./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec1_product32.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec1_product32.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 23422b93e8eb894b39d133f7e6eb45372f0db0df72df3fa3f3890b8e90f2fd0e --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:55:50,595 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:55:50,597 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:55:50,626 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:55:50,628 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:55:50,630 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:55:50,632 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:55:50,636 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:55:50,638 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:55:50,641 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:55:50,642 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:55:50,643 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:55:50,643 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:55:50,645 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:55:50,646 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:55:50,647 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:55:50,648 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:55:50,648 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:55:50,651 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:55:50,655 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:55:50,656 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:55:50,657 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:55:50,658 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:55:50,659 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:55:50,663 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:55:50,663 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:55:50,664 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:55:50,665 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:55:50,665 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:55:50,665 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:55:50,666 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:55:50,666 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:55:50,668 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:55:50,668 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:55:50,669 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:55:50,669 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:55:50,670 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:55:50,670 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:55:50,671 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:55:50,671 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:55:50,672 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:55:50,673 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:55:50,701 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:55:50,702 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:55:50,702 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:55:50,702 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:55:50,703 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:55:50,703 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:55:50,704 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:55:50,704 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:55:50,704 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:55:50,704 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:55:50,705 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:55:50,705 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:55:50,705 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:55:50,705 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:55:50,705 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:55:50,705 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:55:50,705 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:55:50,706 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:55:50,706 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:55:50,706 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:55:50,706 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:55:50,706 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:55:50,706 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:55:50,706 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:55:50,707 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:50,707 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:55:50,707 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:55:50,707 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:55:50,707 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:55:50,707 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:55:50,707 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:55:50,708 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:55:50,708 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:55:50,708 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 23422b93e8eb894b39d133f7e6eb45372f0db0df72df3fa3f3890b8e90f2fd0e [2022-02-20 17:55:50,954 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:55:50,978 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:55:50,980 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:55:50,980 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:55:50,981 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:55:50,982 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec1_product32.cil.c [2022-02-20 17:55:51,028 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/658553fd3/53d57536aa094fdead92a08c9d04287e/FLAG4f47f0aa4 [2022-02-20 17:55:51,483 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:55:51,487 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product32.cil.c [2022-02-20 17:55:51,514 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/658553fd3/53d57536aa094fdead92a08c9d04287e/FLAG4f47f0aa4 [2022-02-20 17:55:51,845 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/658553fd3/53d57536aa094fdead92a08c9d04287e [2022-02-20 17:55:51,847 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:55:51,848 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:55:51,853 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:51,853 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:55:51,855 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:55:51,856 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:51" (1/1) ... [2022-02-20 17:55:51,857 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@20d98baa and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:51, skipping insertion in model container [2022-02-20 17:55:51,857 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:55:51" (1/1) ... [2022-02-20 17:55:51,861 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:55:51,917 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:55:52,421 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product32.cil.c[65472,65485] [2022-02-20 17:55:52,423 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:52,433 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:55:52,542 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec1_product32.cil.c[65472,65485] [2022-02-20 17:55:52,544 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:55:52,577 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:55:52,578 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52 WrapperNode [2022-02-20 17:55:52,578 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:55:52,579 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:52,579 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:55:52,579 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:55:52,585 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,612 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,674 INFO L137 Inliner]: procedures = 134, calls = 237, calls flagged for inlining = 61, calls inlined = 53, statements flattened = 987 [2022-02-20 17:55:52,677 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:55:52,678 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:55:52,678 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:55:52,678 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:55:52,684 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,684 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,688 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,689 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,702 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,729 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,733 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,739 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:55:52,739 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:55:52,740 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:55:52,740 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:55:52,740 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (1/1) ... [2022-02-20 17:55:52,765 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:55:52,773 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:52,804 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:55:52,822 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:55:52,840 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:55:52,840 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:55:52,840 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:55:52,841 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:55:52,841 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:55:52,841 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:55:52,841 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:55:52,841 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:55:52,841 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:55:52,841 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:55:52,841 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:55:52,841 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:55:52,842 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__AutoResponder [2022-02-20 17:55:52,842 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__AutoResponder [2022-02-20 17:55:52,842 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:55:52,842 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:55:52,842 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:55:52,842 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:55:52,842 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:55:52,842 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:55:52,842 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:55:52,843 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:55:52,843 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:55:52,843 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:55:52,843 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:55:52,843 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:55:52,843 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:55:52,843 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:55:52,843 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:55:52,844 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:55:52,844 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:55:52,844 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:55:52,844 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:55:52,844 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:55:52,844 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:55:52,844 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:55:52,845 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:55:52,845 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:55:52,845 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:55:52,845 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:55:52,845 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:55:52,845 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:55:52,846 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:55:52,846 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:55:52,846 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:55:52,846 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:55:52,846 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:55:52,846 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:55:52,846 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:55:52,846 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:55:52,847 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:55:52,847 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:55:52,847 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:55:52,847 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:55:52,848 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:55:52,848 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:55:52,848 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:55:52,849 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:55:52,850 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:55:52,850 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:55:52,850 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:55:53,088 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:55:53,089 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:55:53,886 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:55:53,919 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:55:53,919 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:55:53,921 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:53 BoogieIcfgContainer [2022-02-20 17:55:53,921 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:55:53,923 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:55:53,923 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:55:53,925 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:55:53,925 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:55:51" (1/3) ... [2022-02-20 17:55:53,926 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7d0f895a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:53, skipping insertion in model container [2022-02-20 17:55:53,926 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:55:52" (2/3) ... [2022-02-20 17:55:53,926 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7d0f895a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:55:53, skipping insertion in model container [2022-02-20 17:55:53,926 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:55:53" (3/3) ... [2022-02-20 17:55:53,927 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec1_product32.cil.c [2022-02-20 17:55:53,931 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:55:53,931 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:55:53,965 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:55:53,970 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:55:53,970 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:55:53,992 INFO L276 IsEmpty]: Start isEmpty. Operand has 425 states, 330 states have (on average 1.5515151515151515) internal successors, (512), 335 states have internal predecessors, (512), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:55:54,003 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2022-02-20 17:55:54,003 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:54,004 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:54,005 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:54,008 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:54,009 INFO L85 PathProgramCache]: Analyzing trace with hash -1920042768, now seen corresponding path program 1 times [2022-02-20 17:55:54,015 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:54,016 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [394856693] [2022-02-20 17:55:54,016 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:54,017 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:54,151 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,306 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:54,314 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,325 INFO L290 TraceCheckUtils]: 0: Hoare triple {488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,326 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,326 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,326 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {428#true} #1278#return; {428#true} is VALID [2022-02-20 17:55:54,332 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:54,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,338 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,338 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {428#true} #1280#return; {428#true} is VALID [2022-02-20 17:55:54,339 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:54,341 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,357 INFO L290 TraceCheckUtils]: 0: Hoare triple {488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:54,358 INFO L290 TraceCheckUtils]: 1: Hoare triple {490#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {491#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:54,358 INFO L290 TraceCheckUtils]: 2: Hoare triple {491#(= |setClientId_#in~handle| 1)} assume true; {491#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:54,359 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {491#(= |setClientId_#in~handle| 1)} {438#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1282#return; {429#false} is VALID [2022-02-20 17:55:54,359 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:54,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,364 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,364 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1284#return; {429#false} is VALID [2022-02-20 17:55:54,365 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:54,367 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,370 INFO L290 TraceCheckUtils]: 0: Hoare triple {488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,371 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,372 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,373 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1286#return; {429#false} is VALID [2022-02-20 17:55:54,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:54,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,384 INFO L290 TraceCheckUtils]: 0: Hoare triple {489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,385 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,385 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,385 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1288#return; {429#false} is VALID [2022-02-20 17:55:54,392 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:55:54,394 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,397 INFO L290 TraceCheckUtils]: 0: Hoare triple {492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,398 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,398 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1220#return; {429#false} is VALID [2022-02-20 17:55:54,405 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:55:54,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,411 INFO L290 TraceCheckUtils]: 0: Hoare triple {493#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,412 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,412 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1222#return; {429#false} is VALID [2022-02-20 17:55:54,412 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:55:54,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,417 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~31; {428#true} is VALID [2022-02-20 17:55:54,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {428#true} is VALID [2022-02-20 17:55:54,418 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,418 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1200#return; {429#false} is VALID [2022-02-20 17:55:54,418 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:55:54,420 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,424 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~25; {428#true} is VALID [2022-02-20 17:55:54,424 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {428#true} is VALID [2022-02-20 17:55:54,425 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,425 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1202#return; {429#false} is VALID [2022-02-20 17:55:54,425 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:55:54,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,432 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~10; {428#true} is VALID [2022-02-20 17:55:54,432 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {428#true} is VALID [2022-02-20 17:55:54,433 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,433 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1234#return; {429#false} is VALID [2022-02-20 17:55:54,433 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:55:54,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,441 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {428#true} is VALID [2022-02-20 17:55:54,442 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle; {428#true} is VALID [2022-02-20 17:55:54,442 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {428#true} is VALID [2022-02-20 17:55:54,445 INFO L290 TraceCheckUtils]: 3: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,445 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {428#true} {429#false} #1236#return; {429#false} is VALID [2022-02-20 17:55:54,445 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:55:54,449 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,454 INFO L290 TraceCheckUtils]: 0: Hoare triple {492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,454 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,454 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,455 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1242#return; {429#false} is VALID [2022-02-20 17:55:54,455 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:55:54,456 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,458 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~13; {428#true} is VALID [2022-02-20 17:55:54,458 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {428#true} is VALID [2022-02-20 17:55:54,459 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,459 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {428#true} {429#false} #1246#return; {429#false} is VALID [2022-02-20 17:55:54,460 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {428#true} is VALID [2022-02-20 17:55:54,460 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {428#true} is VALID [2022-02-20 17:55:54,460 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {428#true} is VALID [2022-02-20 17:55:54,461 INFO L290 TraceCheckUtils]: 3: Hoare triple {428#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {428#true} is VALID [2022-02-20 17:55:54,461 INFO L290 TraceCheckUtils]: 4: Hoare triple {428#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {428#true} is VALID [2022-02-20 17:55:54,463 INFO L290 TraceCheckUtils]: 5: Hoare triple {428#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {428#true} is VALID [2022-02-20 17:55:54,464 INFO L272 TraceCheckUtils]: 6: Hoare triple {428#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:54,464 INFO L290 TraceCheckUtils]: 7: Hoare triple {488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,464 INFO L290 TraceCheckUtils]: 8: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,464 INFO L290 TraceCheckUtils]: 9: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,464 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {428#true} {428#true} #1278#return; {428#true} is VALID [2022-02-20 17:55:54,465 INFO L290 TraceCheckUtils]: 11: Hoare triple {428#true} assume { :end_inline_setup_bob__wrappee__Base } true; {428#true} is VALID [2022-02-20 17:55:54,466 INFO L272 TraceCheckUtils]: 12: Hoare triple {428#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:54,466 INFO L290 TraceCheckUtils]: 13: Hoare triple {489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,466 INFO L290 TraceCheckUtils]: 14: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,466 INFO L290 TraceCheckUtils]: 15: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,466 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {428#true} {428#true} #1280#return; {428#true} is VALID [2022-02-20 17:55:54,467 INFO L290 TraceCheckUtils]: 17: Hoare triple {428#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {438#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:54,468 INFO L272 TraceCheckUtils]: 18: Hoare triple {438#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:54,468 INFO L290 TraceCheckUtils]: 19: Hoare triple {488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {490#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:54,469 INFO L290 TraceCheckUtils]: 20: Hoare triple {490#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {491#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:54,469 INFO L290 TraceCheckUtils]: 21: Hoare triple {491#(= |setClientId_#in~handle| 1)} assume true; {491#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:54,470 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {491#(= |setClientId_#in~handle| 1)} {438#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1282#return; {429#false} is VALID [2022-02-20 17:55:54,470 INFO L290 TraceCheckUtils]: 23: Hoare triple {429#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {429#false} is VALID [2022-02-20 17:55:54,470 INFO L272 TraceCheckUtils]: 24: Hoare triple {429#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:54,470 INFO L290 TraceCheckUtils]: 25: Hoare triple {489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,471 INFO L290 TraceCheckUtils]: 26: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,471 INFO L290 TraceCheckUtils]: 27: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,471 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {428#true} {429#false} #1284#return; {429#false} is VALID [2022-02-20 17:55:54,471 INFO L290 TraceCheckUtils]: 29: Hoare triple {429#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {429#false} is VALID [2022-02-20 17:55:54,472 INFO L272 TraceCheckUtils]: 30: Hoare triple {429#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:54,472 INFO L290 TraceCheckUtils]: 31: Hoare triple {488#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,472 INFO L290 TraceCheckUtils]: 32: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,472 INFO L290 TraceCheckUtils]: 33: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,473 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {428#true} {429#false} #1286#return; {429#false} is VALID [2022-02-20 17:55:54,473 INFO L290 TraceCheckUtils]: 35: Hoare triple {429#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {429#false} is VALID [2022-02-20 17:55:54,473 INFO L272 TraceCheckUtils]: 36: Hoare triple {429#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:54,473 INFO L290 TraceCheckUtils]: 37: Hoare triple {489#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,473 INFO L290 TraceCheckUtils]: 38: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,474 INFO L290 TraceCheckUtils]: 39: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,474 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {428#true} {429#false} #1288#return; {429#false} is VALID [2022-02-20 17:55:54,474 INFO L290 TraceCheckUtils]: 41: Hoare triple {429#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {429#false} is VALID [2022-02-20 17:55:54,474 INFO L290 TraceCheckUtils]: 42: Hoare triple {429#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {429#false} is VALID [2022-02-20 17:55:54,475 INFO L290 TraceCheckUtils]: 43: Hoare triple {429#false} assume !true; {429#false} is VALID [2022-02-20 17:55:54,475 INFO L290 TraceCheckUtils]: 44: Hoare triple {429#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {429#false} is VALID [2022-02-20 17:55:54,475 INFO L272 TraceCheckUtils]: 45: Hoare triple {429#false} call sendEmail(~bob~0, ~rjh~0); {429#false} is VALID [2022-02-20 17:55:54,475 INFO L290 TraceCheckUtils]: 46: Hoare triple {429#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {429#false} is VALID [2022-02-20 17:55:54,476 INFO L272 TraceCheckUtils]: 47: Hoare triple {429#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:54,476 INFO L290 TraceCheckUtils]: 48: Hoare triple {492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,476 INFO L290 TraceCheckUtils]: 49: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,476 INFO L290 TraceCheckUtils]: 50: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,477 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {428#true} {429#false} #1220#return; {429#false} is VALID [2022-02-20 17:55:54,477 INFO L272 TraceCheckUtils]: 52: Hoare triple {429#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {493#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:54,477 INFO L290 TraceCheckUtils]: 53: Hoare triple {493#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,477 INFO L290 TraceCheckUtils]: 54: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,477 INFO L290 TraceCheckUtils]: 55: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,477 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {428#true} {429#false} #1222#return; {429#false} is VALID [2022-02-20 17:55:54,478 INFO L290 TraceCheckUtils]: 57: Hoare triple {429#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {429#false} is VALID [2022-02-20 17:55:54,478 INFO L290 TraceCheckUtils]: 58: Hoare triple {429#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {429#false} is VALID [2022-02-20 17:55:54,478 INFO L272 TraceCheckUtils]: 59: Hoare triple {429#false} call outgoing(~sender#1, ~email~0#1); {429#false} is VALID [2022-02-20 17:55:54,478 INFO L290 TraceCheckUtils]: 60: Hoare triple {429#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {429#false} is VALID [2022-02-20 17:55:54,478 INFO L272 TraceCheckUtils]: 61: Hoare triple {429#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {428#true} is VALID [2022-02-20 17:55:54,479 INFO L290 TraceCheckUtils]: 62: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~31; {428#true} is VALID [2022-02-20 17:55:54,479 INFO L290 TraceCheckUtils]: 63: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {428#true} is VALID [2022-02-20 17:55:54,479 INFO L290 TraceCheckUtils]: 64: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,479 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {428#true} {429#false} #1200#return; {429#false} is VALID [2022-02-20 17:55:54,479 INFO L290 TraceCheckUtils]: 66: Hoare triple {429#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {429#false} is VALID [2022-02-20 17:55:54,479 INFO L290 TraceCheckUtils]: 67: Hoare triple {429#false} assume 0 == sign_~privkey~1#1; {429#false} is VALID [2022-02-20 17:55:54,480 INFO L290 TraceCheckUtils]: 68: Hoare triple {429#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {429#false} is VALID [2022-02-20 17:55:54,480 INFO L272 TraceCheckUtils]: 69: Hoare triple {429#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {428#true} is VALID [2022-02-20 17:55:54,480 INFO L290 TraceCheckUtils]: 70: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~25; {428#true} is VALID [2022-02-20 17:55:54,480 INFO L290 TraceCheckUtils]: 71: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {428#true} is VALID [2022-02-20 17:55:54,480 INFO L290 TraceCheckUtils]: 72: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,481 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {428#true} {429#false} #1202#return; {429#false} is VALID [2022-02-20 17:55:54,481 INFO L290 TraceCheckUtils]: 74: Hoare triple {429#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {429#false} is VALID [2022-02-20 17:55:54,481 INFO L290 TraceCheckUtils]: 75: Hoare triple {429#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {429#false} is VALID [2022-02-20 17:55:54,481 INFO L272 TraceCheckUtils]: 76: Hoare triple {429#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {429#false} is VALID [2022-02-20 17:55:54,481 INFO L290 TraceCheckUtils]: 77: Hoare triple {429#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {429#false} is VALID [2022-02-20 17:55:54,482 INFO L272 TraceCheckUtils]: 78: Hoare triple {429#false} call #t~ret19#1 := getEmailTo(~msg#1); {428#true} is VALID [2022-02-20 17:55:54,482 INFO L290 TraceCheckUtils]: 79: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~10; {428#true} is VALID [2022-02-20 17:55:54,482 INFO L290 TraceCheckUtils]: 80: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {428#true} is VALID [2022-02-20 17:55:54,482 INFO L290 TraceCheckUtils]: 81: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,482 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {428#true} {429#false} #1234#return; {429#false} is VALID [2022-02-20 17:55:54,483 INFO L290 TraceCheckUtils]: 83: Hoare triple {429#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {429#false} is VALID [2022-02-20 17:55:54,483 INFO L272 TraceCheckUtils]: 84: Hoare triple {429#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {428#true} is VALID [2022-02-20 17:55:54,483 INFO L290 TraceCheckUtils]: 85: Hoare triple {428#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {428#true} is VALID [2022-02-20 17:55:54,483 INFO L290 TraceCheckUtils]: 86: Hoare triple {428#true} assume 1 == ~handle; {428#true} is VALID [2022-02-20 17:55:54,483 INFO L290 TraceCheckUtils]: 87: Hoare triple {428#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {428#true} is VALID [2022-02-20 17:55:54,483 INFO L290 TraceCheckUtils]: 88: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,484 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {428#true} {429#false} #1236#return; {429#false} is VALID [2022-02-20 17:55:54,484 INFO L290 TraceCheckUtils]: 90: Hoare triple {429#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {429#false} is VALID [2022-02-20 17:55:54,484 INFO L290 TraceCheckUtils]: 91: Hoare triple {429#false} assume !