#1); {19129#false} is VALID [2022-02-20 17:56:18,083 INFO L290 TraceCheckUtils]: 75: Hoare triple {19129#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {19129#false} is VALID [2022-02-20 17:56:18,083 INFO L272 TraceCheckUtils]: 76: Hoare triple {19129#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {19128#true} is VALID [2022-02-20 17:56:18,083 INFO L290 TraceCheckUtils]: 77: Hoare triple {19128#true} ~handle := #in~handle;havoc ~retValue_acc~17; {19128#true} is VALID [2022-02-20 17:56:18,083 INFO L290 TraceCheckUtils]: 78: Hoare triple {19128#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {19128#true} is VALID [2022-02-20 17:56:18,083 INFO L290 TraceCheckUtils]: 79: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,083 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {19128#true} {19129#false} #957#return; {19129#false} is VALID [2022-02-20 17:56:18,083 INFO L290 TraceCheckUtils]: 81: Hoare triple {19129#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {19129#false} is VALID [2022-02-20 17:56:18,084 INFO L290 TraceCheckUtils]: 82: Hoare triple {19129#false} assume 0 == sign_~privkey~1#1; {19129#false} is VALID [2022-02-20 17:56:18,084 INFO L290 TraceCheckUtils]: 83: Hoare triple {19129#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {19129#false} is VALID [2022-02-20 17:56:18,084 INFO L272 TraceCheckUtils]: 84: Hoare triple {19129#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {19128#true} is VALID [2022-02-20 17:56:18,084 INFO L290 TraceCheckUtils]: 85: Hoare triple {19128#true} ~handle := #in~handle;havoc ~retValue_acc~33; {19128#true} is VALID [2022-02-20 17:56:18,084 INFO L290 TraceCheckUtils]: 86: Hoare triple {19128#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {19128#true} is VALID [2022-02-20 17:56:18,084 INFO L290 TraceCheckUtils]: 87: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,085 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {19128#true} {19129#false} #959#return; {19129#false} is VALID [2022-02-20 17:56:18,085 INFO L290 TraceCheckUtils]: 89: Hoare triple {19129#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {19129#false} is VALID [2022-02-20 17:56:18,085 INFO L272 TraceCheckUtils]: 90: Hoare triple {19129#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {19128#true} is VALID [2022-02-20 17:56:18,085 INFO L290 TraceCheckUtils]: 91: Hoare triple {19128#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {19128#true} is VALID [2022-02-20 17:56:18,085 INFO L290 TraceCheckUtils]: 92: Hoare triple {19128#true} assume 1 == ~handle; {19128#true} is VALID [2022-02-20 17:56:18,085 INFO L290 TraceCheckUtils]: 93: Hoare triple {19128#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {19128#true} is VALID [2022-02-20 17:56:18,085 INFO L290 TraceCheckUtils]: 94: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,086 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {19128#true} {19129#false} #961#return; {19129#false} is VALID [2022-02-20 17:56:18,086 INFO L290 TraceCheckUtils]: 96: Hoare triple {19129#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {19129#false} is VALID [2022-02-20 17:56:18,086 INFO L290 TraceCheckUtils]: 97: Hoare triple {19129#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {19129#false} is VALID [2022-02-20 17:56:18,086 INFO L290 TraceCheckUtils]: 98: Hoare triple {19129#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {19129#false} is VALID [2022-02-20 17:56:18,086 INFO L290 TraceCheckUtils]: 99: Hoare triple {19129#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {19129#false} is VALID [2022-02-20 17:56:18,086 INFO L290 TraceCheckUtils]: 100: Hoare triple {19129#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {19129#false} is VALID [2022-02-20 17:56:18,086 INFO L272 TraceCheckUtils]: 101: Hoare triple {19129#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {19195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:18,087 INFO L290 TraceCheckUtils]: 102: Hoare triple {19195#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19128#true} is VALID [2022-02-20 17:56:18,087 INFO L290 TraceCheckUtils]: 103: Hoare triple {19128#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19128#true} is VALID [2022-02-20 17:56:18,087 INFO L290 TraceCheckUtils]: 104: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,087 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {19128#true} {19129#false} #967#return; {19129#false} is VALID [2022-02-20 17:56:18,087 INFO L290 TraceCheckUtils]: 106: Hoare triple {19129#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {19129#false} is VALID [2022-02-20 17:56:18,087 INFO L290 TraceCheckUtils]: 107: Hoare triple {19129#false} assume !(-1 == ~mail_is_sensitive~0); {19129#false} is VALID [2022-02-20 17:56:18,087 INFO L272 TraceCheckUtils]: 108: Hoare triple {19129#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {19128#true} is VALID [2022-02-20 17:56:18,088 INFO L290 TraceCheckUtils]: 109: Hoare triple {19128#true} ~handle := #in~handle;havoc ~retValue_acc~36; {19128#true} is VALID [2022-02-20 17:56:18,088 INFO L290 TraceCheckUtils]: 110: Hoare triple {19128#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {19128#true} is VALID [2022-02-20 17:56:18,088 INFO L290 TraceCheckUtils]: 111: Hoare triple {19128#true} assume true; {19128#true} is VALID [2022-02-20 17:56:18,088 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {19128#true} {19129#false} #971#return; {19129#false} is VALID [2022-02-20 17:56:18,088 INFO L290 TraceCheckUtils]: 113: Hoare triple {19129#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {19129#false} is VALID [2022-02-20 17:56:18,088 INFO L290 TraceCheckUtils]: 114: Hoare triple {19129#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {19129#false} is VALID [2022-02-20 17:56:18,088 INFO L290 TraceCheckUtils]: 115: Hoare triple {19129#false} assume !false; {19129#false} is VALID [2022-02-20 17:56:18,089 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:56:18,089 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:18,089 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2143058502] [2022-02-20 17:56:18,089 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2143058502] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:18,090 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:18,090 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:56:18,090 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1200711888] [2022-02-20 17:56:18,090 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:18,091 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 116 [2022-02-20 17:56:18,091 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:18,091 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:18,166 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 108 edges. 108 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:18,166 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:56:18,167 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:18,167 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:56:18,168 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:56:18,168 INFO L87 Difference]: Start difference. First operand 397 states and 599 transitions. Second operand has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:26,816 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:26,816 INFO L93 Difference]: Finished difference Result 882 states and 1333 transitions. [2022-02-20 17:56:26,816 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:56:26,817 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 116 [2022-02-20 17:56:26,817 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:26,817 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:26,828 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1151 transitions. [2022-02-20 17:56:26,828 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:26,839 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1151 transitions. [2022-02-20 17:56:26,839 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1151 transitions. [2022-02-20 17:56:27,796 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1151 edges. 1151 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:27,811 INFO L225 Difference]: With dead ends: 882 [2022-02-20 17:56:27,811 INFO L226 Difference]: Without dead ends: 512 [2022-02-20 17:56:27,812 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:56:27,813 INFO L933 BasicCegarLoop]: 552 mSDtfsCounter, 1320 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 3370 mSolverCounterSat, 471 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1320 SdHoareTripleChecker+Valid, 1684 SdHoareTripleChecker+Invalid, 3841 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 471 IncrementalHoareTripleChecker+Valid, 3370 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:27,813 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1320 Valid, 1684 Invalid, 3841 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [471 Valid, 3370 Invalid, 0 Unknown, 0 Unchecked, 4.0s Time] [2022-02-20 17:56:27,814 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 512 states. [2022-02-20 17:56:27,918 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 512 to 397. [2022-02-20 17:56:27,918 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:27,919 INFO L82 GeneralOperation]: Start isEquivalent. First operand 512 states. Second operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 17:56:27,920 INFO L74 IsIncluded]: Start isIncluded. First operand 512 states. Second operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 17:56:27,921 INFO L87 Difference]: Start difference. First operand 512 states. Second operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 17:56:27,939 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:27,939 INFO L93 Difference]: Finished difference Result 512 states and 771 transitions. [2022-02-20 17:56:27,940 INFO L276 IsEmpty]: Start isEmpty. Operand 512 states and 771 transitions. [2022-02-20 17:56:27,942 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:27,942 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:27,944 INFO L74 IsIncluded]: Start isIncluded. First operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) Second operand 512 states. [2022-02-20 17:56:27,945 INFO L87 Difference]: Start difference. First operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) Second operand 512 states. [2022-02-20 17:56:27,963 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:27,963 INFO L93 Difference]: Finished difference Result 512 states and 771 transitions. [2022-02-20 17:56:27,973 INFO L276 IsEmpty]: Start isEmpty. Operand 512 states and 771 transitions. [2022-02-20 17:56:27,975 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:27,975 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:27,976 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:27,976 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:27,977 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 397 states, 306 states have (on average 1.5163398692810457) internal successors, (464), 312 states have internal predecessors, (464), 64 states have call successors, (64), 23 states have call predecessors, (64), 26 states have return successors, (70), 63 states have call predecessors, (70), 63 states have call successors, (70) [2022-02-20 17:56:27,990 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 397 states to 397 states and 598 transitions. [2022-02-20 17:56:27,991 INFO L78 Accepts]: Start accepts. Automaton has 397 states and 598 transitions. Word has length 116 [2022-02-20 17:56:27,991 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:27,991 INFO L470 AbstractCegarLoop]: Abstraction has 397 states and 598 transitions. [2022-02-20 17:56:27,991 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.2727272727272725) internal successors, (80), 8 states have internal predecessors, (80), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:27,992 INFO L276 IsEmpty]: Start isEmpty. Operand 397 states and 598 transitions. [2022-02-20 17:56:27,993 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 118 [2022-02-20 17:56:27,993 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:27,993 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:27,994 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:56:27,994 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:27,994 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:27,994 INFO L85 PathProgramCache]: Analyzing trace with hash 855846113, now seen corresponding path program 2 times [2022-02-20 17:56:27,995 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:27,995 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [73444571] [2022-02-20 17:56:27,995 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:27,995 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:28,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,061 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:28,063 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,065 INFO L290 TraceCheckUtils]: 0: Hoare triple {22120#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,065 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,065 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,066 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22058#true} {22058#true} #1017#return; {22058#true} is VALID [2022-02-20 17:56:28,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:28,073 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {22121#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,077 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,077 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22058#true} {22058#true} #1019#return; {22058#true} is VALID [2022-02-20 17:56:28,077 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:28,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {22120#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,080 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume !(1 == ~handle); {22058#true} is VALID [2022-02-20 17:56:28,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,081 INFO L290 TraceCheckUtils]: 3: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,081 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22058#true} {22058#true} #1021#return; {22058#true} is VALID [2022-02-20 17:56:28,081 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:28,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {22121#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,085 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume !(1 == ~handle); {22058#true} is VALID [2022-02-20 17:56:28,085 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,085 INFO L290 TraceCheckUtils]: 3: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,085 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22058#true} {22058#true} #1023#return; {22058#true} is VALID [2022-02-20 17:56:28,085 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:28,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {22120#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22122#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {22122#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22122#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {22122#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22122#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,109 INFO L290 TraceCheckUtils]: 3: Hoare triple {22122#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22123#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,109 INFO L290 TraceCheckUtils]: 4: Hoare triple {22123#(= 3 |setClientId_#in~handle|)} assume true; {22123#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,110 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {22123#(= 3 |setClientId_#in~handle|)} {22078#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1025#return; {22085#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:56:28,110 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:28,111 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,128 INFO L290 TraceCheckUtils]: 0: Hoare triple {22121#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22124#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:28,129 INFO L290 TraceCheckUtils]: 1: Hoare triple {22124#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {22124#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:28,129 INFO L290 TraceCheckUtils]: 2: Hoare triple {22124#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22125#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:28,129 INFO L290 TraceCheckUtils]: 3: Hoare triple {22125#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {22125#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:28,130 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22125#(= 2 |setClientPrivateKey_#in~handle|)} {22085#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1027#return; {22059#false} is VALID [2022-02-20 17:56:28,139 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:56:28,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,142 INFO L290 TraceCheckUtils]: 0: Hoare triple {22126#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,142 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,142 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,142 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22058#true} {22059#false} #1003#return; {22059#false} is VALID [2022-02-20 17:56:28,152 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:56:28,153 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,156 INFO L290 TraceCheckUtils]: 0: Hoare triple {22127#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,157 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,157 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,157 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22058#true} {22059#false} #1005#return; {22059#false} is VALID [2022-02-20 17:56:28,157 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:56:28,158 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,159 INFO L290 TraceCheckUtils]: 0: Hoare triple {22058#true} ~handle := #in~handle;havoc ~retValue_acc~17; {22058#true} is VALID [2022-02-20 17:56:28,159 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {22058#true} is VALID [2022-02-20 17:56:28,159 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,159 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22058#true} {22059#false} #957#return; {22059#false} is VALID [2022-02-20 17:56:28,160 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:56:28,160 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,162 INFO L290 TraceCheckUtils]: 0: Hoare triple {22058#true} ~handle := #in~handle;havoc ~retValue_acc~33; {22058#true} is VALID [2022-02-20 17:56:28,162 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {22058#true} is VALID [2022-02-20 17:56:28,162 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,162 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22058#true} {22059#false} #959#return; {22059#false} is VALID [2022-02-20 17:56:28,162 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:56:28,163 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,168 INFO L290 TraceCheckUtils]: 0: Hoare triple {22058#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {22058#true} is VALID [2022-02-20 17:56:28,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume 1 == ~handle; {22058#true} is VALID [2022-02-20 17:56:28,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {22058#true} is VALID [2022-02-20 17:56:28,168 INFO L290 TraceCheckUtils]: 3: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,169 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {22058#true} {22059#false} #961#return; {22059#false} is VALID [2022-02-20 17:56:28,169 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:56:28,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,172 INFO L290 TraceCheckUtils]: 0: Hoare triple {22126#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,172 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,172 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,172 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22058#true} {22059#false} #967#return; {22059#false} is VALID [2022-02-20 17:56:28,172 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:56:28,172 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:28,176 INFO L290 TraceCheckUtils]: 0: Hoare triple {22058#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22058#true} is VALID [2022-02-20 17:56:28,176 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {22058#true} is VALID [2022-02-20 17:56:28,176 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,176 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {22058#true} {22059#false} #971#return; {22059#false} is VALID [2022-02-20 17:56:28,177 INFO L290 TraceCheckUtils]: 0: Hoare triple {22058#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {22058#true} is VALID [2022-02-20 17:56:28,177 INFO L290 TraceCheckUtils]: 1: Hoare triple {22058#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {22058#true} is VALID [2022-02-20 17:56:28,177 INFO L290 TraceCheckUtils]: 2: Hoare triple {22058#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {22058#true} is VALID [2022-02-20 17:56:28,177 INFO L290 TraceCheckUtils]: 3: Hoare triple {22058#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {22058#true} is VALID [2022-02-20 17:56:28,177 INFO L290 TraceCheckUtils]: 4: Hoare triple {22058#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {22058#true} is VALID [2022-02-20 17:56:28,177 INFO L290 TraceCheckUtils]: 5: Hoare triple {22058#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {22058#true} is VALID [2022-02-20 17:56:28,178 INFO L272 TraceCheckUtils]: 6: Hoare triple {22058#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {22120#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:28,178 INFO L290 TraceCheckUtils]: 7: Hoare triple {22120#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,179 INFO L290 TraceCheckUtils]: 8: Hoare triple {22058#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,179 INFO L290 TraceCheckUtils]: 9: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,179 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {22058#true} {22058#true} #1017#return; {22058#true} is VALID [2022-02-20 17:56:28,179 INFO L290 TraceCheckUtils]: 11: Hoare triple {22058#true} assume { :end_inline_setup_bob__wrappee__Base } true; {22058#true} is VALID [2022-02-20 17:56:28,180 INFO L272 TraceCheckUtils]: 12: Hoare triple {22058#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {22121#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:28,180 INFO L290 TraceCheckUtils]: 13: Hoare triple {22121#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,180 INFO L290 TraceCheckUtils]: 14: Hoare triple {22058#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,180 INFO L290 TraceCheckUtils]: 15: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,180 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {22058#true} {22058#true} #1019#return; {22058#true} is VALID [2022-02-20 17:56:28,180 INFO L290 TraceCheckUtils]: 17: Hoare triple {22058#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {22058#true} is VALID [2022-02-20 17:56:28,181 INFO L272 TraceCheckUtils]: 18: Hoare triple {22058#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {22120#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:28,181 INFO L290 TraceCheckUtils]: 19: Hoare triple {22120#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,182 INFO L290 TraceCheckUtils]: 20: Hoare triple {22058#true} assume !(1 == ~handle); {22058#true} is VALID [2022-02-20 17:56:28,182 INFO L290 TraceCheckUtils]: 21: Hoare triple {22058#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,182 INFO L290 TraceCheckUtils]: 22: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,182 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {22058#true} {22058#true} #1021#return; {22058#true} is VALID [2022-02-20 17:56:28,182 INFO L290 TraceCheckUtils]: 24: Hoare triple {22058#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {22058#true} is VALID [2022-02-20 17:56:28,183 INFO L272 TraceCheckUtils]: 25: Hoare triple {22058#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {22121#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:28,183 INFO L290 TraceCheckUtils]: 26: Hoare triple {22121#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,183 INFO L290 TraceCheckUtils]: 27: Hoare triple {22058#true} assume !(1 == ~handle); {22058#true} is VALID [2022-02-20 17:56:28,184 INFO L290 TraceCheckUtils]: 28: Hoare triple {22058#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,184 INFO L290 TraceCheckUtils]: 29: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,184 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {22058#true} {22058#true} #1023#return; {22058#true} is VALID [2022-02-20 17:56:28,185 INFO L290 TraceCheckUtils]: 31: Hoare triple {22058#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {22078#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:28,185 INFO L272 TraceCheckUtils]: 32: Hoare triple {22078#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {22120#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:28,186 INFO L290 TraceCheckUtils]: 33: Hoare triple {22120#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {22122#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,186 INFO L290 TraceCheckUtils]: 34: Hoare triple {22122#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {22122#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,187 INFO L290 TraceCheckUtils]: 35: Hoare triple {22122#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {22122#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,187 INFO L290 TraceCheckUtils]: 36: Hoare triple {22122#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {22123#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,188 INFO L290 TraceCheckUtils]: 37: Hoare triple {22123#(= 3 |setClientId_#in~handle|)} assume true; {22123#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:28,189 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {22123#(= 3 |setClientId_#in~handle|)} {22078#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1025#return; {22085#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:56:28,189 INFO L290 TraceCheckUtils]: 39: Hoare triple {22085#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {22085#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:56:28,190 INFO L272 TraceCheckUtils]: 40: Hoare triple {22085#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {22121#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:28,190 INFO L290 TraceCheckUtils]: 41: Hoare triple {22121#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {22124#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:28,191 INFO L290 TraceCheckUtils]: 42: Hoare triple {22124#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {22124#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:28,191 INFO L290 TraceCheckUtils]: 43: Hoare triple {22124#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {22125#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:28,192 INFO L290 TraceCheckUtils]: 44: Hoare triple {22125#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {22125#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:28,193 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {22125#(= 2 |setClientPrivateKey_#in~handle|)} {22085#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1027#return; {22059#false} is VALID [2022-02-20 17:56:28,193 INFO L290 TraceCheckUtils]: 46: Hoare triple {22059#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {22059#false} is VALID [2022-02-20 17:56:28,193 INFO L290 TraceCheckUtils]: 47: Hoare triple {22059#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {22059#false} is VALID [2022-02-20 17:56:28,193 INFO L290 TraceCheckUtils]: 48: Hoare triple {22059#false} assume !false; {22059#false} is VALID [2022-02-20 17:56:28,193 INFO L290 TraceCheckUtils]: 49: Hoare triple {22059#false} assume test_~splverifierCounter~0#1 < 4; {22059#false} is VALID [2022-02-20 17:56:28,193 INFO L290 TraceCheckUtils]: 50: Hoare triple {22059#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {22059#false} is VALID [2022-02-20 17:56:28,194 INFO L290 TraceCheckUtils]: 51: Hoare triple {22059#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {22059#false} is VALID [2022-02-20 17:56:28,194 INFO L290 TraceCheckUtils]: 52: Hoare triple {22059#false} assume !