(0 != ~pubkey~0#1); {429#false} is VALID [2022-02-20 17:55:54,484 INFO L290 TraceCheckUtils]: 92: Hoare triple {429#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {429#false} is VALID [2022-02-20 17:55:54,484 INFO L290 TraceCheckUtils]: 93: Hoare triple {429#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {429#false} is VALID [2022-02-20 17:55:54,485 INFO L290 TraceCheckUtils]: 94: Hoare triple {429#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {429#false} is VALID [2022-02-20 17:55:54,485 INFO L272 TraceCheckUtils]: 95: Hoare triple {429#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:54,485 INFO L290 TraceCheckUtils]: 96: Hoare triple {492#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:54,485 INFO L290 TraceCheckUtils]: 97: Hoare triple {428#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:54,485 INFO L290 TraceCheckUtils]: 98: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,485 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {428#true} {429#false} #1242#return; {429#false} is VALID [2022-02-20 17:55:54,486 INFO L290 TraceCheckUtils]: 100: Hoare triple {429#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {429#false} is VALID [2022-02-20 17:55:54,486 INFO L290 TraceCheckUtils]: 101: Hoare triple {429#false} assume !(-1 == ~mail_is_sensitive~0); {429#false} is VALID [2022-02-20 17:55:54,486 INFO L272 TraceCheckUtils]: 102: Hoare triple {429#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {428#true} is VALID [2022-02-20 17:55:54,486 INFO L290 TraceCheckUtils]: 103: Hoare triple {428#true} ~handle := #in~handle;havoc ~retValue_acc~13; {428#true} is VALID [2022-02-20 17:55:54,486 INFO L290 TraceCheckUtils]: 104: Hoare triple {428#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {428#true} is VALID [2022-02-20 17:55:54,487 INFO L290 TraceCheckUtils]: 105: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:54,487 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {428#true} {429#false} #1246#return; {429#false} is VALID [2022-02-20 17:55:54,488 INFO L290 TraceCheckUtils]: 107: Hoare triple {429#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {429#false} is VALID [2022-02-20 17:55:54,488 INFO L290 TraceCheckUtils]: 108: Hoare triple {429#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {429#false} is VALID [2022-02-20 17:55:54,488 INFO L290 TraceCheckUtils]: 109: Hoare triple {429#false} assume !false; {429#false} is VALID [2022-02-20 17:55:54,489 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:54,489 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:54,490 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [394856693] [2022-02-20 17:55:54,490 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [394856693] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:54,490 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [306192831] [2022-02-20 17:55:54,491 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:54,491 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:54,491 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:54,493 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:54,524 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:55:54,777 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,782 INFO L263 TraceCheckSpWp]: Trace formula consists of 1146 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:55:54,869 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:54,876 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:55,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {428#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {428#true} is VALID [2022-02-20 17:55:55,076 INFO L290 TraceCheckUtils]: 1: Hoare triple {428#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {428#true} is VALID [2022-02-20 17:55:55,077 INFO L290 TraceCheckUtils]: 2: Hoare triple {428#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {428#true} is VALID [2022-02-20 17:55:55,077 INFO L290 TraceCheckUtils]: 3: Hoare triple {428#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {428#true} is VALID [2022-02-20 17:55:55,077 INFO L290 TraceCheckUtils]: 4: Hoare triple {428#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {428#true} is VALID [2022-02-20 17:55:55,077 INFO L290 TraceCheckUtils]: 5: Hoare triple {428#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {428#true} is VALID [2022-02-20 17:55:55,077 INFO L272 TraceCheckUtils]: 6: Hoare triple {428#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {428#true} is VALID [2022-02-20 17:55:55,077 INFO L290 TraceCheckUtils]: 7: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:55,078 INFO L290 TraceCheckUtils]: 8: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:55,078 INFO L290 TraceCheckUtils]: 9: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:55,078 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {428#true} {428#true} #1278#return; {428#true} is VALID [2022-02-20 17:55:55,078 INFO L290 TraceCheckUtils]: 11: Hoare triple {428#true} assume { :end_inline_setup_bob__wrappee__Base } true; {428#true} is VALID [2022-02-20 17:55:55,078 INFO L272 TraceCheckUtils]: 12: Hoare triple {428#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {428#true} is VALID [2022-02-20 17:55:55,078 INFO L290 TraceCheckUtils]: 13: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:55,079 INFO L290 TraceCheckUtils]: 14: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:55,079 INFO L290 TraceCheckUtils]: 15: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:55,095 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {428#true} {428#true} #1280#return; {428#true} is VALID [2022-02-20 17:55:55,095 INFO L290 TraceCheckUtils]: 17: Hoare triple {428#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {428#true} is VALID [2022-02-20 17:55:55,096 INFO L272 TraceCheckUtils]: 18: Hoare triple {428#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {428#true} is VALID [2022-02-20 17:55:55,096 INFO L290 TraceCheckUtils]: 19: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:55,096 INFO L290 TraceCheckUtils]: 20: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:55,096 INFO L290 TraceCheckUtils]: 21: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:55,096 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {428#true} {428#true} #1282#return; {428#true} is VALID [2022-02-20 17:55:55,097 INFO L290 TraceCheckUtils]: 23: Hoare triple {428#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {428#true} is VALID [2022-02-20 17:55:55,097 INFO L272 TraceCheckUtils]: 24: Hoare triple {428#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {428#true} is VALID [2022-02-20 17:55:55,097 INFO L290 TraceCheckUtils]: 25: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:55,097 INFO L290 TraceCheckUtils]: 26: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:55,097 INFO L290 TraceCheckUtils]: 27: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:55,098 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {428#true} {428#true} #1284#return; {428#true} is VALID [2022-02-20 17:55:55,098 INFO L290 TraceCheckUtils]: 29: Hoare triple {428#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {428#true} is VALID [2022-02-20 17:55:55,098 INFO L272 TraceCheckUtils]: 30: Hoare triple {428#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {428#true} is VALID [2022-02-20 17:55:55,098 INFO L290 TraceCheckUtils]: 31: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:55,099 INFO L290 TraceCheckUtils]: 32: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:55,099 INFO L290 TraceCheckUtils]: 33: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:55,099 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {428#true} {428#true} #1286#return; {428#true} is VALID [2022-02-20 17:55:55,099 INFO L290 TraceCheckUtils]: 35: Hoare triple {428#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {428#true} is VALID [2022-02-20 17:55:55,099 INFO L272 TraceCheckUtils]: 36: Hoare triple {428#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {428#true} is VALID [2022-02-20 17:55:55,100 INFO L290 TraceCheckUtils]: 37: Hoare triple {428#true} ~handle := #in~handle;~value := #in~value; {428#true} is VALID [2022-02-20 17:55:55,100 INFO L290 TraceCheckUtils]: 38: Hoare triple {428#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {428#true} is VALID [2022-02-20 17:55:55,100 INFO L290 TraceCheckUtils]: 39: Hoare triple {428#true} assume true; {428#true} is VALID [2022-02-20 17:55:55,100 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {428#true} {428#true} #1288#return; {428#true} is VALID [2022-02-20 17:55:55,100 INFO L290 TraceCheckUtils]: 41: Hoare triple {428#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {428#true} is VALID [2022-02-20 17:55:55,101 INFO L290 TraceCheckUtils]: 42: Hoare triple {428#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {428#true} is VALID [2022-02-20 17:55:55,101 INFO L290 TraceCheckUtils]: 43: Hoare triple {428#true} assume !true; {429#false} is VALID [2022-02-20 17:55:55,101 INFO L290 TraceCheckUtils]: 44: Hoare triple {429#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {429#false} is VALID [2022-02-20 17:55:55,101 INFO L272 TraceCheckUtils]: 45: Hoare triple {429#false} call sendEmail(~bob~0, ~rjh~0); {429#false} is VALID [2022-02-20 17:55:55,102 INFO L290 TraceCheckUtils]: 46: Hoare triple {429#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {429#false} is VALID [2022-02-20 17:55:55,102 INFO L272 TraceCheckUtils]: 47: Hoare triple {429#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {429#false} is VALID [2022-02-20 17:55:55,102 INFO L290 TraceCheckUtils]: 48: Hoare triple {429#false} ~handle := #in~handle;~value := #in~value; {429#false} is VALID [2022-02-20 17:55:55,102 INFO L290 TraceCheckUtils]: 49: Hoare triple {429#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {429#false} is VALID [2022-02-20 17:55:55,102 INFO L290 TraceCheckUtils]: 50: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:55:55,102 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {429#false} {429#false} #1220#return; {429#false} is VALID [2022-02-20 17:55:55,102 INFO L272 TraceCheckUtils]: 52: Hoare triple {429#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {429#false} is VALID [2022-02-20 17:55:55,102 INFO L290 TraceCheckUtils]: 53: Hoare triple {429#false} ~handle := #in~handle;~value := #in~value; {429#false} is VALID [2022-02-20 17:55:55,103 INFO L290 TraceCheckUtils]: 54: Hoare triple {429#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {429#false} is VALID [2022-02-20 17:55:55,103 INFO L290 TraceCheckUtils]: 55: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:55:55,103 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {429#false} {429#false} #1222#return; {429#false} is VALID [2022-02-20 17:55:55,103 INFO L290 TraceCheckUtils]: 57: Hoare triple {429#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {429#false} is VALID [2022-02-20 17:55:55,103 INFO L290 TraceCheckUtils]: 58: Hoare triple {429#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {429#false} is VALID [2022-02-20 17:55:55,103 INFO L272 TraceCheckUtils]: 59: Hoare triple {429#false} call outgoing(~sender#1, ~email~0#1); {429#false} is VALID [2022-02-20 17:55:55,103 INFO L290 TraceCheckUtils]: 60: Hoare triple {429#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {429#false} is VALID [2022-02-20 17:55:55,103 INFO L272 TraceCheckUtils]: 61: Hoare triple {429#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {429#false} is VALID [2022-02-20 17:55:55,104 INFO L290 TraceCheckUtils]: 62: Hoare triple {429#false} ~handle := #in~handle;havoc ~retValue_acc~31; {429#false} is VALID [2022-02-20 17:55:55,104 INFO L290 TraceCheckUtils]: 63: Hoare triple {429#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {429#false} is VALID [2022-02-20 17:55:55,104 INFO L290 TraceCheckUtils]: 64: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:55:55,104 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {429#false} {429#false} #1200#return; {429#false} is VALID [2022-02-20 17:55:55,104 INFO L290 TraceCheckUtils]: 66: Hoare triple {429#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {429#false} is VALID [2022-02-20 17:55:55,104 INFO L290 TraceCheckUtils]: 67: Hoare triple {429#false} assume 0 == sign_~privkey~1#1; {429#false} is VALID [2022-02-20 17:55:55,105 INFO L290 TraceCheckUtils]: 68: Hoare triple {429#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {429#false} is VALID [2022-02-20 17:55:55,105 INFO L272 TraceCheckUtils]: 69: Hoare triple {429#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {429#false} is VALID [2022-02-20 17:55:55,105 INFO L290 TraceCheckUtils]: 70: Hoare triple {429#false} ~handle := #in~handle;havoc ~retValue_acc~25; {429#false} is VALID [2022-02-20 17:55:55,105 INFO L290 TraceCheckUtils]: 71: Hoare triple {429#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {429#false} is VALID [2022-02-20 17:55:55,105 INFO L290 TraceCheckUtils]: 72: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:55:55,105 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {429#false} {429#false} #1202#return; {429#false} is VALID [2022-02-20 17:55:55,105 INFO L290 TraceCheckUtils]: 74: Hoare triple {429#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {429#false} is VALID [2022-02-20 17:55:55,105 INFO L290 TraceCheckUtils]: 75: Hoare triple {429#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {429#false} is VALID [2022-02-20 17:55:55,106 INFO L272 TraceCheckUtils]: 76: Hoare triple {429#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {429#false} is VALID [2022-02-20 17:55:55,106 INFO L290 TraceCheckUtils]: 77: Hoare triple {429#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {429#false} is VALID [2022-02-20 17:55:55,106 INFO L272 TraceCheckUtils]: 78: Hoare triple {429#false} call #t~ret19#1 := getEmailTo(~msg#1); {429#false} is VALID [2022-02-20 17:55:55,106 INFO L290 TraceCheckUtils]: 79: Hoare triple {429#false} ~handle := #in~handle;havoc ~retValue_acc~10; {429#false} is VALID [2022-02-20 17:55:55,107 INFO L290 TraceCheckUtils]: 80: Hoare triple {429#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {429#false} is VALID [2022-02-20 17:55:55,107 INFO L290 TraceCheckUtils]: 81: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:55:55,107 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {429#false} {429#false} #1234#return; {429#false} is VALID [2022-02-20 17:55:55,107 INFO L290 TraceCheckUtils]: 83: Hoare triple {429#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {429#false} is VALID [2022-02-20 17:55:55,107 INFO L272 TraceCheckUtils]: 84: Hoare triple {429#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {429#false} is VALID [2022-02-20 17:55:55,107 INFO L290 TraceCheckUtils]: 85: Hoare triple {429#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {429#false} is VALID [2022-02-20 17:55:55,108 INFO L290 TraceCheckUtils]: 86: Hoare triple {429#false} assume 1 == ~handle; {429#false} is VALID [2022-02-20 17:55:55,108 INFO L290 TraceCheckUtils]: 87: Hoare triple {429#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {429#false} is VALID [2022-02-20 17:55:55,108 INFO L290 TraceCheckUtils]: 88: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:55:55,108 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {429#false} {429#false} #1236#return; {429#false} is VALID [2022-02-20 17:55:55,108 INFO L290 TraceCheckUtils]: 90: Hoare triple {429#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {429#false} is VALID [2022-02-20 17:55:55,108 INFO L290 TraceCheckUtils]: 91: Hoare triple {429#false} assume !(0 != ~pubkey~0#1); {429#false} is VALID [2022-02-20 17:55:55,109 INFO L290 TraceCheckUtils]: 92: Hoare triple {429#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {429#false} is VALID [2022-02-20 17:55:55,109 INFO L290 TraceCheckUtils]: 93: Hoare triple {429#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {429#false} is VALID [2022-02-20 17:55:55,109 INFO L290 TraceCheckUtils]: 94: Hoare triple {429#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {429#false} is VALID [2022-02-20 17:55:55,109 INFO L272 TraceCheckUtils]: 95: Hoare triple {429#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {429#false} is VALID [2022-02-20 17:55:55,109 INFO L290 TraceCheckUtils]: 96: Hoare triple {429#false} ~handle := #in~handle;~value := #in~value; {429#false} is VALID [2022-02-20 17:55:55,109 INFO L290 TraceCheckUtils]: 97: Hoare triple {429#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {429#false} is VALID [2022-02-20 17:55:55,110 INFO L290 TraceCheckUtils]: 98: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:55:55,110 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {429#false} {429#false} #1242#return; {429#false} is VALID [2022-02-20 17:55:55,110 INFO L290 TraceCheckUtils]: 100: Hoare triple {429#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {429#false} is VALID [2022-02-20 17:55:55,110 INFO L290 TraceCheckUtils]: 101: Hoare triple {429#false} assume !(-1 == ~mail_is_sensitive~0); {429#false} is VALID [2022-02-20 17:55:55,110 INFO L272 TraceCheckUtils]: 102: Hoare triple {429#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {429#false} is VALID [2022-02-20 17:55:55,111 INFO L290 TraceCheckUtils]: 103: Hoare triple {429#false} ~handle := #in~handle;havoc ~retValue_acc~13; {429#false} is VALID [2022-02-20 17:55:55,111 INFO L290 TraceCheckUtils]: 104: Hoare triple {429#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {429#false} is VALID [2022-02-20 17:55:55,111 INFO L290 TraceCheckUtils]: 105: Hoare triple {429#false} assume true; {429#false} is VALID [2022-02-20 17:55:55,111 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {429#false} {429#false} #1246#return; {429#false} is VALID [2022-02-20 17:55:55,111 INFO L290 TraceCheckUtils]: 107: Hoare triple {429#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {429#false} is VALID [2022-02-20 17:55:55,111 INFO L290 TraceCheckUtils]: 108: Hoare triple {429#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {429#false} is VALID [2022-02-20 17:55:55,112 INFO L290 TraceCheckUtils]: 109: Hoare triple {429#false} assume !false; {429#false} is VALID [2022-02-20 17:55:55,112 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:55,112 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:55,113 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [306192831] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:55,113 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:55,113 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:55:55,114 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [902413636] [2022-02-20 17:55:55,115 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:55,131 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 110 [2022-02-20 17:55:55,132 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:55,134 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:55,195 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 95 edges. 95 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:55,195 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:55:55,195 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:55,211 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:55:55,211 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:55,216 INFO L87 Difference]: Start difference. First operand has 425 states, 330 states have (on average 1.5515151515151515) internal successors, (512), 335 states have internal predecessors, (512), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:55,588 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:55,589 INFO L93 Difference]: Finished difference Result 657 states and 974 transitions. [2022-02-20 17:55:55,589 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:55:55,589 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 110 [2022-02-20 17:55:55,589 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:55,590 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:55,609 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 974 transitions. [2022-02-20 17:55:55,610 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:55,620 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 974 transitions. [2022-02-20 17:55:55,621 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 974 transitions. [2022-02-20 17:55:56,276 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 974 edges. 974 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:56,301 INFO L225 Difference]: With dead ends: 657 [2022-02-20 17:55:56,301 INFO L226 Difference]: Without dead ends: 418 [2022-02-20 17:55:56,305 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 141 GetRequests, 134 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:55:56,307 INFO L933 BasicCegarLoop]: 638 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 638 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:56,308 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 638 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:56,319 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 418 states. [2022-02-20 17:55:56,342 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 418 to 418. [2022-02-20 17:55:56,342 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:56,345 INFO L82 GeneralOperation]: Start isEquivalent. First operand 418 states. Second operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:55:56,347 INFO L74 IsIncluded]: Start isIncluded. First operand 418 states. Second operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:55:56,349 INFO L87 Difference]: Start difference. First operand 418 states. Second operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:55:56,370 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:56,370 INFO L93 Difference]: Finished difference Result 418 states and 630 transitions. [2022-02-20 17:55:56,370 INFO L276 IsEmpty]: Start isEmpty. Operand 418 states and 630 transitions. [2022-02-20 17:55:56,373 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:56,373 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:56,374 INFO L74 IsIncluded]: Start isIncluded. First operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) Second operand 418 states. [2022-02-20 17:55:56,375 INFO L87 Difference]: Start difference. First operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) Second operand 418 states. [2022-02-20 17:55:56,392 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:56,392 INFO L93 Difference]: Finished difference Result 418 states and 630 transitions. [2022-02-20 17:55:56,392 INFO L276 IsEmpty]: Start isEmpty. Operand 418 states and 630 transitions. [2022-02-20 17:55:56,393 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:56,393 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:56,393 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:56,394 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:56,395 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 418 states, 324 states have (on average 1.5462962962962963) internal successors, (501), 328 states have internal predecessors, (501), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:55:56,412 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 418 states to 418 states and 630 transitions. [2022-02-20 17:55:56,414 INFO L78 Accepts]: Start accepts. Automaton has 418 states and 630 transitions. Word has length 110 [2022-02-20 17:55:56,414 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:56,414 INFO L470 AbstractCegarLoop]: Abstraction has 418 states and 630 transitions. [2022-02-20 17:55:56,415 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 32.0) internal successors, (64), 2 states have internal predecessors, (64), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:56,415 INFO L276 IsEmpty]: Start isEmpty. Operand 418 states and 630 transitions. [2022-02-20 17:55:56,416 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 112 [2022-02-20 17:55:56,416 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:56,417 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:56,436 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 17:55:56,631 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:55:56,631 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:56,632 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:56,632 INFO L85 PathProgramCache]: Analyzing trace with hash 1988702151, now seen corresponding path program 1 times [2022-02-20 17:55:56,632 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:56,632 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [723642332] [2022-02-20 17:55:56,632 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:56,632 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:56,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,717 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:56,718 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {3187#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,721 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,721 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,721 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3127#true} #1278#return; {3127#true} is VALID [2022-02-20 17:55:56,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:56,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {3188#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,736 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,736 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,736 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3127#true} #1280#return; {3127#true} is VALID [2022-02-20 17:55:56,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:56,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,755 INFO L290 TraceCheckUtils]: 0: Hoare triple {3187#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3189#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:56,756 INFO L290 TraceCheckUtils]: 1: Hoare triple {3189#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3190#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:56,756 INFO L290 TraceCheckUtils]: 2: Hoare triple {3190#(= |setClientId_#in~handle| 1)} assume true; {3190#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:56,757 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3190#(= |setClientId_#in~handle| 1)} {3137#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1282#return; {3128#false} is VALID [2022-02-20 17:55:56,757 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:56,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,771 INFO L290 TraceCheckUtils]: 0: Hoare triple {3188#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,771 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,771 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,771 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1284#return; {3128#false} is VALID [2022-02-20 17:55:56,772 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:56,774 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,781 INFO L290 TraceCheckUtils]: 0: Hoare triple {3187#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,781 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,781 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,781 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1286#return; {3128#false} is VALID [2022-02-20 17:55:56,781 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:56,783 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,786 INFO L290 TraceCheckUtils]: 0: Hoare triple {3188#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,787 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,787 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,787 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1288#return; {3128#false} is VALID [2022-02-20 17:55:56,794 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:55:56,795 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,799 INFO L290 TraceCheckUtils]: 0: Hoare triple {3191#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,799 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,801 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1220#return; {3128#false} is VALID [2022-02-20 17:55:56,808 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:55:56,809 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,812 INFO L290 TraceCheckUtils]: 0: Hoare triple {3192#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,812 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,812 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,812 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1222#return; {3128#false} is VALID [2022-02-20 17:55:56,813 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:55:56,813 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,816 INFO L290 TraceCheckUtils]: 0: Hoare triple {3127#true} ~handle := #in~handle;havoc ~retValue_acc~31; {3127#true} is VALID [2022-02-20 17:55:56,816 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {3127#true} is VALID [2022-02-20 17:55:56,817 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,817 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1200#return; {3128#false} is VALID [2022-02-20 17:55:56,818 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:55:56,819 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,822 INFO L290 TraceCheckUtils]: 0: Hoare triple {3127#true} ~handle := #in~handle;havoc ~retValue_acc~25; {3127#true} is VALID [2022-02-20 17:55:56,822 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {3127#true} is VALID [2022-02-20 17:55:56,822 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,822 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1202#return; {3128#false} is VALID [2022-02-20 17:55:56,823 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:55:56,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,826 INFO L290 TraceCheckUtils]: 0: Hoare triple {3127#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3127#true} is VALID [2022-02-20 17:55:56,826 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {3127#true} is VALID [2022-02-20 17:55:56,826 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,827 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1234#return; {3128#false} is VALID [2022-02-20 17:55:56,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:55:56,828 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,831 INFO L290 TraceCheckUtils]: 0: Hoare triple {3127#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {3127#true} is VALID [2022-02-20 17:55:56,831 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle; {3127#true} is VALID [2022-02-20 17:55:56,831 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {3127#true} is VALID [2022-02-20 17:55:56,831 INFO L290 TraceCheckUtils]: 3: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,832 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3127#true} {3128#false} #1236#return; {3128#false} is VALID [2022-02-20 17:55:56,832 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:55:56,833 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {3191#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,835 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,835 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,840 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1242#return; {3128#false} is VALID [2022-02-20 17:55:56,840 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:55:56,841 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:56,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {3127#true} ~handle := #in~handle;havoc ~retValue_acc~13; {3127#true} is VALID [2022-02-20 17:55:56,847 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {3127#true} is VALID [2022-02-20 17:55:56,847 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,847 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3127#true} {3128#false} #1246#return; {3128#false} is VALID [2022-02-20 17:55:56,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {3127#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {3127#true} is VALID [2022-02-20 17:55:56,848 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {3127#true} is VALID [2022-02-20 17:55:56,848 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3127#true} is VALID [2022-02-20 17:55:56,848 INFO L290 TraceCheckUtils]: 3: Hoare triple {3127#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {3127#true} is VALID [2022-02-20 17:55:56,848 INFO L290 TraceCheckUtils]: 4: Hoare triple {3127#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {3127#true} is VALID [2022-02-20 17:55:56,848 INFO L290 TraceCheckUtils]: 5: Hoare triple {3127#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3127#true} is VALID [2022-02-20 17:55:56,849 INFO L272 TraceCheckUtils]: 6: Hoare triple {3127#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3187#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:56,849 INFO L290 TraceCheckUtils]: 7: Hoare triple {3187#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,849 INFO L290 TraceCheckUtils]: 8: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,850 INFO L290 TraceCheckUtils]: 9: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,850 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3127#true} {3127#true} #1278#return; {3127#true} is VALID [2022-02-20 17:55:56,850 INFO L290 TraceCheckUtils]: 11: Hoare triple {3127#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3127#true} is VALID [2022-02-20 17:55:56,852 INFO L272 TraceCheckUtils]: 12: Hoare triple {3127#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3188#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:56,853 INFO L290 TraceCheckUtils]: 13: Hoare triple {3188#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,853 INFO L290 TraceCheckUtils]: 14: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,854 INFO L290 TraceCheckUtils]: 15: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,854 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3127#true} {3127#true} #1280#return; {3127#true} is VALID [2022-02-20 17:55:56,854 INFO L290 TraceCheckUtils]: 17: Hoare triple {3127#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3137#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:56,855 INFO L272 TraceCheckUtils]: 18: Hoare triple {3137#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3187#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:56,855 INFO L290 TraceCheckUtils]: 19: Hoare triple {3187#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3189#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:56,856 INFO L290 TraceCheckUtils]: 20: Hoare triple {3189#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3190#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:56,856 INFO L290 TraceCheckUtils]: 21: Hoare triple {3190#(= |setClientId_#in~handle| 1)} assume true; {3190#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:56,856 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3190#(= |setClientId_#in~handle| 1)} {3137#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1282#return; {3128#false} is VALID [2022-02-20 17:55:56,857 INFO L290 TraceCheckUtils]: 23: Hoare triple {3128#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3128#false} is VALID [2022-02-20 17:55:56,857 INFO L272 TraceCheckUtils]: 24: Hoare triple {3128#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3188#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:56,857 INFO L290 TraceCheckUtils]: 25: Hoare triple {3188#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,857 INFO L290 TraceCheckUtils]: 26: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,857 INFO L290 TraceCheckUtils]: 27: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,857 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3127#true} {3128#false} #1284#return; {3128#false} is VALID [2022-02-20 17:55:56,858 INFO L290 TraceCheckUtils]: 29: Hoare triple {3128#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3128#false} is VALID [2022-02-20 17:55:56,858 INFO L272 TraceCheckUtils]: 30: Hoare triple {3128#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3187#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:56,858 INFO L290 TraceCheckUtils]: 31: Hoare triple {3187#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,858 INFO L290 TraceCheckUtils]: 32: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,858 INFO L290 TraceCheckUtils]: 33: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,858 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3127#true} {3128#false} #1286#return; {3128#false} is VALID [2022-02-20 17:55:56,858 INFO L290 TraceCheckUtils]: 35: Hoare triple {3128#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3128#false} is VALID [2022-02-20 17:55:56,859 INFO L272 TraceCheckUtils]: 36: Hoare triple {3128#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3188#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:56,859 INFO L290 TraceCheckUtils]: 37: Hoare triple {3188#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,859 INFO L290 TraceCheckUtils]: 38: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,859 INFO L290 TraceCheckUtils]: 39: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,859 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3127#true} {3128#false} #1288#return; {3128#false} is VALID [2022-02-20 17:55:56,859 INFO L290 TraceCheckUtils]: 41: Hoare triple {3128#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {3128#false} is VALID [2022-02-20 17:55:56,860 INFO L290 TraceCheckUtils]: 42: Hoare triple {3128#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3128#false} is VALID [2022-02-20 17:55:56,860 INFO L290 TraceCheckUtils]: 43: Hoare triple {3128#false} assume !false; {3128#false} is VALID [2022-02-20 17:55:56,860 INFO L290 TraceCheckUtils]: 44: Hoare triple {3128#false} assume !(test_~splverifierCounter~0#1 < 4); {3128#false} is VALID [2022-02-20 17:55:56,860 INFO L290 TraceCheckUtils]: 45: Hoare triple {3128#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {3128#false} is VALID [2022-02-20 17:55:56,860 INFO L272 TraceCheckUtils]: 46: Hoare triple {3128#false} call sendEmail(~bob~0, ~rjh~0); {3128#false} is VALID [2022-02-20 17:55:56,860 INFO L290 TraceCheckUtils]: 47: Hoare triple {3128#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3128#false} is VALID [2022-02-20 17:55:56,860 INFO L272 TraceCheckUtils]: 48: Hoare triple {3128#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3191#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:56,861 INFO L290 TraceCheckUtils]: 49: Hoare triple {3191#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,861 INFO L290 TraceCheckUtils]: 50: Hoare triple {3127#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,861 INFO L290 TraceCheckUtils]: 51: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,861 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3127#true} {3128#false} #1220#return; {3128#false} is VALID [2022-02-20 17:55:56,861 INFO L272 TraceCheckUtils]: 53: Hoare triple {3128#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3192#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:56,861 INFO L290 TraceCheckUtils]: 54: Hoare triple {3192#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,862 INFO L290 TraceCheckUtils]: 55: Hoare triple {3127#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,862 INFO L290 TraceCheckUtils]: 56: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,862 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3127#true} {3128#false} #1222#return; {3128#false} is VALID [2022-02-20 17:55:56,862 INFO L290 TraceCheckUtils]: 58: Hoare triple {3128#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {3128#false} is VALID [2022-02-20 17:55:56,862 INFO L290 TraceCheckUtils]: 59: Hoare triple {3128#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {3128#false} is VALID [2022-02-20 17:55:56,862 INFO L272 TraceCheckUtils]: 60: Hoare triple {3128#false} call outgoing(~sender#1, ~email~0#1); {3128#false} is VALID [2022-02-20 17:55:56,862 INFO L290 TraceCheckUtils]: 61: Hoare triple {3128#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {3128#false} is VALID [2022-02-20 17:55:56,863 INFO L272 TraceCheckUtils]: 62: Hoare triple {3128#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {3127#true} is VALID [2022-02-20 17:55:56,863 INFO L290 TraceCheckUtils]: 63: Hoare triple {3127#true} ~handle := #in~handle;havoc ~retValue_acc~31; {3127#true} is VALID [2022-02-20 17:55:56,863 INFO L290 TraceCheckUtils]: 64: Hoare triple {3127#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {3127#true} is VALID [2022-02-20 17:55:56,863 INFO L290 TraceCheckUtils]: 65: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,863 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3127#true} {3128#false} #1200#return; {3128#false} is VALID [2022-02-20 17:55:56,863 INFO L290 TraceCheckUtils]: 67: Hoare triple {3128#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {3128#false} is VALID [2022-02-20 17:55:56,864 INFO L290 TraceCheckUtils]: 68: Hoare triple {3128#false} assume 0 == sign_~privkey~1#1; {3128#false} is VALID [2022-02-20 17:55:56,864 INFO L290 TraceCheckUtils]: 69: Hoare triple {3128#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {3128#false} is VALID [2022-02-20 17:55:56,864 INFO L272 TraceCheckUtils]: 70: Hoare triple {3128#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3127#true} is VALID [2022-02-20 17:55:56,864 INFO L290 TraceCheckUtils]: 71: Hoare triple {3127#true} ~handle := #in~handle;havoc ~retValue_acc~25; {3127#true} is VALID [2022-02-20 17:55:56,864 INFO L290 TraceCheckUtils]: 72: Hoare triple {3127#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {3127#true} is VALID [2022-02-20 17:55:56,864 INFO L290 TraceCheckUtils]: 73: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,864 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3127#true} {3128#false} #1202#return; {3128#false} is VALID [2022-02-20 17:55:56,865 INFO L290 TraceCheckUtils]: 75: Hoare triple {3128#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {3128#false} is VALID [2022-02-20 17:55:56,865 INFO L290 TraceCheckUtils]: 76: Hoare triple {3128#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {3128#false} is VALID [2022-02-20 17:55:56,865 INFO L272 TraceCheckUtils]: 77: Hoare triple {3128#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3128#false} is VALID [2022-02-20 17:55:56,865 INFO L290 TraceCheckUtils]: 78: Hoare triple {3128#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {3128#false} is VALID [2022-02-20 17:55:56,865 INFO L272 TraceCheckUtils]: 79: Hoare triple {3128#false} call #t~ret19#1 := getEmailTo(~msg#1); {3127#true} is VALID [2022-02-20 17:55:56,865 INFO L290 TraceCheckUtils]: 80: Hoare triple {3127#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3127#true} is VALID [2022-02-20 17:55:56,865 INFO L290 TraceCheckUtils]: 81: Hoare triple {3127#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {3127#true} is VALID [2022-02-20 17:55:56,866 INFO L290 TraceCheckUtils]: 82: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,866 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {3127#true} {3128#false} #1234#return; {3128#false} is VALID [2022-02-20 17:55:56,866 INFO L290 TraceCheckUtils]: 84: Hoare triple {3128#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {3128#false} is VALID [2022-02-20 17:55:56,866 INFO L272 TraceCheckUtils]: 85: Hoare triple {3128#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {3127#true} is VALID [2022-02-20 17:55:56,866 INFO L290 TraceCheckUtils]: 86: Hoare triple {3127#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {3127#true} is VALID [2022-02-20 17:55:56,866 INFO L290 TraceCheckUtils]: 87: Hoare triple {3127#true} assume 1 == ~handle; {3127#true} is VALID [2022-02-20 17:55:56,866 INFO L290 TraceCheckUtils]: 88: Hoare triple {3127#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {3127#true} is VALID [2022-02-20 17:55:56,867 INFO L290 TraceCheckUtils]: 89: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,867 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {3127#true} {3128#false} #1236#return; {3128#false} is VALID [2022-02-20 17:55:56,867 INFO L290 TraceCheckUtils]: 91: Hoare triple {3128#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {3128#false} is VALID [2022-02-20 17:55:56,867 INFO L290 TraceCheckUtils]: 92: Hoare triple {3128#false} assume !(0 != ~pubkey~0#1); {3128#false} is VALID [2022-02-20 17:55:56,867 INFO L290 TraceCheckUtils]: 93: Hoare triple {3128#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {3128#false} is VALID [2022-02-20 17:55:56,867 INFO L290 TraceCheckUtils]: 94: Hoare triple {3128#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {3128#false} is VALID [2022-02-20 17:55:56,868 INFO L290 TraceCheckUtils]: 95: Hoare triple {3128#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {3128#false} is VALID [2022-02-20 17:55:56,868 INFO L272 TraceCheckUtils]: 96: Hoare triple {3128#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {3191#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:56,868 INFO L290 TraceCheckUtils]: 97: Hoare triple {3191#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:56,868 INFO L290 TraceCheckUtils]: 98: Hoare triple {3127#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:56,868 INFO L290 TraceCheckUtils]: 99: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,868 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {3127#true} {3128#false} #1242#return; {3128#false} is VALID [2022-02-20 17:55:56,869 INFO L290 TraceCheckUtils]: 101: Hoare triple {3128#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {3128#false} is VALID [2022-02-20 17:55:56,869 INFO L290 TraceCheckUtils]: 102: Hoare triple {3128#false} assume !(-1 == ~mail_is_sensitive~0); {3128#false} is VALID [2022-02-20 17:55:56,869 INFO L272 TraceCheckUtils]: 103: Hoare triple {3128#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {3127#true} is VALID [2022-02-20 17:55:56,869 INFO L290 TraceCheckUtils]: 104: Hoare triple {3127#true} ~handle := #in~handle;havoc ~retValue_acc~13; {3127#true} is VALID [2022-02-20 17:55:56,869 INFO L290 TraceCheckUtils]: 105: Hoare triple {3127#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {3127#true} is VALID [2022-02-20 17:55:56,869 INFO L290 TraceCheckUtils]: 106: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:56,869 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {3127#true} {3128#false} #1246#return; {3128#false} is VALID [2022-02-20 17:55:56,870 INFO L290 TraceCheckUtils]: 108: Hoare triple {3128#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {3128#false} is VALID [2022-02-20 17:55:56,870 INFO L290 TraceCheckUtils]: 109: Hoare triple {3128#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {3128#false} is VALID [2022-02-20 17:55:56,870 INFO L290 TraceCheckUtils]: 110: Hoare triple {3128#false} assume !false; {3128#false} is VALID [2022-02-20 17:55:56,870 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 17:55:56,871 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:56,871 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [723642332] [2022-02-20 17:55:56,871 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [723642332] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:56,871 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [175097563] [2022-02-20 17:55:56,872 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:56,872 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:56,872 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:56,873 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:56,874 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:55:57,125 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,129 INFO L263 TraceCheckSpWp]: Trace formula consists of 1147 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:55:57,197 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:57,200 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:57,440 INFO L290 TraceCheckUtils]: 0: Hoare triple {3127#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {3127#true} is VALID [2022-02-20 17:55:57,440 INFO L290 TraceCheckUtils]: 1: Hoare triple {3127#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {3127#true} is VALID [2022-02-20 17:55:57,441 INFO L290 TraceCheckUtils]: 2: Hoare triple {3127#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3127#true} is VALID [2022-02-20 17:55:57,441 INFO L290 TraceCheckUtils]: 3: Hoare triple {3127#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {3127#true} is VALID [2022-02-20 17:55:57,441 INFO L290 TraceCheckUtils]: 4: Hoare triple {3127#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {3127#true} is VALID [2022-02-20 17:55:57,441 INFO L290 TraceCheckUtils]: 5: Hoare triple {3127#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3127#true} is VALID [2022-02-20 17:55:57,441 INFO L272 TraceCheckUtils]: 6: Hoare triple {3127#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3127#true} is VALID [2022-02-20 17:55:57,441 INFO L290 TraceCheckUtils]: 7: Hoare triple {3127#true} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:57,442 INFO L290 TraceCheckUtils]: 8: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:57,442 INFO L290 TraceCheckUtils]: 9: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:57,442 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3127#true} {3127#true} #1278#return; {3127#true} is VALID [2022-02-20 17:55:57,442 INFO L290 TraceCheckUtils]: 11: Hoare triple {3127#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3127#true} is VALID [2022-02-20 17:55:57,442 INFO L272 TraceCheckUtils]: 12: Hoare triple {3127#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3127#true} is VALID [2022-02-20 17:55:57,442 INFO L290 TraceCheckUtils]: 13: Hoare triple {3127#true} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:57,443 INFO L290 TraceCheckUtils]: 14: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:57,443 INFO L290 TraceCheckUtils]: 15: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:57,443 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3127#true} {3127#true} #1280#return; {3127#true} is VALID [2022-02-20 17:55:57,443 INFO L290 TraceCheckUtils]: 17: Hoare triple {3127#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3127#true} is VALID [2022-02-20 17:55:57,443 INFO L272 TraceCheckUtils]: 18: Hoare triple {3127#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3127#true} is VALID [2022-02-20 17:55:57,443 INFO L290 TraceCheckUtils]: 19: Hoare triple {3127#true} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:57,443 INFO L290 TraceCheckUtils]: 20: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:57,444 INFO L290 TraceCheckUtils]: 21: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:57,444 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3127#true} {3127#true} #1282#return; {3127#true} is VALID [2022-02-20 17:55:57,444 INFO L290 TraceCheckUtils]: 23: Hoare triple {3127#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3127#true} is VALID [2022-02-20 17:55:57,444 INFO L272 TraceCheckUtils]: 24: Hoare triple {3127#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3127#true} is VALID [2022-02-20 17:55:57,444 INFO L290 TraceCheckUtils]: 25: Hoare triple {3127#true} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:57,444 INFO L290 TraceCheckUtils]: 26: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:57,445 INFO L290 TraceCheckUtils]: 27: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:57,445 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3127#true} {3127#true} #1284#return; {3127#true} is VALID [2022-02-20 17:55:57,445 INFO L290 TraceCheckUtils]: 29: Hoare triple {3127#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3127#true} is VALID [2022-02-20 17:55:57,445 INFO L272 TraceCheckUtils]: 30: Hoare triple {3127#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3127#true} is VALID [2022-02-20 17:55:57,445 INFO L290 TraceCheckUtils]: 31: Hoare triple {3127#true} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:57,445 INFO L290 TraceCheckUtils]: 32: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:57,445 INFO L290 TraceCheckUtils]: 33: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:57,446 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3127#true} {3127#true} #1286#return; {3127#true} is VALID [2022-02-20 17:55:57,446 INFO L290 TraceCheckUtils]: 35: Hoare triple {3127#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3127#true} is VALID [2022-02-20 17:55:57,446 INFO L272 TraceCheckUtils]: 36: Hoare triple {3127#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3127#true} is VALID [2022-02-20 17:55:57,446 INFO L290 TraceCheckUtils]: 37: Hoare triple {3127#true} ~handle := #in~handle;~value := #in~value; {3127#true} is VALID [2022-02-20 17:55:57,446 INFO L290 TraceCheckUtils]: 38: Hoare triple {3127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3127#true} is VALID [2022-02-20 17:55:57,446 INFO L290 TraceCheckUtils]: 39: Hoare triple {3127#true} assume true; {3127#true} is VALID [2022-02-20 17:55:57,447 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3127#true} {3127#true} #1288#return; {3127#true} is VALID [2022-02-20 17:55:57,447 INFO L290 TraceCheckUtils]: 41: Hoare triple {3127#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {3127#true} is VALID [2022-02-20 17:55:57,447 INFO L290 TraceCheckUtils]: 42: Hoare triple {3127#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3322#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:57,448 INFO L290 TraceCheckUtils]: 43: Hoare triple {3322#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3322#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:55:57,448 INFO L290 TraceCheckUtils]: 44: Hoare triple {3322#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {3128#false} is VALID [2022-02-20 17:55:57,448 INFO L290 TraceCheckUtils]: 45: Hoare triple {3128#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {3128#false} is VALID [2022-02-20 17:55:57,448 INFO L272 TraceCheckUtils]: 46: Hoare triple {3128#false} call sendEmail(~bob~0, ~rjh~0); {3128#false} is VALID [2022-02-20 17:55:57,449 INFO L290 TraceCheckUtils]: 47: Hoare triple {3128#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3128#false} is VALID [2022-02-20 17:55:57,449 INFO L272 TraceCheckUtils]: 48: Hoare triple {3128#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3128#false} is VALID [2022-02-20 17:55:57,449 INFO L290 TraceCheckUtils]: 49: Hoare triple {3128#false} ~handle := #in~handle;~value := #in~value; {3128#false} is VALID [2022-02-20 17:55:57,449 INFO L290 TraceCheckUtils]: 50: Hoare triple {3128#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3128#false} is VALID [2022-02-20 17:55:57,449 INFO L290 TraceCheckUtils]: 51: Hoare triple {3128#false} assume true; {3128#false} is VALID [2022-02-20 17:55:57,449 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3128#false} {3128#false} #1220#return; {3128#false} is VALID [2022-02-20 17:55:57,450 INFO L272 TraceCheckUtils]: 53: Hoare triple {3128#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3128#false} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 54: Hoare triple {3128#false} ~handle := #in~handle;~value := #in~value; {3128#false} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 55: Hoare triple {3128#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3128#false} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 56: Hoare triple {3128#false} assume true; {3128#false} is VALID [2022-02-20 17:55:57,450 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3128#false} {3128#false} #1222#return; {3128#false} is VALID [2022-02-20 17:55:57,450 INFO L290 TraceCheckUtils]: 58: Hoare triple {3128#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {3128#false} is VALID [2022-02-20 17:55:57,451 INFO L290 TraceCheckUtils]: 59: Hoare triple {3128#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {3128#false} is VALID [2022-02-20 17:55:57,451 INFO L272 TraceCheckUtils]: 60: Hoare triple {3128#false} call outgoing(~sender#1, ~email~0#1); {3128#false} is VALID [2022-02-20 17:55:57,451 INFO L290 TraceCheckUtils]: 61: Hoare triple {3128#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {3128#false} is VALID [2022-02-20 17:55:57,451 INFO L272 TraceCheckUtils]: 62: Hoare triple {3128#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {3128#false} is VALID [2022-02-20 17:55:57,451 INFO L290 TraceCheckUtils]: 63: Hoare triple {3128#false} ~handle := #in~handle;havoc ~retValue_acc~31; {3128#false} is VALID [2022-02-20 17:55:57,451 INFO L290 TraceCheckUtils]: 64: Hoare triple {3128#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {3128#false} is VALID [2022-02-20 17:55:57,451 INFO L290 TraceCheckUtils]: 65: Hoare triple {3128#false} assume true; {3128#false} is VALID [2022-02-20 17:55:57,452 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3128#false} {3128#false} #1200#return; {3128#false} is VALID [2022-02-20 17:55:57,452 INFO L290 TraceCheckUtils]: 67: Hoare triple {3128#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {3128#false} is VALID [2022-02-20 17:55:57,452 INFO L290 TraceCheckUtils]: 68: Hoare triple {3128#false} assume 0 == sign_~privkey~1#1; {3128#false} is VALID [2022-02-20 17:55:57,452 INFO L290 TraceCheckUtils]: 69: Hoare triple {3128#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {3128#false} is VALID [2022-02-20 17:55:57,452 INFO L272 TraceCheckUtils]: 70: Hoare triple {3128#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3128#false} is VALID [2022-02-20 17:55:57,452 INFO L290 TraceCheckUtils]: 71: Hoare triple {3128#false} ~handle := #in~handle;havoc ~retValue_acc~25; {3128#false} is VALID [2022-02-20 17:55:57,453 INFO L290 TraceCheckUtils]: 72: Hoare triple {3128#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {3128#false} is VALID [2022-02-20 17:55:57,453 INFO L290 TraceCheckUtils]: 73: Hoare triple {3128#false} assume true; {3128#false} is VALID [2022-02-20 17:55:57,453 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3128#false} {3128#false} #1202#return; {3128#false} is VALID [2022-02-20 17:55:57,453 INFO L290 TraceCheckUtils]: 75: Hoare triple {3128#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {3128#false} is VALID [2022-02-20 17:55:57,453 INFO L290 TraceCheckUtils]: 76: Hoare triple {3128#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {3128#false} is VALID [2022-02-20 17:55:57,453 INFO L272 TraceCheckUtils]: 77: Hoare triple {3128#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3128#false} is VALID [2022-02-20 17:55:57,454 INFO L290 TraceCheckUtils]: 78: Hoare triple {3128#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {3128#false} is VALID [2022-02-20 17:55:57,454 INFO L272 TraceCheckUtils]: 79: Hoare triple {3128#false} call #t~ret19#1 := getEmailTo(~msg#1); {3128#false} is VALID [2022-02-20 17:55:57,454 INFO L290 TraceCheckUtils]: 80: Hoare triple {3128#false} ~handle := #in~handle;havoc ~retValue_acc~10; {3128#false} is VALID [2022-02-20 17:55:57,454 INFO L290 TraceCheckUtils]: 81: Hoare triple {3128#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {3128#false} is VALID [2022-02-20 17:55:57,454 INFO L290 TraceCheckUtils]: 82: Hoare triple {3128#false} assume true; {3128#false} is VALID [2022-02-20 17:55:57,454 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {3128#false} {3128#false} #1234#return; {3128#false} is VALID [2022-02-20 17:55:57,454 INFO L290 TraceCheckUtils]: 84: Hoare triple {3128#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {3128#false} is VALID [2022-02-20 17:55:57,455 INFO L272 TraceCheckUtils]: 85: Hoare triple {3128#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {3128#false} is VALID [2022-02-20 17:55:57,455 INFO L290 TraceCheckUtils]: 86: Hoare triple {3128#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {3128#false} is VALID [2022-02-20 17:55:57,455 INFO L290 TraceCheckUtils]: 87: Hoare triple {3128#false} assume 1 == ~handle; {3128#false} is VALID [2022-02-20 17:55:57,455 INFO L290 TraceCheckUtils]: 88: Hoare triple {3128#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {3128#false} is VALID [2022-02-20 17:55:57,455 INFO L290 TraceCheckUtils]: 89: Hoare triple {3128#false} assume true; {3128#false} is VALID [2022-02-20 17:55:57,455 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {3128#false} {3128#false} #1236#return; {3128#false} is VALID [2022-02-20 17:55:57,455 INFO L290 TraceCheckUtils]: 91: Hoare triple {3128#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {3128#false} is VALID [2022-02-20 17:55:57,456 INFO L290 TraceCheckUtils]: 92: Hoare triple {3128#false} assume !(0 != ~pubkey~0#1); {3128#false} is VALID [2022-02-20 17:55:57,456 INFO L290 TraceCheckUtils]: 93: Hoare triple {3128#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {3128#false} is VALID [2022-02-20 17:55:57,456 INFO L290 TraceCheckUtils]: 94: Hoare triple {3128#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {3128#false} is VALID [2022-02-20 17:55:57,456 INFO L290 TraceCheckUtils]: 95: Hoare triple {3128#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {3128#false} is VALID [2022-02-20 17:55:57,456 INFO L272 TraceCheckUtils]: 96: Hoare triple {3128#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {3128#false} is VALID [2022-02-20 17:55:57,456 INFO L290 TraceCheckUtils]: 97: Hoare triple {3128#false} ~handle := #in~handle;~value := #in~value; {3128#false} is VALID [2022-02-20 17:55:57,456 INFO L290 TraceCheckUtils]: 98: Hoare triple {3128#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3128#false} is VALID [2022-02-20 17:55:57,457 INFO L290 TraceCheckUtils]: 99: Hoare triple {3128#false} assume true; {3128#false} is VALID [2022-02-20 17:55:57,457 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {3128#false} {3128#false} #1242#return; {3128#false} is VALID [2022-02-20 17:55:57,457 INFO L290 TraceCheckUtils]: 101: Hoare triple {3128#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {3128#false} is VALID [2022-02-20 17:55:57,457 INFO L290 TraceCheckUtils]: 102: Hoare triple {3128#false} assume !