(0 != test_~tmp___9~0#1); {22059#false} is VALID [2022-02-20 17:56:28,194 INFO L290 TraceCheckUtils]: 53: Hoare triple {22059#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {22059#false} is VALID [2022-02-20 17:56:28,194 INFO L290 TraceCheckUtils]: 54: Hoare triple {22059#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {22059#false} is VALID [2022-02-20 17:56:28,194 INFO L290 TraceCheckUtils]: 55: Hoare triple {22059#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {22059#false} is VALID [2022-02-20 17:56:28,194 INFO L290 TraceCheckUtils]: 56: Hoare triple {22059#false} assume { :end_inline_setClientAutoResponse } true; {22059#false} is VALID [2022-02-20 17:56:28,194 INFO L290 TraceCheckUtils]: 57: Hoare triple {22059#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {22059#false} is VALID [2022-02-20 17:56:28,195 INFO L290 TraceCheckUtils]: 58: Hoare triple {22059#false} assume !false; {22059#false} is VALID [2022-02-20 17:56:28,195 INFO L290 TraceCheckUtils]: 59: Hoare triple {22059#false} assume !(test_~splverifierCounter~0#1 < 4); {22059#false} is VALID [2022-02-20 17:56:28,195 INFO L290 TraceCheckUtils]: 60: Hoare triple {22059#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {22059#false} is VALID [2022-02-20 17:56:28,195 INFO L272 TraceCheckUtils]: 61: Hoare triple {22059#false} call sendEmail(~bob~0, ~rjh~0); {22059#false} is VALID [2022-02-20 17:56:28,195 INFO L290 TraceCheckUtils]: 62: Hoare triple {22059#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {22059#false} is VALID [2022-02-20 17:56:28,195 INFO L272 TraceCheckUtils]: 63: Hoare triple {22059#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {22126#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:28,196 INFO L290 TraceCheckUtils]: 64: Hoare triple {22126#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,196 INFO L290 TraceCheckUtils]: 65: Hoare triple {22058#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,196 INFO L290 TraceCheckUtils]: 66: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,196 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {22058#true} {22059#false} #1003#return; {22059#false} is VALID [2022-02-20 17:56:28,196 INFO L272 TraceCheckUtils]: 68: Hoare triple {22059#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {22127#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:28,196 INFO L290 TraceCheckUtils]: 69: Hoare triple {22127#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,196 INFO L290 TraceCheckUtils]: 70: Hoare triple {22058#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,197 INFO L290 TraceCheckUtils]: 71: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,197 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {22058#true} {22059#false} #1005#return; {22059#false} is VALID [2022-02-20 17:56:28,197 INFO L290 TraceCheckUtils]: 73: Hoare triple {22059#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {22059#false} is VALID [2022-02-20 17:56:28,197 INFO L290 TraceCheckUtils]: 74: Hoare triple {22059#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {22059#false} is VALID [2022-02-20 17:56:28,197 INFO L272 TraceCheckUtils]: 75: Hoare triple {22059#false} call outgoing(~sender#1, ~email~0#1); {22059#false} is VALID [2022-02-20 17:56:28,197 INFO L290 TraceCheckUtils]: 76: Hoare triple {22059#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {22059#false} is VALID [2022-02-20 17:56:28,197 INFO L272 TraceCheckUtils]: 77: Hoare triple {22059#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {22058#true} is VALID [2022-02-20 17:56:28,198 INFO L290 TraceCheckUtils]: 78: Hoare triple {22058#true} ~handle := #in~handle;havoc ~retValue_acc~17; {22058#true} is VALID [2022-02-20 17:56:28,198 INFO L290 TraceCheckUtils]: 79: Hoare triple {22058#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {22058#true} is VALID [2022-02-20 17:56:28,198 INFO L290 TraceCheckUtils]: 80: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,198 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {22058#true} {22059#false} #957#return; {22059#false} is VALID [2022-02-20 17:56:28,198 INFO L290 TraceCheckUtils]: 82: Hoare triple {22059#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {22059#false} is VALID [2022-02-20 17:56:28,198 INFO L290 TraceCheckUtils]: 83: Hoare triple {22059#false} assume 0 == sign_~privkey~1#1; {22059#false} is VALID [2022-02-20 17:56:28,199 INFO L290 TraceCheckUtils]: 84: Hoare triple {22059#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {22059#false} is VALID [2022-02-20 17:56:28,199 INFO L272 TraceCheckUtils]: 85: Hoare triple {22059#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {22058#true} is VALID [2022-02-20 17:56:28,199 INFO L290 TraceCheckUtils]: 86: Hoare triple {22058#true} ~handle := #in~handle;havoc ~retValue_acc~33; {22058#true} is VALID [2022-02-20 17:56:28,199 INFO L290 TraceCheckUtils]: 87: Hoare triple {22058#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {22058#true} is VALID [2022-02-20 17:56:28,199 INFO L290 TraceCheckUtils]: 88: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,199 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {22058#true} {22059#false} #959#return; {22059#false} is VALID [2022-02-20 17:56:28,199 INFO L290 TraceCheckUtils]: 90: Hoare triple {22059#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {22059#false} is VALID [2022-02-20 17:56:28,200 INFO L272 TraceCheckUtils]: 91: Hoare triple {22059#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {22058#true} is VALID [2022-02-20 17:56:28,200 INFO L290 TraceCheckUtils]: 92: Hoare triple {22058#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {22058#true} is VALID [2022-02-20 17:56:28,200 INFO L290 TraceCheckUtils]: 93: Hoare triple {22058#true} assume 1 == ~handle; {22058#true} is VALID [2022-02-20 17:56:28,200 INFO L290 TraceCheckUtils]: 94: Hoare triple {22058#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {22058#true} is VALID [2022-02-20 17:56:28,200 INFO L290 TraceCheckUtils]: 95: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,200 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {22058#true} {22059#false} #961#return; {22059#false} is VALID [2022-02-20 17:56:28,201 INFO L290 TraceCheckUtils]: 97: Hoare triple {22059#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {22059#false} is VALID [2022-02-20 17:56:28,201 INFO L290 TraceCheckUtils]: 98: Hoare triple {22059#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {22059#false} is VALID [2022-02-20 17:56:28,201 INFO L290 TraceCheckUtils]: 99: Hoare triple {22059#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {22059#false} is VALID [2022-02-20 17:56:28,201 INFO L290 TraceCheckUtils]: 100: Hoare triple {22059#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {22059#false} is VALID [2022-02-20 17:56:28,201 INFO L290 TraceCheckUtils]: 101: Hoare triple {22059#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {22059#false} is VALID [2022-02-20 17:56:28,201 INFO L272 TraceCheckUtils]: 102: Hoare triple {22059#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {22126#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:28,201 INFO L290 TraceCheckUtils]: 103: Hoare triple {22126#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {22058#true} is VALID [2022-02-20 17:56:28,202 INFO L290 TraceCheckUtils]: 104: Hoare triple {22058#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {22058#true} is VALID [2022-02-20 17:56:28,202 INFO L290 TraceCheckUtils]: 105: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,202 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {22058#true} {22059#false} #967#return; {22059#false} is VALID [2022-02-20 17:56:28,202 INFO L290 TraceCheckUtils]: 107: Hoare triple {22059#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {22059#false} is VALID [2022-02-20 17:56:28,202 INFO L290 TraceCheckUtils]: 108: Hoare triple {22059#false} assume !(-1 == ~mail_is_sensitive~0); {22059#false} is VALID [2022-02-20 17:56:28,202 INFO L272 TraceCheckUtils]: 109: Hoare triple {22059#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {22058#true} is VALID [2022-02-20 17:56:28,203 INFO L290 TraceCheckUtils]: 110: Hoare triple {22058#true} ~handle := #in~handle;havoc ~retValue_acc~36; {22058#true} is VALID [2022-02-20 17:56:28,203 INFO L290 TraceCheckUtils]: 111: Hoare triple {22058#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {22058#true} is VALID [2022-02-20 17:56:28,203 INFO L290 TraceCheckUtils]: 112: Hoare triple {22058#true} assume true; {22058#true} is VALID [2022-02-20 17:56:28,203 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {22058#true} {22059#false} #971#return; {22059#false} is VALID [2022-02-20 17:56:28,203 INFO L290 TraceCheckUtils]: 114: Hoare triple {22059#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {22059#false} is VALID [2022-02-20 17:56:28,203 INFO L290 TraceCheckUtils]: 115: Hoare triple {22059#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {22059#false} is VALID [2022-02-20 17:56:28,203 INFO L290 TraceCheckUtils]: 116: Hoare triple {22059#false} assume !false; {22059#false} is VALID [2022-02-20 17:56:28,204 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:56:28,204 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:28,204 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [73444571] [2022-02-20 17:56:28,204 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [73444571] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:28,205 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:28,205 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:56:28,205 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1768098003] [2022-02-20 17:56:28,205 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:28,206 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 117 [2022-02-20 17:56:28,206 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:28,206 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:28,298 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:28,298 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:56:28,299 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:28,299 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:56:28,299 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:56:28,300 INFO L87 Difference]: Start difference. First operand 397 states and 598 transitions. Second operand has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:36,828 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:36,828 INFO L93 Difference]: Finished difference Result 884 states and 1339 transitions. [2022-02-20 17:56:36,828 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:56:36,828 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) Word has length 117 [2022-02-20 17:56:36,828 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:36,828 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:36,836 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1152 transitions. [2022-02-20 17:56:36,836 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:36,850 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1152 transitions. [2022-02-20 17:56:36,850 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1152 transitions. [2022-02-20 17:56:37,793 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1152 edges. 