(-1 == ~mail_is_sensitive~0); {3128#false} is VALID [2022-02-20 17:55:57,457 INFO L272 TraceCheckUtils]: 103: Hoare triple {3128#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {3128#false} is VALID [2022-02-20 17:55:57,457 INFO L290 TraceCheckUtils]: 104: Hoare triple {3128#false} ~handle := #in~handle;havoc ~retValue_acc~13; {3128#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 105: Hoare triple {3128#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {3128#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 106: Hoare triple {3128#false} assume true; {3128#false} is VALID [2022-02-20 17:55:57,458 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {3128#false} {3128#false} #1246#return; {3128#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 108: Hoare triple {3128#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {3128#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 109: Hoare triple {3128#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {3128#false} is VALID [2022-02-20 17:55:57,458 INFO L290 TraceCheckUtils]: 110: Hoare triple {3128#false} assume !false; {3128#false} is VALID [2022-02-20 17:55:57,459 INFO L134 CoverageAnalysis]: Checked inductivity of 28 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:57,459 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:57,459 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [175097563] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:57,459 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:57,459 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:55:57,459 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1276982115] [2022-02-20 17:55:57,460 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:57,461 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 111 [2022-02-20 17:55:57,461 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:57,461 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:57,528 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 96 edges. 96 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:57,529 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:57,529 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:57,529 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:57,530 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:57,530 INFO L87 Difference]: Start difference. First operand 418 states and 630 transitions. Second operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:58,038 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:58,039 INFO L93 Difference]: Finished difference Result 647 states and 952 transitions. [2022-02-20 17:55:58,039 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:55:58,040 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 111 [2022-02-20 17:55:58,040 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:55:58,041 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:58,055 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 952 transitions. [2022-02-20 17:55:58,055 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:58,067 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 952 transitions. [2022-02-20 17:55:58,068 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 952 transitions. [2022-02-20 17:55:58,697 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 952 edges. 952 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:58,710 INFO L225 Difference]: With dead ends: 647 [2022-02-20 17:55:58,710 INFO L226 Difference]: Without dead ends: 421 [2022-02-20 17:55:58,711 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 142 GetRequests, 134 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:58,712 INFO L933 BasicCegarLoop]: 628 mSDtfsCounter, 1 mSDsluCounter, 626 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1254 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:55:58,713 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1254 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:55:58,714 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 421 states. [2022-02-20 17:55:58,725 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 421 to 420. [2022-02-20 17:55:58,725 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:55:58,726 INFO L82 GeneralOperation]: Start isEquivalent. First operand 421 states. Second operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:55:58,727 INFO L74 IsIncluded]: Start isIncluded. First operand 421 states. Second operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:55:58,728 INFO L87 Difference]: Start difference. First operand 421 states. Second operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:55:58,754 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:58,755 INFO L93 Difference]: Finished difference Result 421 states and 633 transitions. [2022-02-20 17:55:58,755 INFO L276 IsEmpty]: Start isEmpty. Operand 421 states and 633 transitions. [2022-02-20 17:55:58,757 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:58,758 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:58,759 INFO L74 IsIncluded]: Start isIncluded. First operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) Second operand 421 states. [2022-02-20 17:55:58,760 INFO L87 Difference]: Start difference. First operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) Second operand 421 states. [2022-02-20 17:55:58,783 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:55:58,784 INFO L93 Difference]: Finished difference Result 421 states and 633 transitions. [2022-02-20 17:55:58,784 INFO L276 IsEmpty]: Start isEmpty. Operand 421 states and 633 transitions. [2022-02-20 17:55:58,785 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:55:58,785 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:55:58,785 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:55:58,785 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:55:58,786 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 420 states, 326 states have (on average 1.5429447852760736) internal successors, (503), 330 states have internal predecessors, (503), 65 states have call successors, (65), 28 states have call predecessors, (65), 28 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:55:58,805 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 420 states to 420 states and 632 transitions. [2022-02-20 17:55:58,805 INFO L78 Accepts]: Start accepts. Automaton has 420 states and 632 transitions. Word has length 111 [2022-02-20 17:55:58,806 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:55:58,806 INFO L470 AbstractCegarLoop]: Abstraction has 420 states and 632 transitions. [2022-02-20 17:55:58,806 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.666666666666668) internal successors, (65), 3 states have internal predecessors, (65), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:58,806 INFO L276 IsEmpty]: Start isEmpty. Operand 420 states and 632 transitions. [2022-02-20 17:55:58,807 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 121 [2022-02-20 17:55:58,807 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:55:58,808 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:55:58,840 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:55:59,021 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:55:59,022 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:55:59,022 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:55:59,023 INFO L85 PathProgramCache]: Analyzing trace with hash 1245902075, now seen corresponding path program 1 times [2022-02-20 17:55:59,023 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:55:59,023 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1590814077] [2022-02-20 17:55:59,023 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:59,023 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:55:59,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:55:59,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,105 INFO L290 TraceCheckUtils]: 0: Hoare triple {5883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,106 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,106 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,106 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5823#true} #1278#return; {5823#true} is VALID [2022-02-20 17:55:59,111 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:55:59,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,115 INFO L290 TraceCheckUtils]: 0: Hoare triple {5884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,115 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,115 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5823#true} #1280#return; {5823#true} is VALID [2022-02-20 17:55:59,116 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:55:59,122 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,137 INFO L290 TraceCheckUtils]: 0: Hoare triple {5883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5885#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,137 INFO L290 TraceCheckUtils]: 1: Hoare triple {5885#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5886#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:59,137 INFO L290 TraceCheckUtils]: 2: Hoare triple {5886#(= |setClientId_#in~handle| 1)} assume true; {5886#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:59,138 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5886#(= |setClientId_#in~handle| 1)} {5833#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1282#return; {5824#false} is VALID [2022-02-20 17:55:59,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:55:59,142 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,145 INFO L290 TraceCheckUtils]: 0: Hoare triple {5884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,145 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,145 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,145 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1284#return; {5824#false} is VALID [2022-02-20 17:55:59,146 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:55:59,147 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,149 INFO L290 TraceCheckUtils]: 0: Hoare triple {5883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,150 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,150 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1286#return; {5824#false} is VALID [2022-02-20 17:55:59,150 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:55:59,151 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,157 INFO L290 TraceCheckUtils]: 0: Hoare triple {5884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,158 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1288#return; {5824#false} is VALID [2022-02-20 17:55:59,164 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:55:59,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,167 INFO L290 TraceCheckUtils]: 0: Hoare triple {5887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,167 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,167 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,167 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1220#return; {5824#false} is VALID [2022-02-20 17:55:59,173 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:55:59,174 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,175 INFO L290 TraceCheckUtils]: 0: Hoare triple {5888#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,175 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,175 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,176 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1222#return; {5824#false} is VALID [2022-02-20 17:55:59,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:55:59,176 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,178 INFO L290 TraceCheckUtils]: 0: Hoare triple {5823#true} ~handle := #in~handle;havoc ~retValue_acc~31; {5823#true} is VALID [2022-02-20 17:55:59,178 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {5823#true} is VALID [2022-02-20 17:55:59,178 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,178 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1200#return; {5824#false} is VALID [2022-02-20 17:55:59,178 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:55:59,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {5823#true} ~handle := #in~handle;havoc ~retValue_acc~25; {5823#true} is VALID [2022-02-20 17:55:59,180 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {5823#true} is VALID [2022-02-20 17:55:59,180 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,180 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1202#return; {5824#false} is VALID [2022-02-20 17:55:59,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:55:59,181 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,183 INFO L290 TraceCheckUtils]: 0: Hoare triple {5823#true} ~handle := #in~handle;havoc ~retValue_acc~10; {5823#true} is VALID [2022-02-20 17:55:59,183 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {5823#true} is VALID [2022-02-20 17:55:59,183 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,183 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1234#return; {5824#false} is VALID [2022-02-20 17:55:59,183 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:55:59,184 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,185 INFO L290 TraceCheckUtils]: 0: Hoare triple {5823#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {5823#true} is VALID [2022-02-20 17:55:59,185 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle; {5823#true} is VALID [2022-02-20 17:55:59,185 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {5823#true} is VALID [2022-02-20 17:55:59,185 INFO L290 TraceCheckUtils]: 3: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,186 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5823#true} {5824#false} #1236#return; {5824#false} is VALID [2022-02-20 17:55:59,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:55:59,186 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,188 INFO L290 TraceCheckUtils]: 0: Hoare triple {5887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,188 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,188 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,188 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1242#return; {5824#false} is VALID [2022-02-20 17:55:59,188 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:55:59,189 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,200 INFO L290 TraceCheckUtils]: 0: Hoare triple {5823#true} ~handle := #in~handle;havoc ~retValue_acc~13; {5823#true} is VALID [2022-02-20 17:55:59,200 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {5823#true} is VALID [2022-02-20 17:55:59,200 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,200 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5823#true} {5824#false} #1246#return; {5824#false} is VALID [2022-02-20 17:55:59,200 INFO L290 TraceCheckUtils]: 0: Hoare triple {5823#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {5823#true} is VALID [2022-02-20 17:55:59,200 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {5823#true} is VALID [2022-02-20 17:55:59,201 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5823#true} is VALID [2022-02-20 17:55:59,201 INFO L290 TraceCheckUtils]: 3: Hoare triple {5823#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {5823#true} is VALID [2022-02-20 17:55:59,201 INFO L290 TraceCheckUtils]: 4: Hoare triple {5823#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {5823#true} is VALID [2022-02-20 17:55:59,201 INFO L290 TraceCheckUtils]: 5: Hoare triple {5823#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5823#true} is VALID [2022-02-20 17:55:59,201 INFO L272 TraceCheckUtils]: 6: Hoare triple {5823#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:59,201 INFO L290 TraceCheckUtils]: 7: Hoare triple {5883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,202 INFO L290 TraceCheckUtils]: 8: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,202 INFO L290 TraceCheckUtils]: 9: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,202 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5823#true} {5823#true} #1278#return; {5823#true} is VALID [2022-02-20 17:55:59,202 INFO L290 TraceCheckUtils]: 11: Hoare triple {5823#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5823#true} is VALID [2022-02-20 17:55:59,202 INFO L272 TraceCheckUtils]: 12: Hoare triple {5823#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:59,202 INFO L290 TraceCheckUtils]: 13: Hoare triple {5884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,202 INFO L290 TraceCheckUtils]: 14: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,203 INFO L290 TraceCheckUtils]: 15: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,203 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5823#true} {5823#true} #1280#return; {5823#true} is VALID [2022-02-20 17:55:59,203 INFO L290 TraceCheckUtils]: 17: Hoare triple {5823#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5833#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:55:59,204 INFO L272 TraceCheckUtils]: 18: Hoare triple {5833#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:59,204 INFO L290 TraceCheckUtils]: 19: Hoare triple {5883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5885#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:55:59,204 INFO L290 TraceCheckUtils]: 20: Hoare triple {5885#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5886#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:59,205 INFO L290 TraceCheckUtils]: 21: Hoare triple {5886#(= |setClientId_#in~handle| 1)} assume true; {5886#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:55:59,205 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5886#(= |setClientId_#in~handle| 1)} {5833#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1282#return; {5824#false} is VALID [2022-02-20 17:55:59,205 INFO L290 TraceCheckUtils]: 23: Hoare triple {5824#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5824#false} is VALID [2022-02-20 17:55:59,205 INFO L272 TraceCheckUtils]: 24: Hoare triple {5824#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:59,205 INFO L290 TraceCheckUtils]: 25: Hoare triple {5884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,205 INFO L290 TraceCheckUtils]: 26: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,205 INFO L290 TraceCheckUtils]: 27: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,205 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5823#true} {5824#false} #1284#return; {5824#false} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 29: Hoare triple {5824#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5824#false} is VALID [2022-02-20 17:55:59,206 INFO L272 TraceCheckUtils]: 30: Hoare triple {5824#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 31: Hoare triple {5883#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 32: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 33: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,206 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5823#true} {5824#false} #1286#return; {5824#false} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 35: Hoare triple {5824#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5824#false} is VALID [2022-02-20 17:55:59,206 INFO L272 TraceCheckUtils]: 36: Hoare triple {5824#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 37: Hoare triple {5884#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 38: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 39: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,206 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5823#true} {5824#false} #1288#return; {5824#false} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 41: Hoare triple {5824#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {5824#false} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 42: Hoare triple {5824#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5824#false} is VALID [2022-02-20 17:55:59,206 INFO L290 TraceCheckUtils]: 43: Hoare triple {5824#false} assume !false; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 44: Hoare triple {5824#false} assume test_~splverifierCounter~0#1 < 4; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 45: Hoare triple {5824#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 46: Hoare triple {5824#false} assume !(0 == test_~op1~0#1); {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 47: Hoare triple {5824#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 48: Hoare triple {5824#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 49: Hoare triple {5824#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 50: Hoare triple {5824#false} assume { :end_inline_setClientAutoResponse } true; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 51: Hoare triple {5824#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 52: Hoare triple {5824#false} assume !false; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 53: Hoare triple {5824#false} assume !(test_~splverifierCounter~0#1 < 4); {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 54: Hoare triple {5824#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L272 TraceCheckUtils]: 55: Hoare triple {5824#false} call sendEmail(~bob~0, ~rjh~0); {5824#false} is VALID [2022-02-20 17:55:59,207 INFO L290 TraceCheckUtils]: 56: Hoare triple {5824#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5824#false} is VALID [2022-02-20 17:55:59,208 INFO L272 TraceCheckUtils]: 57: Hoare triple {5824#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:59,208 INFO L290 TraceCheckUtils]: 58: Hoare triple {5887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,208 INFO L290 TraceCheckUtils]: 59: Hoare triple {5823#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,208 INFO L290 TraceCheckUtils]: 60: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,208 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5823#true} {5824#false} #1220#return; {5824#false} is VALID [2022-02-20 17:55:59,208 INFO L272 TraceCheckUtils]: 62: Hoare triple {5824#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5888#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:55:59,208 INFO L290 TraceCheckUtils]: 63: Hoare triple {5888#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,208 INFO L290 TraceCheckUtils]: 64: Hoare triple {5823#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,208 INFO L290 TraceCheckUtils]: 65: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,208 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5823#true} {5824#false} #1222#return; {5824#false} is VALID [2022-02-20 17:55:59,208 INFO L290 TraceCheckUtils]: 67: Hoare triple {5824#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {5824#false} is VALID [2022-02-20 17:55:59,208 INFO L290 TraceCheckUtils]: 68: Hoare triple {5824#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {5824#false} is VALID [2022-02-20 17:55:59,208 INFO L272 TraceCheckUtils]: 69: Hoare triple {5824#false} call outgoing(~sender#1, ~email~0#1); {5824#false} is VALID [2022-02-20 17:55:59,208 INFO L290 TraceCheckUtils]: 70: Hoare triple {5824#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {5824#false} is VALID [2022-02-20 17:55:59,209 INFO L272 TraceCheckUtils]: 71: Hoare triple {5824#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {5823#true} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 72: Hoare triple {5823#true} ~handle := #in~handle;havoc ~retValue_acc~31; {5823#true} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 73: Hoare triple {5823#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {5823#true} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 74: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,209 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5823#true} {5824#false} #1200#return; {5824#false} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 76: Hoare triple {5824#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {5824#false} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 77: Hoare triple {5824#false} assume 0 == sign_~privkey~1#1; {5824#false} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 78: Hoare triple {5824#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {5824#false} is VALID [2022-02-20 17:55:59,209 INFO L272 TraceCheckUtils]: 79: Hoare triple {5824#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5823#true} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 80: Hoare triple {5823#true} ~handle := #in~handle;havoc ~retValue_acc~25; {5823#true} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 81: Hoare triple {5823#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {5823#true} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 82: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,209 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5823#true} {5824#false} #1202#return; {5824#false} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 84: Hoare triple {5824#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {5824#false} is VALID [2022-02-20 17:55:59,209 INFO L290 TraceCheckUtils]: 85: Hoare triple {5824#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5824#false} is VALID [2022-02-20 17:55:59,210 INFO L272 TraceCheckUtils]: 86: Hoare triple {5824#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5824#false} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 87: Hoare triple {5824#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {5824#false} is VALID [2022-02-20 17:55:59,210 INFO L272 TraceCheckUtils]: 88: Hoare triple {5824#false} call #t~ret19#1 := getEmailTo(~msg#1); {5823#true} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 89: Hoare triple {5823#true} ~handle := #in~handle;havoc ~retValue_acc~10; {5823#true} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 90: Hoare triple {5823#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {5823#true} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 91: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,210 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {5823#true} {5824#false} #1234#return; {5824#false} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 93: Hoare triple {5824#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {5824#false} is VALID [2022-02-20 17:55:59,210 INFO L272 TraceCheckUtils]: 94: Hoare triple {5824#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {5823#true} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 95: Hoare triple {5823#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {5823#true} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 96: Hoare triple {5823#true} assume 1 == ~handle; {5823#true} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 97: Hoare triple {5823#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {5823#true} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 98: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,210 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {5823#true} {5824#false} #1236#return; {5824#false} is VALID [2022-02-20 17:55:59,210 INFO L290 TraceCheckUtils]: 100: Hoare triple {5824#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {5824#false} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 101: Hoare triple {5824#false} assume !(0 != ~pubkey~0#1); {5824#false} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 102: Hoare triple {5824#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {5824#false} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 103: Hoare triple {5824#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {5824#false} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 104: Hoare triple {5824#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {5824#false} is VALID [2022-02-20 17:55:59,211 INFO L272 TraceCheckUtils]: 105: Hoare triple {5824#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {5887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 106: Hoare triple {5887#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 107: Hoare triple {5823#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 108: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,211 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {5823#true} {5824#false} #1242#return; {5824#false} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 110: Hoare triple {5824#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {5824#false} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 111: Hoare triple {5824#false} assume !(-1 == ~mail_is_sensitive~0); {5824#false} is VALID [2022-02-20 17:55:59,211 INFO L272 TraceCheckUtils]: 112: Hoare triple {5824#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {5823#true} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 113: Hoare triple {5823#true} ~handle := #in~handle;havoc ~retValue_acc~13; {5823#true} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 114: Hoare triple {5823#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {5823#true} is VALID [2022-02-20 17:55:59,211 INFO L290 TraceCheckUtils]: 115: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,212 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {5823#true} {5824#false} #1246#return; {5824#false} is VALID [2022-02-20 17:55:59,212 INFO L290 TraceCheckUtils]: 117: Hoare triple {5824#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {5824#false} is VALID [2022-02-20 17:55:59,212 INFO L290 TraceCheckUtils]: 118: Hoare triple {5824#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {5824#false} is VALID [2022-02-20 17:55:59,212 INFO L290 TraceCheckUtils]: 119: Hoare triple {5824#false} assume !false; {5824#false} is VALID [2022-02-20 17:55:59,212 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:55:59,212 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:55:59,212 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1590814077] [2022-02-20 17:55:59,212 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1590814077] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:55:59,212 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [28560021] [2022-02-20 17:55:59,213 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:55:59,213 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:55:59,213 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:55:59,214 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:55:59,239 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:55:59,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,464 INFO L263 TraceCheckSpWp]: Trace formula consists of 1174 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:55:59,502 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:55:59,504 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:55:59,758 INFO L290 TraceCheckUtils]: 0: Hoare triple {5823#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 1: Hoare triple {5823#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 2: Hoare triple {5823#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 3: Hoare triple {5823#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 4: Hoare triple {5823#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 5: Hoare triple {5823#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L272 TraceCheckUtils]: 6: Hoare triple {5823#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 7: Hoare triple {5823#true} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 8: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 9: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5823#true} {5823#true} #1278#return; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 11: Hoare triple {5823#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L272 TraceCheckUtils]: 12: Hoare triple {5823#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 13: Hoare triple {5823#true} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,759 INFO L290 TraceCheckUtils]: 14: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L290 TraceCheckUtils]: 15: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5823#true} {5823#true} #1280#return; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L290 TraceCheckUtils]: 17: Hoare triple {5823#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L272 TraceCheckUtils]: 18: Hoare triple {5823#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L290 TraceCheckUtils]: 19: Hoare triple {5823#true} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L290 TraceCheckUtils]: 20: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L290 TraceCheckUtils]: 21: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5823#true} {5823#true} #1282#return; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L290 TraceCheckUtils]: 23: Hoare triple {5823#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L272 TraceCheckUtils]: 24: Hoare triple {5823#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L290 TraceCheckUtils]: 25: Hoare triple {5823#true} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L290 TraceCheckUtils]: 26: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L290 TraceCheckUtils]: 27: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,760 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5823#true} {5823#true} #1284#return; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L290 TraceCheckUtils]: 29: Hoare triple {5823#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L272 TraceCheckUtils]: 30: Hoare triple {5823#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L290 TraceCheckUtils]: 31: Hoare triple {5823#true} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L290 TraceCheckUtils]: 32: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L290 TraceCheckUtils]: 33: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5823#true} {5823#true} #1286#return; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L290 TraceCheckUtils]: 35: Hoare triple {5823#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L272 TraceCheckUtils]: 36: Hoare triple {5823#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L290 TraceCheckUtils]: 37: Hoare triple {5823#true} ~handle := #in~handle;~value := #in~value; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L290 TraceCheckUtils]: 38: Hoare triple {5823#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L290 TraceCheckUtils]: 39: Hoare triple {5823#true} assume true; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5823#true} {5823#true} #1288#return; {5823#true} is VALID [2022-02-20 17:55:59,761 INFO L290 TraceCheckUtils]: 41: Hoare triple {5823#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {5823#true} is VALID [2022-02-20 17:55:59,765 INFO L290 TraceCheckUtils]: 42: Hoare triple {5823#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6018#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:59,765 INFO L290 TraceCheckUtils]: 43: Hoare triple {6018#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {6018#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:59,766 INFO L290 TraceCheckUtils]: 44: Hoare triple {6018#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {6018#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:59,766 INFO L290 TraceCheckUtils]: 45: Hoare triple {6018#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6018#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:55:59,766 INFO L290 TraceCheckUtils]: 46: Hoare triple {6018#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5824#false} is VALID [2022-02-20 17:55:59,766 INFO L290 TraceCheckUtils]: 47: Hoare triple {5824#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5824#false} is VALID [2022-02-20 17:55:59,766 INFO L290 TraceCheckUtils]: 48: Hoare triple {5824#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5824#false} is VALID [2022-02-20 17:55:59,766 INFO L290 TraceCheckUtils]: 49: Hoare triple {5824#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5824#false} is VALID [2022-02-20 17:55:59,766 INFO L290 TraceCheckUtils]: 50: Hoare triple {5824#false} assume { :end_inline_setClientAutoResponse } true; {5824#false} is VALID [2022-02-20 17:55:59,766 INFO L290 TraceCheckUtils]: 51: Hoare triple {5824#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 52: Hoare triple {5824#false} assume !false; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 53: Hoare triple {5824#false} assume !