1152 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:37,811 INFO L225 Difference]: With dead ends: 884 [2022-02-20 17:56:37,811 INFO L226 Difference]: Without dead ends: 514 [2022-02-20 17:56:37,812 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:56:37,813 INFO L933 BasicCegarLoop]: 553 mSDtfsCounter, 1315 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 3403 mSolverCounterSat, 466 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1315 SdHoareTripleChecker+Valid, 1685 SdHoareTripleChecker+Invalid, 3869 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 466 IncrementalHoareTripleChecker+Valid, 3403 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.9s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:37,813 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1315 Valid, 1685 Invalid, 3869 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [466 Valid, 3403 Invalid, 0 Unknown, 0 Unchecked, 3.9s Time] [2022-02-20 17:56:37,814 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 514 states. [2022-02-20 17:56:37,907 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 514 to 399. [2022-02-20 17:56:37,907 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:37,908 INFO L82 GeneralOperation]: Start isEquivalent. First operand 514 states. Second operand has 399 states, 307 states have (on average 1.514657980456026) internal successors, (465), 314 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 17:56:37,909 INFO L74 IsIncluded]: Start isIncluded. First operand 514 states. Second operand has 399 states, 307 states have (on average 1.514657980456026) internal successors, (465), 314 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 17:56:37,909 INFO L87 Difference]: Start difference. First operand 514 states. Second operand has 399 states, 307 states have (on average 1.514657980456026) internal successors, (465), 314 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 17:56:37,927 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:37,928 INFO L93 Difference]: Finished difference Result 514 states and 777 transitions. [2022-02-20 17:56:37,928 INFO L276 IsEmpty]: Start isEmpty. Operand 514 states and 777 transitions. [2022-02-20 17:56:37,930 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:37,931 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:37,932 INFO L74 IsIncluded]: Start isIncluded. First operand has 399 states, 307 states have (on average 1.514657980456026) internal successors, (465), 314 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) Second operand 514 states. [2022-02-20 17:56:37,932 INFO L87 Difference]: Start difference. First operand has 399 states, 307 states have (on average 1.514657980456026) internal successors, (465), 314 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) Second operand 514 states. [2022-02-20 17:56:37,951 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:37,952 INFO L93 Difference]: Finished difference Result 514 states and 777 transitions. [2022-02-20 17:56:37,952 INFO L276 IsEmpty]: Start isEmpty. Operand 514 states and 777 transitions. [2022-02-20 17:56:37,954 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:37,955 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:37,955 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:37,955 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:37,956 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 399 states, 307 states have (on average 1.514657980456026) internal successors, (465), 314 states have internal predecessors, (465), 64 states have call successors, (64), 23 states have call predecessors, (64), 27 states have return successors, (75), 63 states have call predecessors, (75), 63 states have call successors, (75) [2022-02-20 17:56:37,969 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 399 states to 399 states and 604 transitions. [2022-02-20 17:56:37,970 INFO L78 Accepts]: Start accepts. Automaton has 399 states and 604 transitions. Word has length 117 [2022-02-20 17:56:37,970 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:37,970 INFO L470 AbstractCegarLoop]: Abstraction has 399 states and 604 transitions. [2022-02-20 17:56:37,971 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.363636363636363) internal successors, (81), 8 states have internal predecessors, (81), 4 states have call successors, (15), 6 states have call predecessors, (15), 3 states have return successors, (13), 3 states have call predecessors, (13), 4 states have call successors, (13) [2022-02-20 17:56:37,971 INFO L276 IsEmpty]: Start isEmpty. Operand 399 states and 604 transitions. [2022-02-20 17:56:37,972 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 119 [2022-02-20 17:56:37,972 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:37,973 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:37,973 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 17:56:37,973 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoingErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:37,973 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:37,974 INFO L85 PathProgramCache]: Analyzing trace with hash 343942527, now seen corresponding path program 1 times [2022-02-20 17:56:37,974 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:37,974 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1024044579] [2022-02-20 17:56:37,974 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:37,974 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:38,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:38,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,056 INFO L290 TraceCheckUtils]: 0: Hoare triple {25061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,057 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,060 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24997#true} {24997#true} #1017#return; {24997#true} is VALID [2022-02-20 17:56:38,067 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:38,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {25062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,073 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,073 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24997#true} {24997#true} #1019#return; {24997#true} is VALID [2022-02-20 17:56:38,073 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:38,076 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,091 INFO L290 TraceCheckUtils]: 0: Hoare triple {25061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25063#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:38,093 INFO L290 TraceCheckUtils]: 1: Hoare triple {25063#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25063#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:38,093 INFO L290 TraceCheckUtils]: 2: Hoare triple {25063#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25064#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:38,093 INFO L290 TraceCheckUtils]: 3: Hoare triple {25064#(= 2 |setClientId_#in~handle|)} assume true; {25064#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:38,094 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25064#(= 2 |setClientId_#in~handle|)} {25007#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1021#return; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:38,096 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {25062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,101 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,101 INFO L290 TraceCheckUtils]: 3: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,102 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24997#true} {25013#(not (= ~rjh~0 1))} #1023#return; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,102 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:38,104 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {25061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,106 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,106 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume !(2 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,106 INFO L290 TraceCheckUtils]: 3: Hoare triple {24997#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,106 INFO L290 TraceCheckUtils]: 4: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,107 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24997#true} {25013#(not (= ~rjh~0 1))} #1025#return; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,107 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:38,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,120 INFO L290 TraceCheckUtils]: 0: Hoare triple {25062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,121 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,121 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume !(2 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,121 INFO L290 TraceCheckUtils]: 3: Hoare triple {24997#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,121 INFO L290 TraceCheckUtils]: 4: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,122 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24997#true} {25013#(not (= ~rjh~0 1))} #1027#return; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:56:38,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,133 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,133 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,133 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,133 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24997#true} {24998#false} #1003#return; {24998#false} is VALID [2022-02-20 17:56:38,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:56:38,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,152 INFO L290 TraceCheckUtils]: 0: Hoare triple {25066#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,152 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,153 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,153 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24997#true} {24998#false} #1005#return; {24998#false} is VALID [2022-02-20 17:56:38,153 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:56:38,154 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,156 INFO L290 TraceCheckUtils]: 0: Hoare triple {24997#true} ~handle := #in~handle;havoc ~retValue_acc~17; {24997#true} is VALID [2022-02-20 17:56:38,156 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {24997#true} is VALID [2022-02-20 17:56:38,156 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,157 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24997#true} {24998#false} #957#return; {24998#false} is VALID [2022-02-20 17:56:38,157 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:56:38,158 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,160 INFO L290 TraceCheckUtils]: 0: Hoare triple {24997#true} ~handle := #in~handle;havoc ~retValue_acc~33; {24997#true} is VALID [2022-02-20 17:56:38,160 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {24997#true} is VALID [2022-02-20 17:56:38,160 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,160 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24997#true} {24998#false} #959#return; {24998#false} is VALID [2022-02-20 17:56:38,160 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:56:38,161 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,163 INFO L290 TraceCheckUtils]: 0: Hoare triple {24997#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {24997#true} is VALID [2022-02-20 17:56:38,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume 1 == ~handle; {24997#true} is VALID [2022-02-20 17:56:38,164 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {24997#true} is VALID [2022-02-20 17:56:38,164 INFO L290 TraceCheckUtils]: 3: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,164 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24997#true} {24998#false} #961#return; {24998#false} is VALID [2022-02-20 17:56:38,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:56:38,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,168 INFO L290 TraceCheckUtils]: 0: Hoare triple {25065#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,168 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,168 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,168 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24997#true} {24998#false} #967#return; {24998#false} is VALID [2022-02-20 17:56:38,168 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 17:56:38,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,172 INFO L290 TraceCheckUtils]: 0: Hoare triple {24997#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24997#true} is VALID [2022-02-20 17:56:38,172 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {24997#true} is VALID [2022-02-20 17:56:38,172 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,172 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24997#true} {24998#false} #971#return; {24998#false} is VALID [2022-02-20 17:56:38,172 INFO L290 TraceCheckUtils]: 0: Hoare triple {24997#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {24997#true} is VALID [2022-02-20 17:56:38,173 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {24997#true} is VALID [2022-02-20 17:56:38,173 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24997#true} is VALID [2022-02-20 17:56:38,173 INFO L290 TraceCheckUtils]: 3: Hoare triple {24997#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {24997#true} is VALID [2022-02-20 17:56:38,173 INFO L290 TraceCheckUtils]: 4: Hoare triple {24997#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {24997#true} is VALID [2022-02-20 17:56:38,173 INFO L290 