(test_~splverifierCounter~0#1 < 4); {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 54: Hoare triple {5824#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L272 TraceCheckUtils]: 55: Hoare triple {5824#false} call sendEmail(~bob~0, ~rjh~0); {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 56: Hoare triple {5824#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L272 TraceCheckUtils]: 57: Hoare triple {5824#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 58: Hoare triple {5824#false} ~handle := #in~handle;~value := #in~value; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 59: Hoare triple {5824#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 60: Hoare triple {5824#false} assume true; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5824#false} {5824#false} #1220#return; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L272 TraceCheckUtils]: 62: Hoare triple {5824#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 63: Hoare triple {5824#false} ~handle := #in~handle;~value := #in~value; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 64: Hoare triple {5824#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5824#false} is VALID [2022-02-20 17:55:59,767 INFO L290 TraceCheckUtils]: 65: Hoare triple {5824#false} assume true; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5824#false} {5824#false} #1222#return; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L290 TraceCheckUtils]: 67: Hoare triple {5824#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L290 TraceCheckUtils]: 68: Hoare triple {5824#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L272 TraceCheckUtils]: 69: Hoare triple {5824#false} call outgoing(~sender#1, ~email~0#1); {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L290 TraceCheckUtils]: 70: Hoare triple {5824#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L272 TraceCheckUtils]: 71: Hoare triple {5824#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L290 TraceCheckUtils]: 72: Hoare triple {5824#false} ~handle := #in~handle;havoc ~retValue_acc~31; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L290 TraceCheckUtils]: 73: Hoare triple {5824#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L290 TraceCheckUtils]: 74: Hoare triple {5824#false} assume true; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5824#false} {5824#false} #1200#return; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L290 TraceCheckUtils]: 76: Hoare triple {5824#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L290 TraceCheckUtils]: 77: Hoare triple {5824#false} assume 0 == sign_~privkey~1#1; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L290 TraceCheckUtils]: 78: Hoare triple {5824#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {5824#false} is VALID [2022-02-20 17:55:59,768 INFO L272 TraceCheckUtils]: 79: Hoare triple {5824#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 80: Hoare triple {5824#false} ~handle := #in~handle;havoc ~retValue_acc~25; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 81: Hoare triple {5824#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 82: Hoare triple {5824#false} assume true; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5824#false} {5824#false} #1202#return; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 84: Hoare triple {5824#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 85: Hoare triple {5824#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L272 TraceCheckUtils]: 86: Hoare triple {5824#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 87: Hoare triple {5824#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L272 TraceCheckUtils]: 88: Hoare triple {5824#false} call #t~ret19#1 := getEmailTo(~msg#1); {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 89: Hoare triple {5824#false} ~handle := #in~handle;havoc ~retValue_acc~10; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 90: Hoare triple {5824#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 91: Hoare triple {5824#false} assume true; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {5824#false} {5824#false} #1234#return; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L290 TraceCheckUtils]: 93: Hoare triple {5824#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {5824#false} is VALID [2022-02-20 17:55:59,769 INFO L272 TraceCheckUtils]: 94: Hoare triple {5824#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {5824#false} is VALID [2022-02-20 17:55:59,770 INFO L290 TraceCheckUtils]: 95: Hoare triple {5824#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {5824#false} is VALID [2022-02-20 17:55:59,770 INFO L290 TraceCheckUtils]: 96: Hoare triple {5824#false} assume 1 == ~handle; {5824#false} is VALID [2022-02-20 17:55:59,770 INFO L290 TraceCheckUtils]: 97: Hoare triple {5824#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {5824#false} is VALID [2022-02-20 17:55:59,780 INFO L290 TraceCheckUtils]: 98: Hoare triple {5824#false} assume true; {5824#false} is VALID [2022-02-20 17:55:59,780 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {5824#false} {5824#false} #1236#return; {5824#false} is VALID [2022-02-20 17:55:59,780 INFO L290 TraceCheckUtils]: 100: Hoare triple {5824#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {5824#false} is VALID [2022-02-20 17:55:59,780 INFO L290 TraceCheckUtils]: 101: Hoare triple {5824#false} assume !(0 != ~pubkey~0#1); {5824#false} is VALID [2022-02-20 17:55:59,780 INFO L290 TraceCheckUtils]: 102: Hoare triple {5824#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {5824#false} is VALID [2022-02-20 17:55:59,780 INFO L290 TraceCheckUtils]: 103: Hoare triple {5824#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {5824#false} is VALID [2022-02-20 17:55:59,780 INFO L290 TraceCheckUtils]: 104: Hoare triple {5824#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L272 TraceCheckUtils]: 105: Hoare triple {5824#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 106: Hoare triple {5824#false} ~handle := #in~handle;~value := #in~value; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 107: Hoare triple {5824#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 108: Hoare triple {5824#false} assume true; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {5824#false} {5824#false} #1242#return; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 110: Hoare triple {5824#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 111: Hoare triple {5824#false} assume !(-1 == ~mail_is_sensitive~0); {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L272 TraceCheckUtils]: 112: Hoare triple {5824#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 113: Hoare triple {5824#false} ~handle := #in~handle;havoc ~retValue_acc~13; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 114: Hoare triple {5824#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 115: Hoare triple {5824#false} assume true; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {5824#false} {5824#false} #1246#return; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 117: Hoare triple {5824#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 118: Hoare triple {5824#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {5824#false} is VALID [2022-02-20 17:55:59,781 INFO L290 TraceCheckUtils]: 119: Hoare triple {5824#false} assume !false; {5824#false} is VALID [2022-02-20 17:55:59,782 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:55:59,782 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:55:59,782 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [28560021] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:55:59,782 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:55:59,782 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:55:59,782 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1411431186] [2022-02-20 17:55:59,782 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:55:59,783 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 120 [2022-02-20 17:55:59,783 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:55:59,783 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:55:59,877 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:55:59,877 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:55:59,878 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:55:59,878 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:55:59,878 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:55:59,878 INFO L87 Difference]: Start difference. First operand 420 states and 632 transitions. Second operand has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:56:00,442 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:00,442 INFO L93 Difference]: Finished difference Result 888 states and 1356 transitions. [2022-02-20 17:56:00,442 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:56:00,442 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 120 [2022-02-20 17:56:00,442 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:00,442 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:56:00,452 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1354 transitions. [2022-02-20 17:56:00,452 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:56:00,463 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1354 transitions. [2022-02-20 17:56:00,463 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1354 transitions. [2022-02-20 17:56:01,477 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1354 edges. 1354 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:01,491 INFO L225 Difference]: With dead ends: 888 [2022-02-20 17:56:01,491 INFO L226 Difference]: Without dead ends: 495 [2022-02-20 17:56:01,492 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 151 GetRequests, 143 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:56:01,493 INFO L933 BasicCegarLoop]: 652 mSDtfsCounter, 134 mSDsluCounter, 583 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 1235 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:01,493 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 1235 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:56:01,494 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 495 states. [2022-02-20 17:56:01,525 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 495 to 487. [2022-02-20 17:56:01,525 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:01,526 INFO L82 GeneralOperation]: Start isEquivalent. First operand 495 states. Second operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) [2022-02-20 17:56:01,527 INFO L74 IsIncluded]: Start isIncluded. First operand 495 states. Second operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) [2022-02-20 17:56:01,528 INFO L87 Difference]: Start difference. First operand 495 states. Second operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) [2022-02-20 17:56:01,540 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:01,541 INFO L93 Difference]: Finished difference Result 495 states and 758 transitions. [2022-02-20 17:56:01,541 INFO L276 IsEmpty]: Start isEmpty. Operand 495 states and 758 transitions. [2022-02-20 17:56:01,542 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:01,542 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:01,543 INFO L74 IsIncluded]: Start isIncluded. First operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) Second operand 495 states. [2022-02-20 17:56:01,546 INFO L87 Difference]: Start difference. First operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) Second operand 495 states. [2022-02-20 17:56:01,562 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:01,562 INFO L93 Difference]: Finished difference Result 495 states and 758 transitions. [2022-02-20 17:56:01,562 INFO L276 IsEmpty]: Start isEmpty. Operand 495 states and 758 transitions. [2022-02-20 17:56:01,564 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:01,564 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:01,564 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:01,564 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:01,565 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 487 states, 379 states have (on average 1.562005277044855) internal successors, (592), 383 states have internal predecessors, (592), 79 states have call successors, (79), 28 states have call predecessors, (79), 28 states have return successors, (78), 77 states have call predecessors, (78), 78 states have call successors, (78) [2022-02-20 17:56:01,580 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 487 states to 487 states and 749 transitions. [2022-02-20 17:56:01,580 INFO L78 Accepts]: Start accepts. Automaton has 487 states and 749 transitions. Word has length 120 [2022-02-20 17:56:01,580 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:01,580 INFO L470 AbstractCegarLoop]: Abstraction has 487 states and 749 transitions. [2022-02-20 17:56:01,583 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 24.666666666666668) internal successors, (74), 3 states have internal predecessors, (74), 2 states have call successors, (17), 2 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:56:01,583 INFO L276 IsEmpty]: Start isEmpty. Operand 487 states and 749 transitions. [2022-02-20 17:56:01,584 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 122 [2022-02-20 17:56:01,585 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:01,585 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:01,615 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:56:01,800 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:56:01,801 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:01,801 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:01,801 INFO L85 PathProgramCache]: Analyzing trace with hash -625115686, now seen corresponding path program 1 times [2022-02-20 17:56:01,801 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:01,801 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1528449150] [2022-02-20 17:56:01,801 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:01,801 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:01,852 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:01,913 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:01,914 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:01,916 INFO L290 TraceCheckUtils]: 0: Hoare triple {9189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:01,916 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:01,916 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:01,917 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9129#true} #1278#return; {9129#true} is VALID [2022-02-20 17:56:01,920 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:01,922 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:01,927 INFO L290 TraceCheckUtils]: 0: Hoare triple {9190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:01,928 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:01,938 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:01,938 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9129#true} #1280#return; {9129#true} is VALID [2022-02-20 17:56:01,939 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:01,941 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:01,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {9189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9191#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:01,953 INFO L290 TraceCheckUtils]: 1: Hoare triple {9191#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9192#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:01,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {9192#(= |setClientId_#in~handle| 1)} assume true; {9192#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:01,954 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9192#(= |setClientId_#in~handle| 1)} {9139#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1282#return; {9130#false} is VALID [2022-02-20 17:56:01,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:56:01,956 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:01,958 INFO L290 TraceCheckUtils]: 0: Hoare triple {9190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:01,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:01,958 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:01,958 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1284#return; {9130#false} is VALID [2022-02-20 17:56:01,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:56:01,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:01,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {9189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:01,962 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:01,962 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:01,962 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1286#return; {9130#false} is VALID [2022-02-20 17:56:01,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:56:01,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:01,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {9190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:01,965 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:01,965 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:01,965 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1288#return; {9130#false} is VALID [2022-02-20 17:56:01,971 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:56:01,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:01,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {9193#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:01,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:01,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:01,973 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1220#return; {9130#false} is VALID [2022-02-20 17:56:01,980 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:56:02,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,003 INFO L290 TraceCheckUtils]: 0: Hoare triple {9194#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,003 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,003 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,003 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1222#return; {9130#false} is VALID [2022-02-20 17:56:02,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:56:02,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,006 INFO L290 TraceCheckUtils]: 0: Hoare triple {9129#true} ~handle := #in~handle;havoc ~retValue_acc~31; {9129#true} is VALID [2022-02-20 17:56:02,006 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {9129#true} is VALID [2022-02-20 17:56:02,006 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,006 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1200#return; {9130#false} is VALID [2022-02-20 17:56:02,006 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:56:02,007 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,009 INFO L290 TraceCheckUtils]: 0: Hoare triple {9129#true} ~handle := #in~handle;havoc ~retValue_acc~25; {9129#true} is VALID [2022-02-20 17:56:02,009 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {9129#true} is VALID [2022-02-20 17:56:02,009 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,009 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1202#return; {9130#false} is VALID [2022-02-20 17:56:02,009 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:56:02,009 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,011 INFO L290 TraceCheckUtils]: 0: Hoare triple {9129#true} ~handle := #in~handle;havoc ~retValue_acc~10; {9129#true} is VALID [2022-02-20 17:56:02,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {9129#true} is VALID [2022-02-20 17:56:02,011 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,011 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1234#return; {9130#false} is VALID [2022-02-20 17:56:02,011 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:56:02,012 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {9129#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {9129#true} is VALID [2022-02-20 17:56:02,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle; {9129#true} is VALID [2022-02-20 17:56:02,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {9129#true} is VALID [2022-02-20 17:56:02,017 INFO L290 TraceCheckUtils]: 3: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,017 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9129#true} {9130#false} #1236#return; {9130#false} is VALID [2022-02-20 17:56:02,018 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:56:02,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,020 INFO L290 TraceCheckUtils]: 0: Hoare triple {9193#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,020 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,020 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,020 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1242#return; {9130#false} is VALID [2022-02-20 17:56:02,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:56:02,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,022 INFO L290 TraceCheckUtils]: 0: Hoare triple {9129#true} ~handle := #in~handle;havoc ~retValue_acc~13; {9129#true} is VALID [2022-02-20 17:56:02,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {9129#true} is VALID [2022-02-20 17:56:02,022 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,022 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9129#true} {9130#false} #1246#return; {9130#false} is VALID [2022-02-20 17:56:02,022 INFO L290 TraceCheckUtils]: 0: Hoare triple {9129#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {9129#true} is VALID [2022-02-20 17:56:02,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {9129#true} is VALID [2022-02-20 17:56:02,023 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9129#true} is VALID [2022-02-20 17:56:02,023 INFO L290 TraceCheckUtils]: 3: Hoare triple {9129#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {9129#true} is VALID [2022-02-20 17:56:02,023 INFO L290 TraceCheckUtils]: 4: Hoare triple {9129#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {9129#true} is VALID [2022-02-20 17:56:02,023 INFO L290 TraceCheckUtils]: 5: Hoare triple {9129#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9129#true} is VALID [2022-02-20 17:56:02,023 INFO L272 TraceCheckUtils]: 6: Hoare triple {9129#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:02,023 INFO L290 TraceCheckUtils]: 7: Hoare triple {9189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,024 INFO L290 TraceCheckUtils]: 8: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,024 INFO L290 TraceCheckUtils]: 9: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,024 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9129#true} {9129#true} #1278#return; {9129#true} is VALID [2022-02-20 17:56:02,024 INFO L290 TraceCheckUtils]: 11: Hoare triple {9129#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9129#true} is VALID [2022-02-20 17:56:02,024 INFO L272 TraceCheckUtils]: 12: Hoare triple {9129#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:02,024 INFO L290 TraceCheckUtils]: 13: Hoare triple {9190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,024 INFO L290 TraceCheckUtils]: 14: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,024 INFO L290 TraceCheckUtils]: 15: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,025 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9129#true} {9129#true} #1280#return; {9129#true} is VALID [2022-02-20 17:56:02,025 INFO L290 TraceCheckUtils]: 17: Hoare triple {9129#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9139#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:56:02,025 INFO L272 TraceCheckUtils]: 18: Hoare triple {9139#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:02,026 INFO L290 TraceCheckUtils]: 19: Hoare triple {9189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9191#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:02,026 INFO L290 TraceCheckUtils]: 20: Hoare triple {9191#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9192#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:02,026 INFO L290 TraceCheckUtils]: 21: Hoare triple {9192#(= |setClientId_#in~handle| 1)} assume true; {9192#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:02,027 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9192#(= |setClientId_#in~handle| 1)} {9139#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1282#return; {9130#false} is VALID [2022-02-20 17:56:02,027 INFO L290 TraceCheckUtils]: 23: Hoare triple {9130#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9130#false} is VALID [2022-02-20 17:56:02,027 INFO L272 TraceCheckUtils]: 24: Hoare triple {9130#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:02,027 INFO L290 TraceCheckUtils]: 25: Hoare triple {9190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,027 INFO L290 TraceCheckUtils]: 26: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,027 INFO L290 TraceCheckUtils]: 27: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,027 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9129#true} {9130#false} #1284#return; {9130#false} is VALID [2022-02-20 17:56:02,027 INFO L290 TraceCheckUtils]: 29: Hoare triple {9130#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9130#false} is VALID [2022-02-20 17:56:02,028 INFO L272 TraceCheckUtils]: 30: Hoare triple {9130#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:02,028 INFO L290 TraceCheckUtils]: 31: Hoare triple {9189#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,028 INFO L290 TraceCheckUtils]: 32: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,028 INFO L290 TraceCheckUtils]: 33: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,028 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9129#true} {9130#false} #1286#return; {9130#false} is VALID [2022-02-20 17:56:02,028 INFO L290 TraceCheckUtils]: 35: Hoare triple {9130#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9130#false} is VALID [2022-02-20 17:56:02,028 INFO L272 TraceCheckUtils]: 36: Hoare triple {9130#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:02,028 INFO L290 TraceCheckUtils]: 37: Hoare triple {9190#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,028 INFO L290 TraceCheckUtils]: 38: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,028 INFO L290 TraceCheckUtils]: 39: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,028 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9129#true} {9130#false} #1288#return; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 41: Hoare triple {9130#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 42: Hoare triple {9130#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 43: Hoare triple {9130#false} assume !false; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 44: Hoare triple {9130#false} assume test_~splverifierCounter~0#1 < 4; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 45: Hoare triple {9130#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 46: Hoare triple {9130#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 47: Hoare triple {9130#false} assume !(0 != test_~tmp___9~0#1); {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 48: Hoare triple {9130#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 49: Hoare triple {9130#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 50: Hoare triple {9130#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 51: Hoare triple {9130#false} assume { :end_inline_setClientAutoResponse } true; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 52: Hoare triple {9130#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 53: Hoare triple {9130#false} assume !false; {9130#false} is VALID [2022-02-20 17:56:02,029 INFO L290 TraceCheckUtils]: 54: Hoare triple {9130#false} assume !