TraceCheckUtils]: 5: Hoare triple {24997#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24997#true} is VALID [2022-02-20 17:56:38,174 INFO L272 TraceCheckUtils]: 6: Hoare triple {24997#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:38,174 INFO L290 TraceCheckUtils]: 7: Hoare triple {25061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,174 INFO L290 TraceCheckUtils]: 8: Hoare triple {24997#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,175 INFO L290 TraceCheckUtils]: 9: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,175 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24997#true} {24997#true} #1017#return; {24997#true} is VALID [2022-02-20 17:56:38,175 INFO L290 TraceCheckUtils]: 11: Hoare triple {24997#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24997#true} is VALID [2022-02-20 17:56:38,176 INFO L272 TraceCheckUtils]: 12: Hoare triple {24997#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:38,176 INFO L290 TraceCheckUtils]: 13: Hoare triple {25062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,176 INFO L290 TraceCheckUtils]: 14: Hoare triple {24997#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,176 INFO L290 TraceCheckUtils]: 15: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,176 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24997#true} {24997#true} #1019#return; {24997#true} is VALID [2022-02-20 17:56:38,177 INFO L290 TraceCheckUtils]: 17: Hoare triple {24997#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25007#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:56:38,177 INFO L272 TraceCheckUtils]: 18: Hoare triple {25007#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:38,178 INFO L290 TraceCheckUtils]: 19: Hoare triple {25061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25063#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:38,178 INFO L290 TraceCheckUtils]: 20: Hoare triple {25063#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25063#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:38,178 INFO L290 TraceCheckUtils]: 21: Hoare triple {25063#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25064#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:38,179 INFO L290 TraceCheckUtils]: 22: Hoare triple {25064#(= 2 |setClientId_#in~handle|)} assume true; {25064#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:38,179 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25064#(= 2 |setClientId_#in~handle|)} {25007#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1021#return; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,180 INFO L290 TraceCheckUtils]: 24: Hoare triple {25013#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,180 INFO L272 TraceCheckUtils]: 25: Hoare triple {25013#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:38,180 INFO L290 TraceCheckUtils]: 26: Hoare triple {25062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,181 INFO L290 TraceCheckUtils]: 27: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,181 INFO L290 TraceCheckUtils]: 28: Hoare triple {24997#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,181 INFO L290 TraceCheckUtils]: 29: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,181 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24997#true} {25013#(not (= ~rjh~0 1))} #1023#return; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,182 INFO L290 TraceCheckUtils]: 31: Hoare triple {25013#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,182 INFO L272 TraceCheckUtils]: 32: Hoare triple {25013#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:38,183 INFO L290 TraceCheckUtils]: 33: Hoare triple {25061#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,183 INFO L290 TraceCheckUtils]: 34: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,183 INFO L290 TraceCheckUtils]: 35: Hoare triple {24997#true} assume !(2 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,183 INFO L290 TraceCheckUtils]: 36: Hoare triple {24997#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,183 INFO L290 TraceCheckUtils]: 37: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,184 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24997#true} {25013#(not (= ~rjh~0 1))} #1025#return; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,184 INFO L290 TraceCheckUtils]: 39: Hoare triple {25013#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,185 INFO L272 TraceCheckUtils]: 40: Hoare triple {25013#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:38,185 INFO L290 TraceCheckUtils]: 41: Hoare triple {25062#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,185 INFO L290 TraceCheckUtils]: 42: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,185 INFO L290 TraceCheckUtils]: 43: Hoare triple {24997#true} assume !(2 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,185 INFO L290 TraceCheckUtils]: 44: Hoare triple {24997#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,185 INFO L290 TraceCheckUtils]: 45: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,186 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24997#true} {25013#(not (= ~rjh~0 1))} #1027#return; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,186 INFO L290 TraceCheckUtils]: 47: Hoare triple {25013#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,187 INFO L290 TraceCheckUtils]: 48: Hoare triple {25013#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,187 INFO L290 TraceCheckUtils]: 49: Hoare triple {25013#(not (= ~rjh~0 1))} assume !false; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,187 INFO L290 TraceCheckUtils]: 50: Hoare triple {25013#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,188 INFO L290 TraceCheckUtils]: 51: Hoare triple {25013#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,188 INFO L290 TraceCheckUtils]: 52: Hoare triple {25013#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,189 INFO L290 TraceCheckUtils]: 53: Hoare triple {25013#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,189 INFO L290 TraceCheckUtils]: 54: Hoare triple {25013#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {25013#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:38,189 INFO L290 TraceCheckUtils]: 55: Hoare triple {25013#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25031#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID [2022-02-20 17:56:38,190 INFO L290 TraceCheckUtils]: 56: Hoare triple {25031#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {24998#false} is VALID [2022-02-20 17:56:38,190 INFO L290 TraceCheckUtils]: 57: Hoare triple {24998#false} assume { :end_inline_setClientAutoResponse } true; {24998#false} is VALID [2022-02-20 17:56:38,190 INFO L290 TraceCheckUtils]: 58: Hoare triple {24998#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {24998#false} is VALID [2022-02-20 17:56:38,190 INFO L290 TraceCheckUtils]: 59: Hoare triple {24998#false} assume !false; {24998#false} is VALID [2022-02-20 17:56:38,190 INFO L290 TraceCheckUtils]: 60: Hoare triple {24998#false} assume !(test_~splverifierCounter~0#1 < 4); {24998#false} is VALID [2022-02-20 17:56:38,190 INFO L290 TraceCheckUtils]: 61: Hoare triple {24998#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {24998#false} is VALID [2022-02-20 17:56:38,191 INFO L272 TraceCheckUtils]: 62: Hoare triple {24998#false} call sendEmail(~bob~0, ~rjh~0); {24998#false} is VALID [2022-02-20 17:56:38,191 INFO L290 TraceCheckUtils]: 63: Hoare triple {24998#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24998#false} is VALID [2022-02-20 17:56:38,191 INFO L272 TraceCheckUtils]: 64: Hoare triple {24998#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25065#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:38,191 INFO L290 TraceCheckUtils]: 65: Hoare triple {25065#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,191 INFO L290 TraceCheckUtils]: 66: Hoare triple {24997#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,191 INFO L290 TraceCheckUtils]: 67: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,191 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {24997#true} {24998#false} #1003#return; {24998#false} is VALID [2022-02-20 17:56:38,192 INFO L272 TraceCheckUtils]: 69: Hoare triple {24998#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25066#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:38,192 INFO L290 TraceCheckUtils]: 70: Hoare triple {25066#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,192 INFO L290 TraceCheckUtils]: 71: Hoare triple {24997#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,192 INFO L290 TraceCheckUtils]: 72: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,192 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {24997#true} {24998#false} #1005#return; {24998#false} is VALID [2022-02-20 17:56:38,192 INFO L290 TraceCheckUtils]: 74: Hoare triple {24998#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {24998#false} is VALID [2022-02-20 17:56:38,193 INFO L290 TraceCheckUtils]: 75: Hoare triple {24998#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {24998#false} is VALID [2022-02-20 17:56:38,193 INFO L272 TraceCheckUtils]: 76: Hoare triple {24998#false} call outgoing(~sender#1, ~email~0#1); {24998#false} is VALID [2022-02-20 17:56:38,193 INFO L290 TraceCheckUtils]: 77: Hoare triple {24998#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {24998#false} is VALID [2022-02-20 17:56:38,193 INFO L272 TraceCheckUtils]: 78: Hoare triple {24998#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {24997#true} is VALID [2022-02-20 17:56:38,193 INFO L290 TraceCheckUtils]: 79: Hoare triple {24997#true} ~handle := #in~handle;havoc ~retValue_acc~17; {24997#true} is VALID [2022-02-20 17:56:38,193 INFO L290 TraceCheckUtils]: 80: Hoare triple {24997#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {24997#true} is VALID [2022-02-20 17:56:38,193 INFO L290 TraceCheckUtils]: 81: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,194 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {24997#true} {24998#false} #957#return; {24998#false} is VALID [2022-02-20 17:56:38,194 INFO L290 TraceCheckUtils]: 83: Hoare triple {24998#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {24998#false} is VALID [2022-02-20 17:56:38,194 INFO L290 TraceCheckUtils]: 84: Hoare triple {24998#false} assume 0 == sign_~privkey~1#1; {24998#false} is VALID [2022-02-20 17:56:38,194 INFO L290 TraceCheckUtils]: 85: Hoare triple {24998#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {24998#false} is VALID [2022-02-20 17:56:38,194 INFO L272 TraceCheckUtils]: 86: Hoare triple {24998#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {24997#true} is VALID [2022-02-20 17:56:38,194 INFO L290 TraceCheckUtils]: 87: Hoare triple {24997#true} ~handle := #in~handle;havoc ~retValue_acc~33; {24997#true} is VALID [2022-02-20 17:56:38,195 INFO L290 TraceCheckUtils]: 88: Hoare triple {24997#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {24997#true} is VALID [2022-02-20 17:56:38,195 INFO L290 TraceCheckUtils]: 89: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,195 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {24997#true} {24998#false} #959#return; {24998#false} is VALID [2022-02-20 17:56:38,195 INFO L290 TraceCheckUtils]: 91: Hoare triple {24998#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {24998#false} is VALID [2022-02-20 17:56:38,195 INFO L272 TraceCheckUtils]: 92: Hoare triple {24998#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {24997#true} is VALID [2022-02-20 17:56:38,195 INFO L290 TraceCheckUtils]: 93: Hoare triple {24997#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {24997#true} is VALID [2022-02-20 17:56:38,195 INFO L290 TraceCheckUtils]: 94: Hoare triple {24997#true} assume 1 == ~handle; {24997#true} is VALID [2022-02-20 17:56:38,196 INFO L290 TraceCheckUtils]: 95: Hoare triple {24997#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {24997#true} is VALID [2022-02-20 17:56:38,196 INFO L290 TraceCheckUtils]: 96: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,196 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {24997#true} {24998#false} #961#return; {24998#false} is VALID [2022-02-20 17:56:38,196 INFO L290 TraceCheckUtils]: 98: Hoare triple {24998#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {24998#false} is VALID [2022-02-20 17:56:38,196 INFO L290 TraceCheckUtils]: 99: Hoare triple {24998#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {24998#false} is VALID [2022-02-20 17:56:38,196 INFO L290 TraceCheckUtils]: 100: Hoare triple {24998#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {24998#false} is VALID [2022-02-20 17:56:38,196 INFO L290 TraceCheckUtils]: 101: Hoare triple {24998#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {24998#false} is VALID [2022-02-20 17:56:38,197 INFO L290 TraceCheckUtils]: 102: Hoare triple {24998#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {24998#false} is VALID [2022-02-20 17:56:38,197 INFO L272 TraceCheckUtils]: 103: Hoare triple {24998#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {25065#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:38,197 INFO L290 TraceCheckUtils]: 104: Hoare triple {25065#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,197 INFO L290 TraceCheckUtils]: 105: Hoare triple {24997#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,197 INFO L290 TraceCheckUtils]: 106: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,197 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {24997#true} {24998#false} #967#return; {24998#false} is VALID [2022-02-20 17:56:38,198 INFO L290 TraceCheckUtils]: 108: Hoare triple {24998#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {24998#false} is VALID [2022-02-20 17:56:38,198 INFO L290 TraceCheckUtils]: 109: Hoare triple {24998#false} assume !