(test_~splverifierCounter~0#1 < 4); {9130#false} is VALID [2022-02-20 17:56:02,030 INFO L290 TraceCheckUtils]: 55: Hoare triple {9130#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {9130#false} is VALID [2022-02-20 17:56:02,030 INFO L272 TraceCheckUtils]: 56: Hoare triple {9130#false} call sendEmail(~bob~0, ~rjh~0); {9130#false} is VALID [2022-02-20 17:56:02,030 INFO L290 TraceCheckUtils]: 57: Hoare triple {9130#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9130#false} is VALID [2022-02-20 17:56:02,030 INFO L272 TraceCheckUtils]: 58: Hoare triple {9130#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9193#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:02,030 INFO L290 TraceCheckUtils]: 59: Hoare triple {9193#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,030 INFO L290 TraceCheckUtils]: 60: Hoare triple {9129#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,030 INFO L290 TraceCheckUtils]: 61: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,030 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {9129#true} {9130#false} #1220#return; {9130#false} is VALID [2022-02-20 17:56:02,030 INFO L272 TraceCheckUtils]: 63: Hoare triple {9130#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9194#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:02,030 INFO L290 TraceCheckUtils]: 64: Hoare triple {9194#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,030 INFO L290 TraceCheckUtils]: 65: Hoare triple {9129#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,030 INFO L290 TraceCheckUtils]: 66: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,030 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {9129#true} {9130#false} #1222#return; {9130#false} is VALID [2022-02-20 17:56:02,030 INFO L290 TraceCheckUtils]: 68: Hoare triple {9130#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {9130#false} is VALID [2022-02-20 17:56:02,031 INFO L290 TraceCheckUtils]: 69: Hoare triple {9130#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {9130#false} is VALID [2022-02-20 17:56:02,031 INFO L272 TraceCheckUtils]: 70: Hoare triple {9130#false} call outgoing(~sender#1, ~email~0#1); {9130#false} is VALID [2022-02-20 17:56:02,031 INFO L290 TraceCheckUtils]: 71: Hoare triple {9130#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {9130#false} is VALID [2022-02-20 17:56:02,031 INFO L272 TraceCheckUtils]: 72: Hoare triple {9130#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {9129#true} is VALID [2022-02-20 17:56:02,031 INFO L290 TraceCheckUtils]: 73: Hoare triple {9129#true} ~handle := #in~handle;havoc ~retValue_acc~31; {9129#true} is VALID [2022-02-20 17:56:02,031 INFO L290 TraceCheckUtils]: 74: Hoare triple {9129#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {9129#true} is VALID [2022-02-20 17:56:02,031 INFO L290 TraceCheckUtils]: 75: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,031 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {9129#true} {9130#false} #1200#return; {9130#false} is VALID [2022-02-20 17:56:02,031 INFO L290 TraceCheckUtils]: 77: Hoare triple {9130#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {9130#false} is VALID [2022-02-20 17:56:02,031 INFO L290 TraceCheckUtils]: 78: Hoare triple {9130#false} assume 0 == sign_~privkey~1#1; {9130#false} is VALID [2022-02-20 17:56:02,031 INFO L290 TraceCheckUtils]: 79: Hoare triple {9130#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {9130#false} is VALID [2022-02-20 17:56:02,031 INFO L272 TraceCheckUtils]: 80: Hoare triple {9130#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {9129#true} is VALID [2022-02-20 17:56:02,032 INFO L290 TraceCheckUtils]: 81: Hoare triple {9129#true} ~handle := #in~handle;havoc ~retValue_acc~25; {9129#true} is VALID [2022-02-20 17:56:02,032 INFO L290 TraceCheckUtils]: 82: Hoare triple {9129#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {9129#true} is VALID [2022-02-20 17:56:02,032 INFO L290 TraceCheckUtils]: 83: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,032 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {9129#true} {9130#false} #1202#return; {9130#false} is VALID [2022-02-20 17:56:02,032 INFO L290 TraceCheckUtils]: 85: Hoare triple {9130#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {9130#false} is VALID [2022-02-20 17:56:02,032 INFO L290 TraceCheckUtils]: 86: Hoare triple {9130#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {9130#false} is VALID [2022-02-20 17:56:02,032 INFO L272 TraceCheckUtils]: 87: Hoare triple {9130#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {9130#false} is VALID [2022-02-20 17:56:02,032 INFO L290 TraceCheckUtils]: 88: Hoare triple {9130#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {9130#false} is VALID [2022-02-20 17:56:02,032 INFO L272 TraceCheckUtils]: 89: Hoare triple {9130#false} call #t~ret19#1 := getEmailTo(~msg#1); {9129#true} is VALID [2022-02-20 17:56:02,032 INFO L290 TraceCheckUtils]: 90: Hoare triple {9129#true} ~handle := #in~handle;havoc ~retValue_acc~10; {9129#true} is VALID [2022-02-20 17:56:02,032 INFO L290 TraceCheckUtils]: 91: Hoare triple {9129#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {9129#true} is VALID [2022-02-20 17:56:02,032 INFO L290 TraceCheckUtils]: 92: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,033 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {9129#true} {9130#false} #1234#return; {9130#false} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 94: Hoare triple {9130#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {9130#false} is VALID [2022-02-20 17:56:02,033 INFO L272 TraceCheckUtils]: 95: Hoare triple {9130#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {9129#true} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 96: Hoare triple {9129#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {9129#true} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 97: Hoare triple {9129#true} assume 1 == ~handle; {9129#true} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 98: Hoare triple {9129#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {9129#true} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 99: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,033 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {9129#true} {9130#false} #1236#return; {9130#false} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 101: Hoare triple {9130#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {9130#false} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 102: Hoare triple {9130#false} assume !(0 != ~pubkey~0#1); {9130#false} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 103: Hoare triple {9130#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {9130#false} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 104: Hoare triple {9130#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {9130#false} is VALID [2022-02-20 17:56:02,033 INFO L290 TraceCheckUtils]: 105: Hoare triple {9130#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {9130#false} is VALID [2022-02-20 17:56:02,034 INFO L272 TraceCheckUtils]: 106: Hoare triple {9130#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {9193#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:02,034 INFO L290 TraceCheckUtils]: 107: Hoare triple {9193#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,034 INFO L290 TraceCheckUtils]: 108: Hoare triple {9129#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,034 INFO L290 TraceCheckUtils]: 109: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,034 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {9129#true} {9130#false} #1242#return; {9130#false} is VALID [2022-02-20 17:56:02,034 INFO L290 TraceCheckUtils]: 111: Hoare triple {9130#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {9130#false} is VALID [2022-02-20 17:56:02,034 INFO L290 TraceCheckUtils]: 112: Hoare triple {9130#false} assume !(-1 == ~mail_is_sensitive~0); {9130#false} is VALID [2022-02-20 17:56:02,034 INFO L272 TraceCheckUtils]: 113: Hoare triple {9130#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {9129#true} is VALID [2022-02-20 17:56:02,034 INFO L290 TraceCheckUtils]: 114: Hoare triple {9129#true} ~handle := #in~handle;havoc ~retValue_acc~13; {9129#true} is VALID [2022-02-20 17:56:02,034 INFO L290 TraceCheckUtils]: 115: Hoare triple {9129#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {9129#true} is VALID [2022-02-20 17:56:02,034 INFO L290 TraceCheckUtils]: 116: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,034 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {9129#true} {9130#false} #1246#return; {9130#false} is VALID [2022-02-20 17:56:02,035 INFO L290 TraceCheckUtils]: 118: Hoare triple {9130#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {9130#false} is VALID [2022-02-20 17:56:02,035 INFO L290 TraceCheckUtils]: 119: Hoare triple {9130#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {9130#false} is VALID [2022-02-20 17:56:02,035 INFO L290 TraceCheckUtils]: 120: Hoare triple {9130#false} assume !false; {9130#false} is VALID [2022-02-20 17:56:02,035 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:56:02,038 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:02,038 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1528449150] [2022-02-20 17:56:02,039 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1528449150] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:56:02,039 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2000605268] [2022-02-20 17:56:02,039 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:02,039 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:56:02,039 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:56:02,040 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:56:02,056 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:56:02,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,285 INFO L263 TraceCheckSpWp]: Trace formula consists of 1181 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:56:02,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:02,329 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:56:02,602 INFO L290 TraceCheckUtils]: 0: Hoare triple {9129#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {9129#true} is VALID [2022-02-20 17:56:02,602 INFO L290 TraceCheckUtils]: 1: Hoare triple {9129#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {9129#true} is VALID [2022-02-20 17:56:02,602 INFO L290 TraceCheckUtils]: 2: Hoare triple {9129#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 3: Hoare triple {9129#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 4: Hoare triple {9129#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 5: Hoare triple {9129#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L272 TraceCheckUtils]: 6: Hoare triple {9129#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 7: Hoare triple {9129#true} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 8: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 9: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9129#true} {9129#true} #1278#return; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 11: Hoare triple {9129#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L272 TraceCheckUtils]: 12: Hoare triple {9129#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 13: Hoare triple {9129#true} ~handle := #in~handle;~value := #in~value; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 14: Hoare triple {9129#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L290 TraceCheckUtils]: 15: Hoare triple {9129#true} assume true; {9129#true} is VALID [2022-02-20 17:56:02,603 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9129#true} {9129#true} #1280#return; {9129#true} is VALID [2022-02-20 17:56:02,604 INFO L290 TraceCheckUtils]: 17: Hoare triple {9129#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9249#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:56:02,604 INFO L272 TraceCheckUtils]: 18: Hoare triple {9249#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9129#true} is VALID [2022-02-20 17:56:02,604 INFO L290 TraceCheckUtils]: 19: Hoare triple {9129#true} ~handle := #in~handle;~value := #in~value; {9256#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:56:02,605 INFO L290 TraceCheckUtils]: 20: Hoare triple {9256#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9260#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:02,605 INFO L290 TraceCheckUtils]: 21: Hoare triple {9260#(<= |setClientId_#in~handle| 1)} assume true; {9260#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:02,605 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9260#(<= |setClientId_#in~handle| 1)} {9249#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1282#return; {9130#false} is VALID [2022-02-20 17:56:02,605 INFO L290 TraceCheckUtils]: 23: Hoare triple {9130#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L272 TraceCheckUtils]: 24: Hoare triple {9130#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 25: Hoare triple {9130#false} ~handle := #in~handle;~value := #in~value; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 26: Hoare triple {9130#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 27: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9130#false} {9130#false} #1284#return; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 29: Hoare triple {9130#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L272 TraceCheckUtils]: 30: Hoare triple {9130#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 31: Hoare triple {9130#false} ~handle := #in~handle;~value := #in~value; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 32: Hoare triple {9130#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 33: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9130#false} {9130#false} #1286#return; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 35: Hoare triple {9130#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L272 TraceCheckUtils]: 36: Hoare triple {9130#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 37: Hoare triple {9130#false} ~handle := #in~handle;~value := #in~value; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 38: Hoare triple {9130#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9130#false} is VALID [2022-02-20 17:56:02,606 INFO L290 TraceCheckUtils]: 39: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9130#false} {9130#false} #1288#return; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 41: Hoare triple {9130#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 42: Hoare triple {9130#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 43: Hoare triple {9130#false} assume !false; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 44: Hoare triple {9130#false} assume test_~splverifierCounter~0#1 < 4; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 45: Hoare triple {9130#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 46: Hoare triple {9130#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 47: Hoare triple {9130#false} assume !(0 != test_~tmp___9~0#1); {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 48: Hoare triple {9130#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 49: Hoare triple {9130#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 50: Hoare triple {9130#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 51: Hoare triple {9130#false} assume { :end_inline_setClientAutoResponse } true; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 52: Hoare triple {9130#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 53: Hoare triple {9130#false} assume !false; {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 54: Hoare triple {9130#false} assume !(test_~splverifierCounter~0#1 < 4); {9130#false} is VALID [2022-02-20 17:56:02,607 INFO L290 TraceCheckUtils]: 55: Hoare triple {9130#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L272 TraceCheckUtils]: 56: Hoare triple {9130#false} call sendEmail(~bob~0, ~rjh~0); {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L290 TraceCheckUtils]: 57: Hoare triple {9130#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L272 TraceCheckUtils]: 58: Hoare triple {9130#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L290 TraceCheckUtils]: 59: Hoare triple {9130#false} ~handle := #in~handle;~value := #in~value; {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L290 TraceCheckUtils]: 60: Hoare triple {9130#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L290 TraceCheckUtils]: 61: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {9130#false} {9130#false} #1220#return; {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L272 TraceCheckUtils]: 63: Hoare triple {9130#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L290 TraceCheckUtils]: 64: Hoare triple {9130#false} ~handle := #in~handle;~value := #in~value; {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L290 TraceCheckUtils]: 65: Hoare triple {9130#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9130#false} is VALID [2022-02-20 17:56:02,608 INFO L290 TraceCheckUtils]: 66: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {9130#false} {9130#false} #1222#return; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 68: Hoare triple {9130#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 69: Hoare triple {9130#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L272 TraceCheckUtils]: 70: Hoare triple {9130#false} call outgoing(~sender#1, ~email~0#1); {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 71: Hoare triple {9130#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L272 TraceCheckUtils]: 72: Hoare triple {9130#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 73: Hoare triple {9130#false} ~handle := #in~handle;havoc ~retValue_acc~31; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 74: Hoare triple {9130#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 75: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {9130#false} {9130#false} #1200#return; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 77: Hoare triple {9130#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 78: Hoare triple {9130#false} assume 0 == sign_~privkey~1#1; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 79: Hoare triple {9130#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L272 TraceCheckUtils]: 80: Hoare triple {9130#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {9130#false} is VALID [2022-02-20 17:56:02,609 INFO L290 TraceCheckUtils]: 81: Hoare triple {9130#false} ~handle := #in~handle;havoc ~retValue_acc~25; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 82: Hoare triple {9130#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 83: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {9130#false} {9130#false} #1202#return; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 85: Hoare triple {9130#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 86: Hoare triple {9130#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L272 TraceCheckUtils]: 87: Hoare triple {9130#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 88: Hoare triple {9130#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L272 TraceCheckUtils]: 89: Hoare triple {9130#false} call #t~ret19#1 := getEmailTo(~msg#1); {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 90: Hoare triple {9130#false} ~handle := #in~handle;havoc ~retValue_acc~10; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 91: Hoare triple {9130#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 92: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {9130#false} {9130#false} #1234#return; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 94: Hoare triple {9130#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L272 TraceCheckUtils]: 95: Hoare triple {9130#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 96: Hoare triple {9130#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {9130#false} is VALID [2022-02-20 17:56:02,610 INFO L290 TraceCheckUtils]: 97: Hoare triple {9130#false} assume 1 == ~handle; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 98: Hoare triple {9130#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 99: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {9130#false} {9130#false} #1236#return; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 101: Hoare triple {9130#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 102: Hoare triple {9130#false} assume !(0 != ~pubkey~0#1); {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 103: Hoare triple {9130#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 104: Hoare triple {9130#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 105: Hoare triple {9130#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L272 TraceCheckUtils]: 106: Hoare triple {9130#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 107: Hoare triple {9130#false} ~handle := #in~handle;~value := #in~value; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 108: Hoare triple {9130#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 109: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {9130#false} {9130#false} #1242#return; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 111: Hoare triple {9130#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L290 TraceCheckUtils]: 112: Hoare triple {9130#false} assume !(-1 == ~mail_is_sensitive~0); {9130#false} is VALID [2022-02-20 17:56:02,611 INFO L272 TraceCheckUtils]: 113: Hoare triple {9130#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {9130#false} is VALID [2022-02-20 17:56:02,612 INFO L290 TraceCheckUtils]: 114: Hoare triple {9130#false} ~handle := #in~handle;havoc ~retValue_acc~13; {9130#false} is VALID [2022-02-20 17:56:02,612 INFO L290 TraceCheckUtils]: 115: Hoare triple {9130#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {9130#false} is VALID [2022-02-20 17:56:02,612 INFO L290 TraceCheckUtils]: 116: Hoare triple {9130#false} assume true; {9130#false} is VALID [2022-02-20 17:56:02,612 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {9130#false} {9130#false} #1246#return; {9130#false} is VALID [2022-02-20 17:56:02,612 INFO L290 TraceCheckUtils]: 118: Hoare triple {9130#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {9130#false} is VALID [2022-02-20 17:56:02,612 INFO L290 TraceCheckUtils]: 119: Hoare triple {9130#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {9130#false} is VALID [2022-02-20 17:56:02,612 INFO L290 TraceCheckUtils]: 120: Hoare triple {9130#false} assume !false; {9130#false} is VALID [2022-02-20 17:56:02,612 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:56:02,612 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:56:02,612 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2000605268] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:02,612 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:56:02,612 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:56:02,613 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [478188594] [2022-02-20 17:56:02,613 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:02,613 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 121 [2022-02-20 17:56:02,613 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:02,614 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:02,677 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 114 edges. 114 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:02,677 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:56:02,677 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:02,678 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:56:02,678 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:56:02,679 INFO L87 Difference]: Start difference. First operand 487 states and 749 transitions. Second operand has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:03,726 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:03,726 INFO L93 Difference]: Finished difference Result 965 states and 1488 transitions. [2022-02-20 17:56:03,726 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:56:03,727 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 121 [2022-02-20 17:56:03,727 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:03,727 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:03,735 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1250 transitions. [2022-02-20 17:56:03,748 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:03,756 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1250 transitions. [2022-02-20 17:56:03,758 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1250 transitions. [2022-02-20 17:56:04,424 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1250 edges. 1250 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:04,439 INFO L225 Difference]: With dead ends: 965 [2022-02-20 17:56:04,439 INFO L226 Difference]: Without dead ends: 489 [2022-02-20 17:56:04,442 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 153 GetRequests, 142 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:56:04,444 INFO L933 BasicCegarLoop]: 621 mSDtfsCounter, 152 mSDsluCounter, 1689 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 175 SdHoareTripleChecker+Valid, 2310 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:04,446 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [175 Valid, 2310 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:56:04,448 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 489 states. [2022-02-20 17:56:04,497 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 489 to 489. [2022-02-20 17:56:04,497 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:04,499 INFO L82 GeneralOperation]: Start isEquivalent. First operand 489 states. Second operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) [2022-02-20 17:56:04,500 INFO L74 IsIncluded]: Start isIncluded. First operand 489 states. Second operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) [2022-02-20 17:56:04,500 INFO L87 Difference]: Start difference. First operand 489 states. Second operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) [2022-02-20 17:56:04,513 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:04,514 INFO L93 Difference]: Finished difference Result 489 states and 752 transitions. [2022-02-20 17:56:04,514 INFO L276 IsEmpty]: Start isEmpty. Operand 489 states and 752 transitions. [2022-02-20 17:56:04,515 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:04,515 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:04,516 INFO L74 IsIncluded]: Start isIncluded. First operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) Second operand 489 states. [2022-02-20 17:56:04,516 INFO L87 Difference]: Start difference. First operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) Second operand 489 states. [2022-02-20 17:56:04,530 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:04,530 INFO L93 Difference]: Finished difference Result 489 states and 752 transitions. [2022-02-20 17:56:04,530 INFO L276 IsEmpty]: Start isEmpty. Operand 489 states and 752 transitions. [2022-02-20 17:56:04,531 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:04,531 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:04,531 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:04,531 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:04,532 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 489 states, 380 states have (on average 1.5605263157894738) internal successors, (593), 385 states have internal predecessors, (593), 79 states have call successors, (79), 28 states have call predecessors, (79), 29 states have return successors, (80), 77 states have call predecessors, (80), 78 states have call successors, (80) [2022-02-20 17:56:04,546 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 489 states to 489 states and 752 transitions. [2022-02-20 17:56:04,546 INFO L78 Accepts]: Start accepts. Automaton has 489 states and 752 transitions. Word has length 121 [2022-02-20 17:56:04,546 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:04,546 INFO L470 AbstractCegarLoop]: Abstraction has 489 states and 752 transitions. [2022-02-20 17:56:04,546 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 20.75) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:04,546 INFO L276 IsEmpty]: Start isEmpty. Operand 489 states and 752 transitions. [2022-02-20 17:56:04,549 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 123 [2022-02-20 17:56:04,549 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:04,550 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:04,570 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:56:04,768 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:56:04,768 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:04,768 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:04,768 INFO L85 PathProgramCache]: Analyzing trace with hash 1495995839, now seen corresponding path program 1 times [2022-02-20 17:56:04,768 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:04,768 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1547874030] [2022-02-20 17:56:04,768 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:04,769 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:04,795 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,839 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:04,840 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,842 INFO L290 TraceCheckUtils]: 0: Hoare triple {12609#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,843 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,843 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,843 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12547#true} #1278#return; {12547#true} is VALID [2022-02-20 17:56:04,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:04,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,852 INFO L290 TraceCheckUtils]: 0: Hoare triple {12610#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,852 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,852 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,852 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12547#true} #1280#return; {12547#true} is VALID [2022-02-20 17:56:04,852 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:04,855 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,867 INFO L290 TraceCheckUtils]: 0: Hoare triple {12609#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12611#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:04,867 INFO L290 TraceCheckUtils]: 1: Hoare triple {12611#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12611#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:04,867 INFO L290 TraceCheckUtils]: 2: Hoare triple {12611#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12612#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:04,868 INFO L290 TraceCheckUtils]: 3: Hoare triple {12612#(= 2 |setClientId_#in~handle|)} assume true; {12612#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:04,868 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12612#(= 2 |setClientId_#in~handle|)} {12557#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1282#return; {12563#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:56:04,868 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:04,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,887 INFO L290 TraceCheckUtils]: 0: Hoare triple {12610#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12613#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:04,887 INFO L290 TraceCheckUtils]: 1: Hoare triple {12613#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12614#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:04,888 INFO L290 TraceCheckUtils]: 2: Hoare triple {12614#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12614#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:04,888 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12614#(= |setClientPrivateKey_#in~handle| 1)} {12563#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1284#return; {12548#false} is VALID [2022-02-20 17:56:04,888 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:56:04,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,892 INFO L290 TraceCheckUtils]: 0: Hoare triple {12609#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,892 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,892 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,892 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12548#false} #1286#return; {12548#false} is VALID [2022-02-20 17:56:04,892 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:56:04,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,899 INFO L290 TraceCheckUtils]: 0: Hoare triple {12610#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,899 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,899 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,899 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12548#false} #1288#return; {12548#false} is VALID [2022-02-20 17:56:04,910 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:56:04,911 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,928 INFO L290 TraceCheckUtils]: 0: Hoare triple {12615#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,928 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,928 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,928 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12548#false} #1220#return; {12548#false} is VALID [2022-02-20 17:56:04,938 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:56:04,938 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,941 INFO L290 TraceCheckUtils]: 0: Hoare triple {12616#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,941 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,941 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,941 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12548#false} #1222#return; {12548#false} is VALID [2022-02-20 17:56:04,941 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:56:04,942 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {12547#true} ~handle := #in~handle;havoc ~retValue_acc~31; {12547#true} is VALID [2022-02-20 17:56:04,945 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {12547#true} is VALID [2022-02-20 17:56:04,945 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,945 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12548#false} #1200#return; {12548#false} is VALID [2022-02-20 17:56:04,945 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:56:04,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,950 INFO L290 TraceCheckUtils]: 0: Hoare triple {12547#true} ~handle := #in~handle;havoc ~retValue_acc~25; {12547#true} is VALID [2022-02-20 17:56:04,950 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {12547#true} is VALID [2022-02-20 17:56:04,950 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,951 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12548#false} #1202#return; {12548#false} is VALID [2022-02-20 17:56:04,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:56:04,951 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,954 INFO L290 TraceCheckUtils]: 0: Hoare triple {12547#true} ~handle := #in~handle;havoc ~retValue_acc~10; {12547#true} is VALID [2022-02-20 17:56:04,954 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {12547#true} is VALID [2022-02-20 17:56:04,954 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,954 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12548#false} #1234#return; {12548#false} is VALID [2022-02-20 17:56:04,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:56:04,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,980 INFO L290 TraceCheckUtils]: 0: Hoare triple {12547#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {12547#true} is VALID [2022-02-20 17:56:04,981 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle; {12547#true} is VALID [2022-02-20 17:56:04,981 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {12547#true} is VALID [2022-02-20 17:56:04,981 INFO L290 TraceCheckUtils]: 3: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,981 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12547#true} {12548#false} #1236#return; {12548#false} is VALID [2022-02-20 17:56:04,981 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 17:56:04,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,983 INFO L290 TraceCheckUtils]: 0: Hoare triple {12615#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,983 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,983 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,983 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12548#false} #1242#return; {12548#false} is VALID [2022-02-20 17:56:04,983 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:56:04,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:04,986 INFO L290 TraceCheckUtils]: 0: Hoare triple {12547#true} ~handle := #in~handle;havoc ~retValue_acc~13; {12547#true} is VALID [2022-02-20 17:56:04,986 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {12547#true} is VALID [2022-02-20 17:56:04,986 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,987 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12547#true} {12548#false} #1246#return; {12548#false} is VALID [2022-02-20 17:56:04,987 INFO L290 TraceCheckUtils]: 0: Hoare triple {12547#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {12547#true} is VALID [2022-02-20 17:56:04,987 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {12547#true} is VALID [2022-02-20 17:56:04,987 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12547#true} is VALID [2022-02-20 17:56:04,987 INFO L290 TraceCheckUtils]: 3: Hoare triple {12547#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {12547#true} is VALID [2022-02-20 17:56:04,987 INFO L290 TraceCheckUtils]: 4: Hoare triple {12547#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {12547#true} is VALID [2022-02-20 17:56:04,987 INFO L290 TraceCheckUtils]: 5: Hoare triple {12547#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12547#true} is VALID [2022-02-20 17:56:04,988 INFO L272 TraceCheckUtils]: 6: Hoare triple {12547#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12609#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:04,988 INFO L290 TraceCheckUtils]: 7: Hoare triple {12609#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,988 INFO L290 TraceCheckUtils]: 8: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,988 INFO L290 TraceCheckUtils]: 9: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,988 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12547#true} {12547#true} #1278#return; {12547#true} is VALID [2022-02-20 17:56:04,988 INFO L290 TraceCheckUtils]: 11: Hoare triple {12547#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12547#true} is VALID [2022-02-20 17:56:04,989 INFO L272 TraceCheckUtils]: 12: Hoare triple {12547#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12610#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:04,989 INFO L290 TraceCheckUtils]: 13: Hoare triple {12610#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,989 INFO L290 TraceCheckUtils]: 14: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,989 INFO L290 TraceCheckUtils]: 15: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,989 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12547#true} {12547#true} #1280#return; {12547#true} is VALID [2022-02-20 17:56:04,989 INFO L290 TraceCheckUtils]: 17: Hoare triple {12547#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12557#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:56:04,990 INFO L272 TraceCheckUtils]: 18: Hoare triple {12557#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12609#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:04,990 INFO L290 TraceCheckUtils]: 19: Hoare triple {12609#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12611#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:04,990 INFO L290 TraceCheckUtils]: 20: Hoare triple {12611#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12611#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:04,991 INFO L290 TraceCheckUtils]: 21: Hoare triple {12611#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12612#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:04,991 INFO L290 TraceCheckUtils]: 22: Hoare triple {12612#(= 2 |setClientId_#in~handle|)} assume true; {12612#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:04,991 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12612#(= 2 |setClientId_#in~handle|)} {12557#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1282#return; {12563#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:56:04,992 INFO L290 TraceCheckUtils]: 24: Hoare triple {12563#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {12563#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:56:04,992 INFO L272 TraceCheckUtils]: 25: Hoare triple {12563#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12610#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:04,993 INFO L290 TraceCheckUtils]: 26: Hoare triple {12610#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12613#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:04,993 INFO L290 TraceCheckUtils]: 27: Hoare triple {12613#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12614#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:04,993 INFO L290 TraceCheckUtils]: 28: Hoare triple {12614#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12614#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:04,994 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12614#(= |setClientPrivateKey_#in~handle| 1)} {12563#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1284#return; {12548#false} is VALID [2022-02-20 17:56:04,994 INFO L290 TraceCheckUtils]: 30: Hoare triple {12548#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12548#false} is VALID [2022-02-20 17:56:04,994 INFO L272 TraceCheckUtils]: 31: Hoare triple {12548#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12609#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:04,994 INFO L290 TraceCheckUtils]: 32: Hoare triple {12609#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,994 INFO L290 TraceCheckUtils]: 33: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,994 INFO L290 TraceCheckUtils]: 34: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,994 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12547#true} {12548#false} #1286#return; {12548#false} is VALID [2022-02-20 17:56:04,994 INFO L290 TraceCheckUtils]: 36: Hoare triple {12548#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12548#false} is VALID [2022-02-20 17:56:04,994 INFO L272 TraceCheckUtils]: 37: Hoare triple {12548#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12610#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:04,994 INFO L290 TraceCheckUtils]: 38: Hoare triple {12610#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,994 INFO L290 TraceCheckUtils]: 39: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,994 INFO L290 TraceCheckUtils]: 40: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,994 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12547#true} {12548#false} #1288#return; {12548#false} is VALID [2022-02-20 17:56:04,994 INFO L290 TraceCheckUtils]: 42: Hoare triple {12548#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 43: Hoare triple {12548#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 44: Hoare triple {12548#false} assume !false; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 45: Hoare triple {12548#false} assume test_~splverifierCounter~0#1 < 4; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 46: Hoare triple {12548#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 47: Hoare triple {12548#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 48: Hoare triple {12548#false} assume !(0 != test_~tmp___9~0#1); {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 49: Hoare triple {12548#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 50: Hoare triple {12548#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 51: Hoare triple {12548#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 52: Hoare triple {12548#false} assume { :end_inline_setClientAutoResponse } true; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 53: Hoare triple {12548#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 54: Hoare triple {12548#false} assume !false; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 55: Hoare triple {12548#false} assume !(test_~splverifierCounter~0#1 < 4); {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L290 TraceCheckUtils]: 56: Hoare triple {12548#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {12548#false} is VALID [2022-02-20 17:56:04,995 INFO L272 TraceCheckUtils]: 57: Hoare triple {12548#false} call sendEmail(~bob~0, ~rjh~0); {12548#false} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 58: Hoare triple {12548#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12548#false} is VALID [2022-02-20 17:56:04,996 INFO L272 TraceCheckUtils]: 59: Hoare triple {12548#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12615#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 60: Hoare triple {12615#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 61: Hoare triple {12547#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 62: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,996 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12547#true} {12548#false} #1220#return; {12548#false} is VALID [2022-02-20 17:56:04,996 INFO L272 TraceCheckUtils]: 64: Hoare triple {12548#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12616#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 65: Hoare triple {12616#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 66: Hoare triple {12547#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 67: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,996 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {12547#true} {12548#false} #1222#return; {12548#false} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 69: Hoare triple {12548#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {12548#false} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 70: Hoare triple {12548#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {12548#false} is VALID [2022-02-20 17:56:04,996 INFO L272 TraceCheckUtils]: 71: Hoare triple {12548#false} call outgoing(~sender#1, ~email~0#1); {12548#false} is VALID [2022-02-20 17:56:04,996 INFO L290 TraceCheckUtils]: 72: Hoare triple {12548#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {12548#false} is VALID [2022-02-20 17:56:04,996 INFO L272 TraceCheckUtils]: 73: Hoare triple {12548#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {12547#true} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 74: Hoare triple {12547#true} ~handle := #in~handle;havoc ~retValue_acc~31; {12547#true} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 75: Hoare triple {12547#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {12547#true} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 76: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,997 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {12547#true} {12548#false} #1200#return; {12548#false} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 78: Hoare triple {12548#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {12548#false} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 79: Hoare triple {12548#false} assume 0 == sign_~privkey~1#1; {12548#false} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 80: Hoare triple {12548#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {12548#false} is VALID [2022-02-20 17:56:04,997 INFO L272 TraceCheckUtils]: 81: Hoare triple {12548#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {12547#true} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 82: Hoare triple {12547#true} ~handle := #in~handle;havoc ~retValue_acc~25; {12547#true} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 83: Hoare triple {12547#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {12547#true} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 84: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,997 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12547#true} {12548#false} #1202#return; {12548#false} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 86: Hoare triple {12548#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {12548#false} is VALID [2022-02-20 17:56:04,997 INFO L290 TraceCheckUtils]: 87: Hoare triple {12548#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {12548#false} is VALID [2022-02-20 17:56:04,997 INFO L272 TraceCheckUtils]: 88: Hoare triple {12548#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {12548#false} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 89: Hoare triple {12548#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {12548#false} is VALID [2022-02-20 17:56:04,998 INFO L272 TraceCheckUtils]: 90: Hoare triple {12548#false} call #t~ret19#1 := getEmailTo(~msg#1); {12547#true} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 91: Hoare triple {12547#true} ~handle := #in~handle;havoc ~retValue_acc~10; {12547#true} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 92: Hoare triple {12547#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {12547#true} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 93: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,998 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {12547#true} {12548#false} #1234#return; {12548#false} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 95: Hoare triple {12548#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {12548#false} is VALID [2022-02-20 17:56:04,998 INFO L272 TraceCheckUtils]: 96: Hoare triple {12548#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {12547#true} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 97: Hoare triple {12547#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {12547#true} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 98: Hoare triple {12547#true} assume 1 == ~handle; {12547#true} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 99: Hoare triple {12547#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {12547#true} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 100: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,998 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {12547#true} {12548#false} #1236#return; {12548#false} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 102: Hoare triple {12548#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {12548#false} is VALID [2022-02-20 17:56:04,998 INFO L290 TraceCheckUtils]: 103: Hoare triple {12548#false} assume !(0 != ~pubkey~0#1); {12548#false} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 104: Hoare triple {12548#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {12548#false} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 105: Hoare triple {12548#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {12548#false} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 106: Hoare triple {12548#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {12548#false} is VALID [2022-02-20 17:56:04,999 INFO L272 TraceCheckUtils]: 107: Hoare triple {12548#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {12615#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 108: Hoare triple {12615#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 109: Hoare triple {12547#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 110: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:04,999 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {12547#true} {12548#false} #1242#return; {12548#false} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 112: Hoare triple {12548#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {12548#false} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 113: Hoare triple {12548#false} assume !(-1 == ~mail_is_sensitive~0); {12548#false} is VALID [2022-02-20 17:56:04,999 INFO L272 TraceCheckUtils]: 114: Hoare triple {12548#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {12547#true} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 115: Hoare triple {12547#true} ~handle := #in~handle;havoc ~retValue_acc~13; {12547#true} is VALID [2022-02-20 17:56:04,999 INFO L290 TraceCheckUtils]: 116: Hoare triple {12547#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {12547#true} is VALID [2022-02-20 17:56:05,000 INFO L290 TraceCheckUtils]: 117: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:05,000 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {12547#true} {12548#false} #1246#return; {12548#false} is VALID [2022-02-20 17:56:05,000 INFO L290 TraceCheckUtils]: 119: Hoare triple {12548#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {12548#false} is VALID [2022-02-20 17:56:05,000 INFO L290 TraceCheckUtils]: 120: Hoare triple {12548#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {12548#false} is VALID [2022-02-20 17:56:05,000 INFO L290 TraceCheckUtils]: 121: Hoare triple {12548#false} assume !false; {12548#false} is VALID [2022-02-20 17:56:05,000 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:56:05,000 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:05,000 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1547874030] [2022-02-20 17:56:05,000 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1547874030] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:56:05,000 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [290210831] [2022-02-20 17:56:05,000 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:05,001 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:56:05,001 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:56:05,016 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:56:05,027 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:56:05,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:05,257 INFO L263 TraceCheckSpWp]: Trace formula consists of 1182 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:56:05,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:05,293 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 0: Hoare triple {12547#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 1: Hoare triple {12547#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 2: Hoare triple {12547#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 3: Hoare triple {12547#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 4: Hoare triple {12547#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 5: Hoare triple {12547#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L272 TraceCheckUtils]: 6: Hoare triple {12547#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 7: Hoare triple {12547#true} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 8: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 9: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12547#true} {12547#true} #1278#return; {12547#true} is VALID [2022-02-20 17:56:05,515 INFO L290 TraceCheckUtils]: 11: Hoare triple {12547#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12547#true} is VALID [2022-02-20 17:56:05,516 INFO L272 TraceCheckUtils]: 12: Hoare triple {12547#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12547#true} is VALID [2022-02-20 17:56:05,516 INFO L290 TraceCheckUtils]: 13: Hoare triple {12547#true} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:05,516 INFO L290 TraceCheckUtils]: 14: Hoare triple {12547#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:05,516 INFO L290 TraceCheckUtils]: 15: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:05,516 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12547#true} {12547#true} #1280#return; {12547#true} is VALID [2022-02-20 17:56:05,516 INFO L290 TraceCheckUtils]: 17: Hoare triple {12547#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12671#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:56:05,516 INFO L272 TraceCheckUtils]: 18: Hoare triple {12671#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12547#true} is VALID [2022-02-20 17:56:05,516 INFO L290 TraceCheckUtils]: 19: Hoare triple {12547#true} ~handle := #in~handle;~value := #in~value; {12547#true} is VALID [2022-02-20 17:56:05,516 INFO L290 TraceCheckUtils]: 20: Hoare triple {12547#true} assume !(1 == ~handle); {12547#true} is VALID [2022-02-20 17:56:05,516 INFO L290 TraceCheckUtils]: 21: Hoare triple {12547#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12547#true} is VALID [2022-02-20 17:56:05,517 INFO L290 TraceCheckUtils]: 22: Hoare triple {12547#true} assume true; {12547#true} is VALID [2022-02-20 17:56:05,517 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12547#true} {12671#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1282#return; {12671#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:56:05,517 INFO L290 TraceCheckUtils]: 24: Hoare triple {12671#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {12671#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:56:05,517 INFO L272 TraceCheckUtils]: 25: Hoare triple {12671#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12547#true} is VALID [2022-02-20 17:56:05,518 INFO L290 TraceCheckUtils]: 26: Hoare triple {12547#true} ~handle := #in~handle;~value := #in~value; {12699#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:56:05,518 INFO L290 TraceCheckUtils]: 27: Hoare triple {12699#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12703#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:05,518 INFO L290 TraceCheckUtils]: 28: Hoare triple {12703#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {12703#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:05,519 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12703#(<= |setClientPrivateKey_#in~handle| 1)} {12671#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1284#return; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L290 TraceCheckUtils]: 30: Hoare triple {12548#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L272 TraceCheckUtils]: 31: Hoare triple {12548#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L290 TraceCheckUtils]: 32: Hoare triple {12548#false} ~handle := #in~handle;~value := #in~value; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L290 TraceCheckUtils]: 33: Hoare triple {12548#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L290 TraceCheckUtils]: 34: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12548#false} {12548#false} #1286#return; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L290 TraceCheckUtils]: 36: Hoare triple {12548#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L272 TraceCheckUtils]: 37: Hoare triple {12548#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L290 TraceCheckUtils]: 38: Hoare triple {12548#false} ~handle := #in~handle;~value := #in~value; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L290 TraceCheckUtils]: 39: Hoare triple {12548#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L290 TraceCheckUtils]: 40: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,519 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12548#false} {12548#false} #1288#return; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 42: Hoare triple {12548#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 43: Hoare triple {12548#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 44: Hoare triple {12548#false} assume !false; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 45: Hoare triple {12548#false} assume test_~splverifierCounter~0#1 < 4; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 46: Hoare triple {12548#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 47: Hoare triple {12548#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 48: Hoare triple {12548#false} assume !(0 != test_~tmp___9~0#1); {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 49: Hoare triple {12548#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 50: Hoare triple {12548#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 51: Hoare triple {12548#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 52: Hoare triple {12548#false} assume { :end_inline_setClientAutoResponse } true; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 53: Hoare triple {12548#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 54: Hoare triple {12548#false} assume !false; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 55: Hoare triple {12548#false} assume !(test_~splverifierCounter~0#1 < 4); {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 56: Hoare triple {12548#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L272 TraceCheckUtils]: 57: Hoare triple {12548#false} call sendEmail(~bob~0, ~rjh~0); {12548#false} is VALID [2022-02-20 17:56:05,520 INFO L290 TraceCheckUtils]: 58: Hoare triple {12548#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L272 TraceCheckUtils]: 59: Hoare triple {12548#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 60: Hoare triple {12548#false} ~handle := #in~handle;~value := #in~value; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 61: Hoare triple {12548#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 62: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {12548#false} {12548#false} #1220#return; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L272 TraceCheckUtils]: 64: Hoare triple {12548#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 65: Hoare triple {12548#false} ~handle := #in~handle;~value := #in~value; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 66: Hoare triple {12548#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 67: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {12548#false} {12548#false} #1222#return; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 69: Hoare triple {12548#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 70: Hoare triple {12548#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L272 TraceCheckUtils]: 71: Hoare triple {12548#false} call outgoing(~sender#1, ~email~0#1); {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 72: Hoare triple {12548#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L272 TraceCheckUtils]: 73: Hoare triple {12548#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 74: Hoare triple {12548#false} ~handle := #in~handle;havoc ~retValue_acc~31; {12548#false} is VALID [2022-02-20 17:56:05,521 INFO L290 TraceCheckUtils]: 75: Hoare triple {12548#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 76: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {12548#false} {12548#false} #1200#return; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 78: Hoare triple {12548#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 79: Hoare triple {12548#false} assume 0 == sign_~privkey~1#1; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 80: Hoare triple {12548#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L272 TraceCheckUtils]: 81: Hoare triple {12548#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 82: Hoare triple {12548#false} ~handle := #in~handle;havoc ~retValue_acc~25; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 83: Hoare triple {12548#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 84: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {12548#false} {12548#false} #1202#return; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 86: Hoare triple {12548#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 87: Hoare triple {12548#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L272 TraceCheckUtils]: 88: Hoare triple {12548#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 89: Hoare triple {12548#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L272 TraceCheckUtils]: 90: Hoare triple {12548#false} call #t~ret19#1 := getEmailTo(~msg#1); {12548#false} is VALID [2022-02-20 17:56:05,522 INFO L290 TraceCheckUtils]: 91: Hoare triple {12548#false} ~handle := #in~handle;havoc ~retValue_acc~10; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 92: Hoare triple {12548#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 93: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {12548#false} {12548#false} #1234#return; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 95: Hoare triple {12548#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L272 TraceCheckUtils]: 96: Hoare triple {12548#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 97: Hoare triple {12548#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 98: Hoare triple {12548#false} assume 1 == ~handle; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 99: Hoare triple {12548#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 100: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {12548#false} {12548#false} #1236#return; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 102: Hoare triple {12548#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 103: Hoare triple {12548#false} assume !(0 != ~pubkey~0#1); {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 104: Hoare triple {12548#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 105: Hoare triple {12548#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 106: Hoare triple {12548#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L272 TraceCheckUtils]: 107: Hoare triple {12548#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {12548#false} is VALID [2022-02-20 17:56:05,523 INFO L290 TraceCheckUtils]: 108: Hoare triple {12548#false} ~handle := #in~handle;~value := #in~value; {12548#false} is VALID [2022-02-20 17:56:05,524 INFO L290 TraceCheckUtils]: 109: Hoare triple {12548#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12548#false} is VALID [2022-02-20 17:56:05,524 INFO L290 TraceCheckUtils]: 110: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,534 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {12548#false} {12548#false} #1242#return; {12548#false} is VALID [2022-02-20 17:56:05,534 INFO L290 TraceCheckUtils]: 112: Hoare triple {12548#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {12548#false} is VALID [2022-02-20 17:56:05,534 INFO L290 TraceCheckUtils]: 113: Hoare triple {12548#false} assume !