(-1 == ~mail_is_sensitive~0); {24998#false} is VALID [2022-02-20 17:56:38,198 INFO L272 TraceCheckUtils]: 110: Hoare triple {24998#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {24997#true} is VALID [2022-02-20 17:56:38,198 INFO L290 TraceCheckUtils]: 111: Hoare triple {24997#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24997#true} is VALID [2022-02-20 17:56:38,198 INFO L290 TraceCheckUtils]: 112: Hoare triple {24997#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {24997#true} is VALID [2022-02-20 17:56:38,198 INFO L290 TraceCheckUtils]: 113: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,198 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {24997#true} {24998#false} #971#return; {24998#false} is VALID [2022-02-20 17:56:38,199 INFO L290 TraceCheckUtils]: 115: Hoare triple {24998#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {24998#false} is VALID [2022-02-20 17:56:38,199 INFO L290 TraceCheckUtils]: 116: Hoare triple {24998#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {24998#false} is VALID [2022-02-20 17:56:38,199 INFO L290 TraceCheckUtils]: 117: Hoare triple {24998#false} assume !false; {24998#false} is VALID [2022-02-20 17:56:38,199 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2022-02-20 17:56:38,200 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:38,200 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1024044579] [2022-02-20 17:56:38,200 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1024044579] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:56:38,200 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [832369513] [2022-02-20 17:56:38,200 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:38,200 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:56:38,201 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:56:38,202 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:56:38,228 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 17:56:38,466 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,469 INFO L263 TraceCheckSpWp]: Trace formula consists of 1092 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:56:38,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:38,515 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:56:38,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {24997#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {24997#true} is VALID [2022-02-20 17:56:38,803 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {24997#true} is VALID [2022-02-20 17:56:38,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24997#true} is VALID [2022-02-20 17:56:38,803 INFO L290 TraceCheckUtils]: 3: Hoare triple {24997#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L290 TraceCheckUtils]: 4: Hoare triple {24997#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L290 TraceCheckUtils]: 5: Hoare triple {24997#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L272 TraceCheckUtils]: 6: Hoare triple {24997#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L290 TraceCheckUtils]: 7: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L290 TraceCheckUtils]: 8: Hoare triple {24997#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L290 TraceCheckUtils]: 9: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24997#true} {24997#true} #1017#return; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L290 TraceCheckUtils]: 11: Hoare triple {24997#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L272 TraceCheckUtils]: 12: Hoare triple {24997#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L290 TraceCheckUtils]: 13: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L290 TraceCheckUtils]: 14: Hoare triple {24997#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,804 INFO L290 TraceCheckUtils]: 15: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24997#true} {24997#true} #1019#return; {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L290 TraceCheckUtils]: 17: Hoare triple {24997#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L272 TraceCheckUtils]: 18: Hoare triple {24997#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L290 TraceCheckUtils]: 19: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L290 TraceCheckUtils]: 20: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L290 TraceCheckUtils]: 21: Hoare triple {24997#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L290 TraceCheckUtils]: 22: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24997#true} {24997#true} #1021#return; {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L290 TraceCheckUtils]: 24: Hoare triple {24997#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24997#true} is VALID [2022-02-20 17:56:38,805 INFO L272 TraceCheckUtils]: 25: Hoare triple {24997#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L290 TraceCheckUtils]: 26: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L290 TraceCheckUtils]: 27: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L290 TraceCheckUtils]: 28: Hoare triple {24997#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L290 TraceCheckUtils]: 29: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24997#true} {24997#true} #1023#return; {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L290 TraceCheckUtils]: 31: Hoare triple {24997#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L272 TraceCheckUtils]: 32: Hoare triple {24997#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L290 TraceCheckUtils]: 33: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L290 TraceCheckUtils]: 34: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L290 TraceCheckUtils]: 35: Hoare triple {24997#true} assume !(2 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,806 INFO L290 TraceCheckUtils]: 36: Hoare triple {24997#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,807 INFO L290 TraceCheckUtils]: 37: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,807 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24997#true} {24997#true} #1025#return; {24997#true} is VALID [2022-02-20 17:56:38,807 INFO L290 TraceCheckUtils]: 39: Hoare triple {24997#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {24997#true} is VALID [2022-02-20 17:56:38,807 INFO L272 TraceCheckUtils]: 40: Hoare triple {24997#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24997#true} is VALID [2022-02-20 17:56:38,807 INFO L290 TraceCheckUtils]: 41: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:38,807 INFO L290 TraceCheckUtils]: 42: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,807 INFO L290 TraceCheckUtils]: 43: Hoare triple {24997#true} assume !(2 == ~handle); {24997#true} is VALID [2022-02-20 17:56:38,807 INFO L290 TraceCheckUtils]: 44: Hoare triple {24997#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:38,807 INFO L290 TraceCheckUtils]: 45: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:38,808 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24997#true} {24997#true} #1027#return; {24997#true} is VALID [2022-02-20 17:56:38,808 INFO L290 TraceCheckUtils]: 47: Hoare triple {24997#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {24997#true} is VALID [2022-02-20 17:56:38,808 INFO L290 TraceCheckUtils]: 48: Hoare triple {24997#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25214#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:38,809 INFO L290 TraceCheckUtils]: 49: Hoare triple {25214#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {25214#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:38,809 INFO L290 TraceCheckUtils]: 50: Hoare triple {25214#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {25214#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:38,810 INFO L290 TraceCheckUtils]: 51: Hoare triple {25214#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:38,810 INFO L290 TraceCheckUtils]: 52: Hoare triple {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:38,811 INFO L290 TraceCheckUtils]: 53: Hoare triple {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:38,811 INFO L290 TraceCheckUtils]: 54: Hoare triple {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:38,811 INFO L290 TraceCheckUtils]: 55: Hoare triple {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:38,812 INFO L290 TraceCheckUtils]: 56: Hoare triple {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:38,812 INFO L290 TraceCheckUtils]: 57: Hoare triple {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:38,813 INFO L290 TraceCheckUtils]: 58: Hoare triple {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:38,813 INFO L290 TraceCheckUtils]: 59: Hoare triple {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:38,813 INFO L290 TraceCheckUtils]: 60: Hoare triple {25224#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {24998#false} is VALID [2022-02-20 17:56:38,814 INFO L290 TraceCheckUtils]: 61: Hoare triple {24998#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {24998#false} is VALID [2022-02-20 17:56:38,814 INFO L272 TraceCheckUtils]: 62: Hoare triple {24998#false} call sendEmail(~bob~0, ~rjh~0); {24998#false} is VALID [2022-02-20 17:56:38,814 INFO L290 TraceCheckUtils]: 63: Hoare triple {24998#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24998#false} is VALID [2022-02-20 17:56:38,814 INFO L272 TraceCheckUtils]: 64: Hoare triple {24998#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24998#false} is VALID [2022-02-20 17:56:38,814 INFO L290 TraceCheckUtils]: 65: Hoare triple {24998#false} ~handle := #in~handle;~value := #in~value; {24998#false} is VALID [2022-02-20 17:56:38,814 INFO L290 TraceCheckUtils]: 66: Hoare triple {24998#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24998#false} is VALID [2022-02-20 17:56:38,814 INFO L290 TraceCheckUtils]: 67: Hoare triple {24998#false} assume true; {24998#false} is VALID [2022-02-20 17:56:38,815 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {24998#false} {24998#false} #1003#return; {24998#false} is VALID [2022-02-20 17:56:38,815 INFO L272 TraceCheckUtils]: 69: Hoare triple {24998#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24998#false} is VALID [2022-02-20 17:56:38,815 INFO L290 TraceCheckUtils]: 70: Hoare triple {24998#false} ~handle := #in~handle;~value := #in~value; {24998#false} is VALID [2022-02-20 17:56:38,815 INFO L290 TraceCheckUtils]: 71: Hoare triple {24998#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24998#false} is VALID [2022-02-20 17:56:38,815 INFO L290 TraceCheckUtils]: 72: Hoare triple {24998#false} assume true; {24998#false} is VALID [2022-02-20 17:56:38,815 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {24998#false} {24998#false} #1005#return; {24998#false} is VALID [2022-02-20 17:56:38,816 INFO L290 TraceCheckUtils]: 74: Hoare triple {24998#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {24998#false} is VALID [2022-02-20 17:56:38,816 INFO L290 TraceCheckUtils]: 75: Hoare triple {24998#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {24998#false} is VALID [2022-02-20 17:56:38,816 INFO L272 TraceCheckUtils]: 76: Hoare triple {24998#false} call outgoing(~sender#1, ~email~0#1); {24998#false} is VALID [2022-02-20 17:56:38,816 INFO L290 TraceCheckUtils]: 77: Hoare triple {24998#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {24998#false} is VALID [2022-02-20 17:56:38,816 INFO L272 TraceCheckUtils]: 78: Hoare triple {24998#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {24998#false} is VALID [2022-02-20 17:56:38,816 INFO L290 TraceCheckUtils]: 79: Hoare triple {24998#false} ~handle := #in~handle;havoc ~retValue_acc~17; {24998#false} is VALID [2022-02-20 17:56:38,816 INFO L290 TraceCheckUtils]: 80: Hoare triple {24998#false} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {24998#false} is VALID [2022-02-20 17:56:38,817 INFO L290 TraceCheckUtils]: 81: Hoare triple {24998#false} assume true; {24998#false} is VALID [2022-02-20 17:56:38,817 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {24998#false} {24998#false} #957#return; {24998#false} is VALID [2022-02-20 17:56:38,817 INFO L290 TraceCheckUtils]: 83: Hoare triple {24998#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {24998#false} is VALID [2022-02-20 17:56:38,817 INFO L290 TraceCheckUtils]: 84: Hoare triple {24998#false} assume 0 == sign_~privkey~1#1; {24998#false} is VALID [2022-02-20 17:56:38,817 INFO L290 TraceCheckUtils]: 85: Hoare triple {24998#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {24998#false} is VALID [2022-02-20 17:56:38,817 INFO L272 TraceCheckUtils]: 86: Hoare triple {24998#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {24998#false} is VALID [2022-02-20 17:56:38,818 INFO L290 TraceCheckUtils]: 87: Hoare triple {24998#false} ~handle := #in~handle;havoc ~retValue_acc~33; {24998#false} is VALID [2022-02-20 17:56:38,818 INFO L290 TraceCheckUtils]: 88: Hoare triple {24998#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {24998#false} is VALID [2022-02-20 17:56:38,818 INFO L290 TraceCheckUtils]: 89: Hoare triple {24998#false} assume true; {24998#false} is VALID [2022-02-20 17:56:38,818 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {24998#false} {24998#false} #959#return; {24998#false} is VALID [2022-02-20 17:56:38,818 INFO L290 TraceCheckUtils]: 91: Hoare triple {24998#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {24998#false} is VALID [2022-02-20 17:56:38,818 INFO L272 TraceCheckUtils]: 92: Hoare triple {24998#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {24998#false} is VALID [2022-02-20 17:56:38,818 INFO L290 TraceCheckUtils]: 93: Hoare triple {24998#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {24998#false} is VALID [2022-02-20 17:56:38,819 INFO L290 TraceCheckUtils]: 94: Hoare triple {24998#false} assume 1 == ~handle; {24998#false} is VALID [2022-02-20 17:56:38,819 INFO L290 TraceCheckUtils]: 95: Hoare triple {24998#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {24998#false} is VALID [2022-02-20 17:56:38,819 INFO L290 TraceCheckUtils]: 96: Hoare triple {24998#false} assume true; {24998#false} is VALID [2022-02-20 17:56:38,819 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {24998#false} {24998#false} #961#return; {24998#false} is VALID [2022-02-20 17:56:38,819 INFO L290 TraceCheckUtils]: 98: Hoare triple {24998#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {24998#false} is VALID [2022-02-20 17:56:38,819 INFO L290 TraceCheckUtils]: 99: Hoare triple {24998#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {24998#false} is VALID [2022-02-20 17:56:38,820 INFO L290 TraceCheckUtils]: 100: Hoare triple {24998#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {24998#false} is VALID [2022-02-20 17:56:38,820 INFO L290 TraceCheckUtils]: 101: Hoare triple {24998#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {24998#false} is VALID [2022-02-20 17:56:38,820 INFO L290 TraceCheckUtils]: 102: Hoare triple {24998#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {24998#false} is VALID [2022-02-20 17:56:38,820 INFO L272 TraceCheckUtils]: 103: Hoare triple {24998#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {24998#false} is VALID [2022-02-20 17:56:38,820 INFO L290 TraceCheckUtils]: 104: Hoare triple {24998#false} ~handle := #in~handle;~value := #in~value; {24998#false} is VALID [2022-02-20 17:56:38,820 INFO L290 TraceCheckUtils]: 105: Hoare triple {24998#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24998#false} is VALID [2022-02-20 17:56:38,820 INFO L290 TraceCheckUtils]: 106: Hoare triple {24998#false} assume true; {24998#false} is VALID [2022-02-20 17:56:38,821 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {24998#false} {24998#false} #967#return; {24998#false} is VALID [2022-02-20 17:56:38,821 INFO L290 TraceCheckUtils]: 108: Hoare triple {24998#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {24998#false} is VALID [2022-02-20 17:56:38,821 INFO L290 TraceCheckUtils]: 109: Hoare triple {24998#false} assume !(-1 == ~mail_is_sensitive~0); {24998#false} is VALID [2022-02-20 17:56:38,821 INFO L272 TraceCheckUtils]: 110: Hoare triple {24998#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {24998#false} is VALID [2022-02-20 17:56:38,821 INFO L290 TraceCheckUtils]: 111: Hoare triple {24998#false} ~handle := #in~handle;havoc ~retValue_acc~36; {24998#false} is VALID [2022-02-20 17:56:38,821 INFO L290 TraceCheckUtils]: 112: Hoare triple {24998#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {24998#false} is VALID [2022-02-20 17:56:38,822 INFO L290 TraceCheckUtils]: 113: Hoare triple {24998#false} assume true; {24998#false} is VALID [2022-02-20 17:56:38,822 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {24998#false} {24998#false} #971#return; {24998#false} is VALID [2022-02-20 17:56:38,822 INFO L290 TraceCheckUtils]: 115: Hoare triple {24998#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {24998#false} is VALID [2022-02-20 17:56:38,822 INFO L290 TraceCheckUtils]: 116: Hoare triple {24998#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {24998#false} is VALID [2022-02-20 17:56:38,822 INFO L290 TraceCheckUtils]: 117: Hoare triple {24998#false} assume !false; {24998#false} is VALID [2022-02-20 17:56:38,822 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:56:38,823 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 17:56:39,190 INFO L290 TraceCheckUtils]: 117: Hoare triple {24998#false} assume !false; {24998#false} is VALID [2022-02-20 17:56:39,190 INFO L290 TraceCheckUtils]: 116: Hoare triple {24998#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;assume { :begin_inline___automaton_fail } true; {24998#false} is VALID [2022-02-20 17:56:39,191 INFO L290 TraceCheckUtils]: 115: Hoare triple {24998#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1; {24998#false} is VALID [2022-02-20 17:56:39,191 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {24997#true} {24998#false} #971#return; {24998#false} is VALID [2022-02-20 17:56:39,191 INFO L290 TraceCheckUtils]: 113: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,191 INFO L290 TraceCheckUtils]: 112: Hoare triple {24997#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~36; {24997#true} is VALID [2022-02-20 17:56:39,191 INFO L290 TraceCheckUtils]: 111: Hoare triple {24997#true} ~handle := #in~handle;havoc ~retValue_acc~36; {24997#true} is VALID [2022-02-20 17:56:39,191 INFO L272 TraceCheckUtils]: 110: Hoare triple {24998#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {24997#true} is VALID [2022-02-20 17:56:39,191 INFO L290 TraceCheckUtils]: 109: Hoare triple {24998#false} assume !(-1 == ~mail_is_sensitive~0); {24998#false} is VALID [2022-02-20 17:56:39,191 INFO L290 TraceCheckUtils]: 108: Hoare triple {24998#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret72#1, mail_#t~ret73#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret25#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret26#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~5#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 := puts(13, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret24#1; {24998#false} is VALID [2022-02-20 17:56:39,191 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {24997#true} {24998#false} #967#return; {24998#false} is VALID [2022-02-20 17:56:39,191 INFO L290 TraceCheckUtils]: 106: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,191 INFO L290 TraceCheckUtils]: 105: Hoare triple {24997#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:39,191 INFO L290 TraceCheckUtils]: 104: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:39,191 INFO L272 TraceCheckUtils]: 103: Hoare triple {24998#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {24997#true} is VALID [2022-02-20 17:56:39,192 INFO L290 TraceCheckUtils]: 102: Hoare triple {24998#false} outgoing__wrappee__Keys_#t~ret74#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret74#1 && outgoing__wrappee__Keys_#t~ret74#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret74#1;havoc outgoing__wrappee__Keys_#t~ret74#1; {24998#false} is VALID [2022-02-20 17:56:39,192 INFO L290 TraceCheckUtils]: 101: Hoare triple {24998#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~24#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~24#1; {24998#false} is VALID [2022-02-20 17:56:39,192 INFO L290 TraceCheckUtils]: 100: Hoare triple {24998#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret74#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~24#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~24#1; {24998#false} is VALID [2022-02-20 17:56:39,192 INFO L290 TraceCheckUtils]: 99: Hoare triple {24998#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {24998#false} is VALID [2022-02-20 17:56:39,192 INFO L290 TraceCheckUtils]: 98: Hoare triple {24998#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret76#1 && outgoing__wrappee__AutoResponder_#t~ret76#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~5#1 := outgoing__wrappee__AutoResponder_#t~ret76#1;havoc outgoing__wrappee__AutoResponder_#t~ret76#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~5#1; {24998#false} is VALID [2022-02-20 17:56:39,192 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {24997#true} {24998#false} #961#return; {24998#false} is VALID [2022-02-20 17:56:39,192 INFO L290 TraceCheckUtils]: 96: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 95: Hoare triple {24997#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~22 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~22; {24997#true} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 94: Hoare triple {24997#true} assume 1 == ~handle; {24997#true} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 93: Hoare triple {24997#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~22; {24997#true} is VALID [2022-02-20 17:56:39,193 INFO L272 TraceCheckUtils]: 92: Hoare triple {24998#false} call outgoing__wrappee__AutoResponder_#t~ret76#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {24997#true} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 91: Hoare triple {24998#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret75#1 && outgoing__wrappee__AutoResponder_#t~ret75#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~16#1 := outgoing__wrappee__AutoResponder_#t~ret75#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~16#1; {24998#false} is VALID [2022-02-20 17:56:39,193 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {24997#true} {24998#false} #959#return; {24998#false} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 89: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 88: Hoare triple {24997#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {24997#true} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 87: Hoare triple {24997#true} ~handle := #in~handle;havoc ~retValue_acc~33; {24997#true} is VALID [2022-02-20 17:56:39,193 INFO L272 TraceCheckUtils]: 86: Hoare triple {24998#false} call outgoing__wrappee__AutoResponder_#t~ret75#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {24997#true} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 85: Hoare triple {24998#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret75#1, outgoing__wrappee__AutoResponder_#t~ret76#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~16#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~5#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~16#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~5#1; {24998#false} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 84: Hoare triple {24998#false} assume 0 == sign_~privkey~1#1; {24998#false} is VALID [2022-02-20 17:56:39,193 INFO L290 TraceCheckUtils]: 83: Hoare triple {24998#false} assume -2147483648 <= sign_#t~ret88#1 && sign_#t~ret88#1 <= 2147483647;sign_~tmp~22#1 := sign_#t~ret88#1;havoc sign_#t~ret88#1;sign_~privkey~1#1 := sign_~tmp~22#1; {24998#false} is VALID [2022-02-20 17:56:39,194 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {24997#true} {24998#false} #957#return; {24998#false} is VALID [2022-02-20 17:56:39,194 INFO L290 TraceCheckUtils]: 81: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,194 INFO L290 TraceCheckUtils]: 80: Hoare triple {24997#true} assume 1 == ~handle;~retValue_acc~17 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~17; {24997#true} is VALID [2022-02-20 17:56:39,194 INFO L290 TraceCheckUtils]: 79: Hoare triple {24997#true} ~handle := #in~handle;havoc ~retValue_acc~17; {24997#true} is VALID [2022-02-20 17:56:39,194 INFO L272 TraceCheckUtils]: 78: Hoare triple {24998#false} call sign_#t~ret88#1 := getClientPrivateKey(sign_~client#1); {24997#true} is VALID [2022-02-20 17:56:39,194 INFO L290 TraceCheckUtils]: 77: Hoare triple {24998#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret88#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~22#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~22#1; {24998#false} is VALID [2022-02-20 17:56:39,194 INFO L272 TraceCheckUtils]: 76: Hoare triple {24998#false} call outgoing(~sender#1, ~email~0#1); {24998#false} is VALID [2022-02-20 17:56:39,194 INFO L290 TraceCheckUtils]: 75: Hoare triple {24998#false} #t~ret84#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret84#1 && #t~ret84#1 <= 2147483647;~tmp~20#1 := #t~ret84#1;havoc #t~ret84#1;~email~0#1 := ~tmp~20#1; {24998#false} is VALID [2022-02-20 17:56:39,194 INFO L290 TraceCheckUtils]: 74: Hoare triple {24998#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {24998#false} is VALID [2022-02-20 17:56:39,194 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {24997#true} {24998#false} #1005#return; {24998#false} is VALID [2022-02-20 17:56:39,194 INFO L290 TraceCheckUtils]: 72: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,195 INFO L290 TraceCheckUtils]: 71: Hoare triple {24997#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:39,195 INFO L290 TraceCheckUtils]: 70: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:39,195 INFO L272 TraceCheckUtils]: 69: Hoare triple {24998#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24997#true} is VALID [2022-02-20 17:56:39,195 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {24997#true} {24998#false} #1003#return; {24998#false} is VALID [2022-02-20 17:56:39,195 INFO L290 TraceCheckUtils]: 67: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,195 INFO L290 TraceCheckUtils]: 66: Hoare triple {24997#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:39,195 INFO L290 TraceCheckUtils]: 65: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:39,196 INFO L272 TraceCheckUtils]: 64: Hoare triple {24998#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24997#true} is VALID [2022-02-20 17:56:39,196 INFO L290 TraceCheckUtils]: 63: Hoare triple {24998#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24998#false} is VALID [2022-02-20 17:56:39,196 INFO L272 TraceCheckUtils]: 62: Hoare triple {24998#false} call sendEmail(~bob~0, ~rjh~0); {24998#false} is VALID [2022-02-20 17:56:39,196 INFO L290 TraceCheckUtils]: 61: Hoare triple {24998#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret27#1, bobToRjh_#t~ret28#1, bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_~tmp~6#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~6#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret27#1 := puts(14, 0);assume -2147483648 <= bobToRjh_#t~ret27#1 && bobToRjh_#t~ret27#1 <= 2147483647;havoc bobToRjh_#t~ret27#1; {24998#false} is VALID [2022-02-20 17:56:39,207 INFO L290 TraceCheckUtils]: 60: Hoare triple {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {24998#false} is VALID [2022-02-20 17:56:39,208 INFO L290 TraceCheckUtils]: 59: Hoare triple {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:39,208 INFO L290 TraceCheckUtils]: 58: Hoare triple {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:39,209 INFO L290 TraceCheckUtils]: 57: Hoare triple {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:39,209 INFO L290 TraceCheckUtils]: 56: Hoare triple {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:39,210 INFO L290 TraceCheckUtils]: 55: Hoare triple {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:39,210 INFO L290 TraceCheckUtils]: 54: Hoare triple {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet97#1 && test_#t~nondet97#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet97#1;havoc test_#t~nondet97#1; {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:39,210 INFO L290 TraceCheckUtils]: 53: Hoare triple {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:39,211 INFO L290 TraceCheckUtils]: 52: Hoare triple {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet96#1 && test_#t~nondet96#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet96#1;havoc test_#t~nondet96#1; {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:39,211 INFO L290 TraceCheckUtils]: 51: Hoare triple {25622#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25594#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:39,212 INFO L290 TraceCheckUtils]: 50: Hoare triple {25622#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {25622#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:56:39,212 INFO L290 TraceCheckUtils]: 49: Hoare triple {25622#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {25622#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:56:39,213 INFO L290 TraceCheckUtils]: 48: Hoare triple {24997#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet96#1, test_#t~nondet97#1, test_#t~nondet98#1, test_#t~nondet99#1, test_#t~nondet100#1, test_#t~nondet101#1, test_#t~nondet102#1, test_#t~nondet103#1, test_#t~nondet104#1, test_#t~nondet105#1, test_#t~nondet106#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~24#1, test_~tmp___0~8#1, test_~tmp___1~4#1, test_~tmp___2~3#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~24#1;havoc test_~tmp___0~8#1;havoc test_~tmp___1~4#1;havoc test_~tmp___2~3#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25622#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:56:39,213 INFO L290 TraceCheckUtils]: 47: Hoare triple {24997#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 18, 0;havoc setup_#t~nondet34#1; {24997#true} is VALID [2022-02-20 17:56:39,213 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {24997#true} {24997#true} #1027#return; {24997#true} is VALID [2022-02-20 17:56:39,213 INFO L290 TraceCheckUtils]: 45: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,213 INFO L290 TraceCheckUtils]: 44: Hoare triple {24997#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:39,213 INFO L290 TraceCheckUtils]: 43: Hoare triple {24997#true} assume !(2 == ~handle); {24997#true} is VALID [2022-02-20 17:56:39,213 INFO L290 TraceCheckUtils]: 42: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:39,213 INFO L290 TraceCheckUtils]: 41: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:39,213 INFO L272 TraceCheckUtils]: 40: Hoare triple {24997#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24997#true} is VALID [2022-02-20 17:56:39,213 INFO L290 TraceCheckUtils]: 39: Hoare triple {24997#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {24997#true} is VALID [2022-02-20 17:56:39,214 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24997#true} {24997#true} #1025#return; {24997#true} is VALID [2022-02-20 17:56:39,214 INFO L290 TraceCheckUtils]: 37: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,214 INFO L290 TraceCheckUtils]: 36: Hoare triple {24997#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:39,214 INFO L290 TraceCheckUtils]: 35: Hoare triple {24997#true} assume !(2 == ~handle); {24997#true} is VALID [2022-02-20 17:56:39,214 INFO L290 TraceCheckUtils]: 34: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:39,214 INFO L290 TraceCheckUtils]: 33: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:39,214 INFO L272 TraceCheckUtils]: 32: Hoare triple {24997#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24997#true} is VALID [2022-02-20 17:56:39,215 INFO L290 TraceCheckUtils]: 31: Hoare triple {24997#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 17, 0;havoc setup_#t~nondet33#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24997#true} is VALID [2022-02-20 17:56:39,215 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24997#true} {24997#true} #1023#return; {24997#true} is VALID [2022-02-20 17:56:39,215 INFO L290 TraceCheckUtils]: 29: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,215 INFO L290 TraceCheckUtils]: 28: Hoare triple {24997#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:39,215 INFO L290 TraceCheckUtils]: 27: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:39,215 INFO L290 TraceCheckUtils]: 26: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:39,216 INFO L272 TraceCheckUtils]: 25: Hoare triple {24997#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24997#true} is VALID [2022-02-20 17:56:39,216 INFO L290 TraceCheckUtils]: 24: Hoare triple {24997#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24997#true} is VALID [2022-02-20 17:56:39,216 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24997#true} {24997#true} #1021#return; {24997#true} is VALID [2022-02-20 17:56:39,216 INFO L290 TraceCheckUtils]: 22: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,216 INFO L290 TraceCheckUtils]: 21: Hoare triple {24997#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:39,216 INFO L290 TraceCheckUtils]: 20: Hoare triple {24997#true} assume !(1 == ~handle); {24997#true} is VALID [2022-02-20 17:56:39,216 INFO L290 TraceCheckUtils]: 19: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:39,217 INFO L272 TraceCheckUtils]: 18: Hoare triple {24997#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24997#true} is VALID [2022-02-20 17:56:39,217 INFO L290 TraceCheckUtils]: 17: Hoare triple {24997#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 16, 0;havoc setup_#t~nondet32#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24997#true} is VALID [2022-02-20 17:56:39,217 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24997#true} {24997#true} #1019#return; {24997#true} is VALID [2022-02-20 17:56:39,217 INFO L290 TraceCheckUtils]: 15: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,217 INFO L290 TraceCheckUtils]: 14: Hoare triple {24997#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:39,217 INFO L290 TraceCheckUtils]: 13: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:39,217 INFO L272 TraceCheckUtils]: 12: Hoare triple {24997#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24997#true} is VALID [2022-02-20 17:56:39,218 INFO L290 TraceCheckUtils]: 11: Hoare triple {24997#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24997#true} is VALID [2022-02-20 17:56:39,218 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24997#true} {24997#true} #1017#return; {24997#true} is VALID [2022-02-20 17:56:39,218 INFO L290 TraceCheckUtils]: 9: Hoare triple {24997#true} assume true; {24997#true} is VALID [2022-02-20 17:56:39,218 INFO L290 TraceCheckUtils]: 8: Hoare triple {24997#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24997#true} is VALID [2022-02-20 17:56:39,218 INFO L290 TraceCheckUtils]: 7: Hoare triple {24997#true} ~handle := #in~handle;~value := #in~value; {24997#true} is VALID [2022-02-20 17:56:39,218 INFO L272 TraceCheckUtils]: 6: Hoare triple {24997#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24997#true} is VALID [2022-02-20 17:56:39,218 INFO L290 TraceCheckUtils]: 5: Hoare triple {24997#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet32#1, setup_#t~nondet33#1, setup_#t~nondet34#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24997#true} is VALID [2022-02-20 17:56:39,219 INFO L290 TraceCheckUtils]: 4: Hoare triple {24997#true} main_#t~ret35#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {24997#true} is VALID [2022-02-20 17:56:39,219 INFO L290 TraceCheckUtils]: 3: Hoare triple {24997#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~42#1;havoc valid_product_~retValue_acc~42#1;valid_product_~retValue_acc~42#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~42#1; {24997#true} is VALID [2022-02-20 17:56:39,219 INFO L290 TraceCheckUtils]: 2: Hoare triple {24997#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24997#true} is VALID [2022-02-20 17:56:39,219 INFO L290 TraceCheckUtils]: 1: Hoare triple {24997#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret35#1, main_~retValue_acc~4#1, main_~tmp~7#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {24997#true} is VALID [2022-02-20 17:56:39,219 INFO L290 TraceCheckUtils]: 0: Hoare triple {24997#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(13, 13);call #Ultimate.allocInit(44, 14);call #Ultimate.allocInit(44, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(11, 18);call #Ultimate.allocInit(19, 19);call #Ultimate.allocInit(4, 20);call write~init~int(37, 20, 0, 1);call write~init~int(100, 20, 1, 1);call write~init~int(10, 20, 2, 1);call write~init~int(0, 20, 3, 1);call #Ultimate.allocInit(4, 21);call write~init~int(37, 21, 0, 1);call write~init~int(100, 21, 1, 1);call write~init~int(10, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(21, 24);call #Ultimate.allocInit(30, 25);call #Ultimate.allocInit(9, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(30, 28);call #Ultimate.allocInit(9, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(30, 31);call #Ultimate.allocInit(9, 32);call #Ultimate.allocInit(25, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(20, 36);call #Ultimate.allocInit(22, 37);call #Ultimate.allocInit(4, 38);call write~init~int(37, 38, 0, 1);call write~init~int(115, 38, 1, 1);call write~init~int(10, 38, 2, 1);call write~init~int(0, 38, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~mail_is_sensitive~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {24997#true} is VALID [2022-02-20 17:56:39,220 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:56:39,220 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [832369513] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 17:56:39,220 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 17:56:39,220 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15 [2022-02-20 17:56:39,221 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1256631755] [2022-02-20 17:56:39,221 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 17:56:39,222 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 9.642857142857142) internal successors, (135), 11 states have internal predecessors, (135), 4 states have call successors, (31), 6 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) Word has length 118 [2022-02-20 17:56:39,281 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:39,282 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 14 states have (on average 9.642857142857142) internal successors, (135), 11 states have internal predecessors, (135), 4 states have call successors, (31), 6 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24) [2022-02-20 17:56:39,406 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 190 edges. 190 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:39,406 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 17:56:39,406 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:39,406 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 17:56:39,406 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=177, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:56:39,407 INFO L87 Difference]: Start difference. First operand 399 states and 604 transitions. Second operand has 15 states, 14 states have (on average 9.642857142857142) internal successors, (135), 11 states have internal predecessors, (135), 4 states have call successors, (31), 6 states have call predecessors, (31), 3 states have return successors, (24), 3 states have call predecessors, (24), 4 states have call successors, (24)