(-1 == ~mail_is_sensitive~0); {12548#false} is VALID [2022-02-20 17:56:05,534 INFO L272 TraceCheckUtils]: 114: Hoare triple {12548#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {12548#false} is VALID [2022-02-20 17:56:05,534 INFO L290 TraceCheckUtils]: 115: Hoare triple {12548#false} ~handle := #in~handle;havoc ~retValue_acc~13; {12548#false} is VALID [2022-02-20 17:56:05,534 INFO L290 TraceCheckUtils]: 116: Hoare triple {12548#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {12548#false} is VALID [2022-02-20 17:56:05,534 INFO L290 TraceCheckUtils]: 117: Hoare triple {12548#false} assume true; {12548#false} is VALID [2022-02-20 17:56:05,534 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {12548#false} {12548#false} #1246#return; {12548#false} is VALID [2022-02-20 17:56:05,535 INFO L290 TraceCheckUtils]: 119: Hoare triple {12548#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {12548#false} is VALID [2022-02-20 17:56:05,535 INFO L290 TraceCheckUtils]: 120: Hoare triple {12548#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {12548#false} is VALID [2022-02-20 17:56:05,535 INFO L290 TraceCheckUtils]: 121: Hoare triple {12548#false} assume !false; {12548#false} is VALID [2022-02-20 17:56:05,535 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:56:05,535 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:56:05,535 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [290210831] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:05,535 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:56:05,535 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:56:05,535 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [646784663] [2022-02-20 17:56:05,535 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:05,536 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) Word has length 122 [2022-02-20 17:56:05,536 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:05,536 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:05,603 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 116 edges. 116 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:05,603 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:56:05,603 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:05,604 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:56:05,604 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:56:05,604 INFO L87 Difference]: Start difference. First operand 489 states and 752 transitions. Second operand has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:06,680 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:06,680 INFO L93 Difference]: Finished difference Result 967 states and 1493 transitions. [2022-02-20 17:56:06,680 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:56:06,681 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) Word has length 122 [2022-02-20 17:56:06,681 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:06,681 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:06,689 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1249 transitions. [2022-02-20 17:56:06,689 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:06,698 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1249 transitions. [2022-02-20 17:56:06,698 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1249 transitions. [2022-02-20 17:56:07,472 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1249 edges. 1249 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:07,485 INFO L225 Difference]: With dead ends: 967 [2022-02-20 17:56:07,485 INFO L226 Difference]: Without dead ends: 491 [2022-02-20 17:56:07,486 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 156 GetRequests, 142 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:56:07,487 INFO L933 BasicCegarLoop]: 619 mSDtfsCounter, 151 mSDsluCounter, 1680 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 174 SdHoareTripleChecker+Valid, 2299 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:07,487 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [174 Valid, 2299 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:56:07,488 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 491 states. [2022-02-20 17:56:07,581 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 491 to 491. [2022-02-20 17:56:07,581 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:07,583 INFO L82 GeneralOperation]: Start isEquivalent. First operand 491 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 17:56:07,584 INFO L74 IsIncluded]: Start isIncluded. First operand 491 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 17:56:07,585 INFO L87 Difference]: Start difference. First operand 491 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 17:56:07,597 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:07,597 INFO L93 Difference]: Finished difference Result 491 states and 758 transitions. [2022-02-20 17:56:07,597 INFO L276 IsEmpty]: Start isEmpty. Operand 491 states and 758 transitions. [2022-02-20 17:56:07,598 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:07,598 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:07,599 INFO L74 IsIncluded]: Start isIncluded. First operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) Second operand 491 states. [2022-02-20 17:56:07,600 INFO L87 Difference]: Start difference. First operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) Second operand 491 states. [2022-02-20 17:56:07,614 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:07,615 INFO L93 Difference]: Finished difference Result 491 states and 758 transitions. [2022-02-20 17:56:07,615 INFO L276 IsEmpty]: Start isEmpty. Operand 491 states and 758 transitions. [2022-02-20 17:56:07,616 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:07,616 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:07,616 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:07,616 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:07,617 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 17:56:07,632 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 491 states to 491 states and 758 transitions. [2022-02-20 17:56:07,633 INFO L78 Accepts]: Start accepts. Automaton has 491 states and 758 transitions. Word has length 122 [2022-02-20 17:56:07,633 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:07,634 INFO L470 AbstractCegarLoop]: Abstraction has 491 states and 758 transitions. [2022-02-20 17:56:07,634 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 17.0) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (17), 2 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:07,634 INFO L276 IsEmpty]: Start isEmpty. Operand 491 states and 758 transitions. [2022-02-20 17:56:07,637 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 124 [2022-02-20 17:56:07,637 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:07,637 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:07,656 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:56:07,843 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:56:07,843 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:07,844 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:07,844 INFO L85 PathProgramCache]: Analyzing trace with hash -20354496, now seen corresponding path program 1 times [2022-02-20 17:56:07,844 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:07,844 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [821516072] [2022-02-20 17:56:07,844 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:07,844 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:07,870 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,891 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:07,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,896 INFO L290 TraceCheckUtils]: 0: Hoare triple {16040#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,896 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,896 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,896 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15978#true} #1278#return; {15978#true} is VALID [2022-02-20 17:56:07,901 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:07,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,907 INFO L290 TraceCheckUtils]: 0: Hoare triple {16041#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,907 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,907 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,907 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15978#true} #1280#return; {15978#true} is VALID [2022-02-20 17:56:07,907 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:07,909 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {16040#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume !(1 == ~handle); {15978#true} is VALID [2022-02-20 17:56:07,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,911 INFO L290 TraceCheckUtils]: 3: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,911 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15978#true} {15978#true} #1282#return; {15978#true} is VALID [2022-02-20 17:56:07,911 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:07,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,915 INFO L290 TraceCheckUtils]: 0: Hoare triple {16041#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,915 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume !(1 == ~handle); {15978#true} is VALID [2022-02-20 17:56:07,915 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,916 INFO L290 TraceCheckUtils]: 3: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,916 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15978#true} {15978#true} #1284#return; {15978#true} is VALID [2022-02-20 17:56:07,916 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:07,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,934 INFO L290 TraceCheckUtils]: 0: Hoare triple {16040#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16042#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:07,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {16042#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16043#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:07,935 INFO L290 TraceCheckUtils]: 2: Hoare triple {16043#(= |setClientId_#in~handle| 1)} assume true; {16043#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:07,935 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16043#(= |setClientId_#in~handle| 1)} {15998#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1286#return; {15979#false} is VALID [2022-02-20 17:56:07,936 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:56:07,937 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,939 INFO L290 TraceCheckUtils]: 0: Hoare triple {16041#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,939 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,939 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,939 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15979#false} #1288#return; {15979#false} is VALID [2022-02-20 17:56:07,945 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:56:07,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {16044#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,948 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,948 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15979#false} #1220#return; {15979#false} is VALID [2022-02-20 17:56:07,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:56:07,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,957 INFO L290 TraceCheckUtils]: 0: Hoare triple {16045#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,957 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,957 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15979#false} #1222#return; {15979#false} is VALID [2022-02-20 17:56:07,958 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:56:07,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,960 INFO L290 TraceCheckUtils]: 0: Hoare triple {15978#true} ~handle := #in~handle;havoc ~retValue_acc~31; {15978#true} is VALID [2022-02-20 17:56:07,960 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {15978#true} is VALID [2022-02-20 17:56:07,960 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,960 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15979#false} #1200#return; {15979#false} is VALID [2022-02-20 17:56:07,960 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:56:07,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {15978#true} ~handle := #in~handle;havoc ~retValue_acc~25; {15978#true} is VALID [2022-02-20 17:56:07,962 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {15978#true} is VALID [2022-02-20 17:56:07,962 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,962 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15979#false} #1202#return; {15979#false} is VALID [2022-02-20 17:56:07,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:56:07,963 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {15978#true} ~handle := #in~handle;havoc ~retValue_acc~10; {15978#true} is VALID [2022-02-20 17:56:07,965 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {15978#true} is VALID [2022-02-20 17:56:07,965 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,965 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15979#false} #1234#return; {15979#false} is VALID [2022-02-20 17:56:07,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:56:07,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {15978#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {15978#true} is VALID [2022-02-20 17:56:07,968 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle; {15978#true} is VALID [2022-02-20 17:56:07,968 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {15978#true} is VALID [2022-02-20 17:56:07,968 INFO L290 TraceCheckUtils]: 3: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,968 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {15978#true} {15979#false} #1236#return; {15979#false} is VALID [2022-02-20 17:56:07,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:56:07,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,971 INFO L290 TraceCheckUtils]: 0: Hoare triple {16044#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,971 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,971 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,971 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15979#false} #1242#return; {15979#false} is VALID [2022-02-20 17:56:07,971 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:56:07,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:07,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {15978#true} ~handle := #in~handle;havoc ~retValue_acc~13; {15978#true} is VALID [2022-02-20 17:56:07,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {15978#true} is VALID [2022-02-20 17:56:07,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,973 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15978#true} {15979#false} #1246#return; {15979#false} is VALID [2022-02-20 17:56:07,974 INFO L290 TraceCheckUtils]: 0: Hoare triple {15978#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {15978#true} is VALID [2022-02-20 17:56:07,974 INFO L290 TraceCheckUtils]: 1: Hoare triple {15978#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {15978#true} is VALID [2022-02-20 17:56:07,974 INFO L290 TraceCheckUtils]: 2: Hoare triple {15978#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {15978#true} is VALID [2022-02-20 17:56:07,974 INFO L290 TraceCheckUtils]: 3: Hoare triple {15978#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {15978#true} is VALID [2022-02-20 17:56:07,974 INFO L290 TraceCheckUtils]: 4: Hoare triple {15978#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {15978#true} is VALID [2022-02-20 17:56:07,974 INFO L290 TraceCheckUtils]: 5: Hoare triple {15978#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {15978#true} is VALID [2022-02-20 17:56:07,975 INFO L272 TraceCheckUtils]: 6: Hoare triple {15978#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16040#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:07,975 INFO L290 TraceCheckUtils]: 7: Hoare triple {16040#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,976 INFO L290 TraceCheckUtils]: 8: Hoare triple {15978#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,976 INFO L290 TraceCheckUtils]: 9: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,976 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {15978#true} {15978#true} #1278#return; {15978#true} is VALID [2022-02-20 17:56:07,976 INFO L290 TraceCheckUtils]: 11: Hoare triple {15978#true} assume { :end_inline_setup_bob__wrappee__Base } true; {15978#true} is VALID [2022-02-20 17:56:07,977 INFO L272 TraceCheckUtils]: 12: Hoare triple {15978#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16041#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:07,977 INFO L290 TraceCheckUtils]: 13: Hoare triple {16041#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,977 INFO L290 TraceCheckUtils]: 14: Hoare triple {15978#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,977 INFO L290 TraceCheckUtils]: 15: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,977 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {15978#true} {15978#true} #1280#return; {15978#true} is VALID [2022-02-20 17:56:07,977 INFO L290 TraceCheckUtils]: 17: Hoare triple {15978#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {15978#true} is VALID [2022-02-20 17:56:07,978 INFO L272 TraceCheckUtils]: 18: Hoare triple {15978#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16040#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:07,978 INFO L290 TraceCheckUtils]: 19: Hoare triple {16040#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,978 INFO L290 TraceCheckUtils]: 20: Hoare triple {15978#true} assume !(1 == ~handle); {15978#true} is VALID [2022-02-20 17:56:07,978 INFO L290 TraceCheckUtils]: 21: Hoare triple {15978#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,979 INFO L290 TraceCheckUtils]: 22: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,979 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {15978#true} {15978#true} #1282#return; {15978#true} is VALID [2022-02-20 17:56:07,979 INFO L290 TraceCheckUtils]: 24: Hoare triple {15978#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {15978#true} is VALID [2022-02-20 17:56:07,979 INFO L272 TraceCheckUtils]: 25: Hoare triple {15978#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16041#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:07,980 INFO L290 TraceCheckUtils]: 26: Hoare triple {16041#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,980 INFO L290 TraceCheckUtils]: 27: Hoare triple {15978#true} assume !(1 == ~handle); {15978#true} is VALID [2022-02-20 17:56:07,980 INFO L290 TraceCheckUtils]: 28: Hoare triple {15978#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,980 INFO L290 TraceCheckUtils]: 29: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,980 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15978#true} {15978#true} #1284#return; {15978#true} is VALID [2022-02-20 17:56:07,980 INFO L290 TraceCheckUtils]: 31: Hoare triple {15978#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {15998#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:07,981 INFO L272 TraceCheckUtils]: 32: Hoare triple {15998#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16040#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:07,981 INFO L290 TraceCheckUtils]: 33: Hoare triple {16040#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16042#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:07,982 INFO L290 TraceCheckUtils]: 34: Hoare triple {16042#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16043#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:07,982 INFO L290 TraceCheckUtils]: 35: Hoare triple {16043#(= |setClientId_#in~handle| 1)} assume true; {16043#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:56:07,983 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {16043#(= |setClientId_#in~handle| 1)} {15998#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1286#return; {15979#false} is VALID [2022-02-20 17:56:07,983 INFO L290 TraceCheckUtils]: 37: Hoare triple {15979#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {15979#false} is VALID [2022-02-20 17:56:07,983 INFO L272 TraceCheckUtils]: 38: Hoare triple {15979#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16041#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:07,983 INFO L290 TraceCheckUtils]: 39: Hoare triple {16041#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,983 INFO L290 TraceCheckUtils]: 40: Hoare triple {15978#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,983 INFO L290 TraceCheckUtils]: 41: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,983 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {15978#true} {15979#false} #1288#return; {15979#false} is VALID [2022-02-20 17:56:07,984 INFO L290 TraceCheckUtils]: 43: Hoare triple {15979#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {15979#false} is VALID [2022-02-20 17:56:07,984 INFO L290 TraceCheckUtils]: 44: Hoare triple {15979#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {15979#false} is VALID [2022-02-20 17:56:07,984 INFO L290 TraceCheckUtils]: 45: Hoare triple {15979#false} assume !false; {15979#false} is VALID [2022-02-20 17:56:07,984 INFO L290 TraceCheckUtils]: 46: Hoare triple {15979#false} assume test_~splverifierCounter~0#1 < 4; {15979#false} is VALID [2022-02-20 17:56:07,984 INFO L290 TraceCheckUtils]: 47: Hoare triple {15979#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {15979#false} is VALID [2022-02-20 17:56:07,984 INFO L290 TraceCheckUtils]: 48: Hoare triple {15979#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {15979#false} is VALID [2022-02-20 17:56:07,984 INFO L290 TraceCheckUtils]: 49: Hoare triple {15979#false} assume !(0 != test_~tmp___9~0#1); {15979#false} is VALID [2022-02-20 17:56:07,985 INFO L290 TraceCheckUtils]: 50: Hoare triple {15979#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {15979#false} is VALID [2022-02-20 17:56:07,985 INFO L290 TraceCheckUtils]: 51: Hoare triple {15979#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {15979#false} is VALID [2022-02-20 17:56:07,985 INFO L290 TraceCheckUtils]: 52: Hoare triple {15979#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {15979#false} is VALID [2022-02-20 17:56:07,985 INFO L290 TraceCheckUtils]: 53: Hoare triple {15979#false} assume { :end_inline_setClientAutoResponse } true; {15979#false} is VALID [2022-02-20 17:56:07,985 INFO L290 TraceCheckUtils]: 54: Hoare triple {15979#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {15979#false} is VALID [2022-02-20 17:56:07,985 INFO L290 TraceCheckUtils]: 55: Hoare triple {15979#false} assume !false; {15979#false} is VALID [2022-02-20 17:56:07,985 INFO L290 TraceCheckUtils]: 56: Hoare triple {15979#false} assume !(test_~splverifierCounter~0#1 < 4); {15979#false} is VALID [2022-02-20 17:56:07,985 INFO L290 TraceCheckUtils]: 57: Hoare triple {15979#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {15979#false} is VALID [2022-02-20 17:56:07,986 INFO L272 TraceCheckUtils]: 58: Hoare triple {15979#false} call sendEmail(~bob~0, ~rjh~0); {15979#false} is VALID [2022-02-20 17:56:07,986 INFO L290 TraceCheckUtils]: 59: Hoare triple {15979#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {15979#false} is VALID [2022-02-20 17:56:07,986 INFO L272 TraceCheckUtils]: 60: Hoare triple {15979#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16044#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:07,986 INFO L290 TraceCheckUtils]: 61: Hoare triple {16044#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,986 INFO L290 TraceCheckUtils]: 62: Hoare triple {15978#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,986 INFO L290 TraceCheckUtils]: 63: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,986 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {15978#true} {15979#false} #1220#return; {15979#false} is VALID [2022-02-20 17:56:07,986 INFO L272 TraceCheckUtils]: 65: Hoare triple {15979#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {16045#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:07,987 INFO L290 TraceCheckUtils]: 66: Hoare triple {16045#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,987 INFO L290 TraceCheckUtils]: 67: Hoare triple {15978#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,987 INFO L290 TraceCheckUtils]: 68: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,987 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {15978#true} {15979#false} #1222#return; {15979#false} is VALID [2022-02-20 17:56:07,987 INFO L290 TraceCheckUtils]: 70: Hoare triple {15979#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {15979#false} is VALID [2022-02-20 17:56:07,987 INFO L290 TraceCheckUtils]: 71: Hoare triple {15979#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {15979#false} is VALID [2022-02-20 17:56:07,987 INFO L272 TraceCheckUtils]: 72: Hoare triple {15979#false} call outgoing(~sender#1, ~email~0#1); {15979#false} is VALID [2022-02-20 17:56:07,987 INFO L290 TraceCheckUtils]: 73: Hoare triple {15979#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {15979#false} is VALID [2022-02-20 17:56:07,987 INFO L272 TraceCheckUtils]: 74: Hoare triple {15979#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {15978#true} is VALID [2022-02-20 17:56:07,988 INFO L290 TraceCheckUtils]: 75: Hoare triple {15978#true} ~handle := #in~handle;havoc ~retValue_acc~31; {15978#true} is VALID [2022-02-20 17:56:07,988 INFO L290 TraceCheckUtils]: 76: Hoare triple {15978#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {15978#true} is VALID [2022-02-20 17:56:07,988 INFO L290 TraceCheckUtils]: 77: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,988 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {15978#true} {15979#false} #1200#return; {15979#false} is VALID [2022-02-20 17:56:07,988 INFO L290 TraceCheckUtils]: 79: Hoare triple {15979#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {15979#false} is VALID [2022-02-20 17:56:07,988 INFO L290 TraceCheckUtils]: 80: Hoare triple {15979#false} assume 0 == sign_~privkey~1#1; {15979#false} is VALID [2022-02-20 17:56:07,988 INFO L290 TraceCheckUtils]: 81: Hoare triple {15979#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {15979#false} is VALID [2022-02-20 17:56:07,988 INFO L272 TraceCheckUtils]: 82: Hoare triple {15979#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {15978#true} is VALID [2022-02-20 17:56:07,989 INFO L290 TraceCheckUtils]: 83: Hoare triple {15978#true} ~handle := #in~handle;havoc ~retValue_acc~25; {15978#true} is VALID [2022-02-20 17:56:07,989 INFO L290 TraceCheckUtils]: 84: Hoare triple {15978#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {15978#true} is VALID [2022-02-20 17:56:07,989 INFO L290 TraceCheckUtils]: 85: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,989 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {15978#true} {15979#false} #1202#return; {15979#false} is VALID [2022-02-20 17:56:07,989 INFO L290 TraceCheckUtils]: 87: Hoare triple {15979#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {15979#false} is VALID [2022-02-20 17:56:07,989 INFO L290 TraceCheckUtils]: 88: Hoare triple {15979#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {15979#false} is VALID [2022-02-20 17:56:07,989 INFO L272 TraceCheckUtils]: 89: Hoare triple {15979#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {15979#false} is VALID [2022-02-20 17:56:07,989 INFO L290 TraceCheckUtils]: 90: Hoare triple {15979#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {15979#false} is VALID [2022-02-20 17:56:07,990 INFO L272 TraceCheckUtils]: 91: Hoare triple {15979#false} call #t~ret19#1 := getEmailTo(~msg#1); {15978#true} is VALID [2022-02-20 17:56:07,990 INFO L290 TraceCheckUtils]: 92: Hoare triple {15978#true} ~handle := #in~handle;havoc ~retValue_acc~10; {15978#true} is VALID [2022-02-20 17:56:07,990 INFO L290 TraceCheckUtils]: 93: Hoare triple {15978#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {15978#true} is VALID [2022-02-20 17:56:07,990 INFO L290 TraceCheckUtils]: 94: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,990 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {15978#true} {15979#false} #1234#return; {15979#false} is VALID [2022-02-20 17:56:07,990 INFO L290 TraceCheckUtils]: 96: Hoare triple {15979#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {15979#false} is VALID [2022-02-20 17:56:07,990 INFO L272 TraceCheckUtils]: 97: Hoare triple {15979#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {15978#true} is VALID [2022-02-20 17:56:07,990 INFO L290 TraceCheckUtils]: 98: Hoare triple {15978#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {15978#true} is VALID [2022-02-20 17:56:07,990 INFO L290 TraceCheckUtils]: 99: Hoare triple {15978#true} assume 1 == ~handle; {15978#true} is VALID [2022-02-20 17:56:07,991 INFO L290 TraceCheckUtils]: 100: Hoare triple {15978#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {15978#true} is VALID [2022-02-20 17:56:07,991 INFO L290 TraceCheckUtils]: 101: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,991 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {15978#true} {15979#false} #1236#return; {15979#false} is VALID [2022-02-20 17:56:07,991 INFO L290 TraceCheckUtils]: 103: Hoare triple {15979#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {15979#false} is VALID [2022-02-20 17:56:07,991 INFO L290 TraceCheckUtils]: 104: Hoare triple {15979#false} assume !(0 != ~pubkey~0#1); {15979#false} is VALID [2022-02-20 17:56:07,991 INFO L290 TraceCheckUtils]: 105: Hoare triple {15979#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {15979#false} is VALID [2022-02-20 17:56:07,991 INFO L290 TraceCheckUtils]: 106: Hoare triple {15979#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {15979#false} is VALID [2022-02-20 17:56:07,991 INFO L290 TraceCheckUtils]: 107: Hoare triple {15979#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {15979#false} is VALID [2022-02-20 17:56:07,992 INFO L272 TraceCheckUtils]: 108: Hoare triple {15979#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {16044#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:07,992 INFO L290 TraceCheckUtils]: 109: Hoare triple {16044#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {15978#true} is VALID [2022-02-20 17:56:07,992 INFO L290 TraceCheckUtils]: 110: Hoare triple {15978#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {15978#true} is VALID [2022-02-20 17:56:07,992 INFO L290 TraceCheckUtils]: 111: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,992 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {15978#true} {15979#false} #1242#return; {15979#false} is VALID [2022-02-20 17:56:07,992 INFO L290 TraceCheckUtils]: 113: Hoare triple {15979#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {15979#false} is VALID [2022-02-20 17:56:07,992 INFO L290 TraceCheckUtils]: 114: Hoare triple {15979#false} assume !(-1 == ~mail_is_sensitive~0); {15979#false} is VALID [2022-02-20 17:56:07,992 INFO L272 TraceCheckUtils]: 115: Hoare triple {15979#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {15978#true} is VALID [2022-02-20 17:56:07,993 INFO L290 TraceCheckUtils]: 116: Hoare triple {15978#true} ~handle := #in~handle;havoc ~retValue_acc~13; {15978#true} is VALID [2022-02-20 17:56:07,993 INFO L290 TraceCheckUtils]: 117: Hoare triple {15978#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {15978#true} is VALID [2022-02-20 17:56:07,993 INFO L290 TraceCheckUtils]: 118: Hoare triple {15978#true} assume true; {15978#true} is VALID [2022-02-20 17:56:07,993 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {15978#true} {15979#false} #1246#return; {15979#false} is VALID [2022-02-20 17:56:07,993 INFO L290 TraceCheckUtils]: 120: Hoare triple {15979#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {15979#false} is VALID [2022-02-20 17:56:07,993 INFO L290 TraceCheckUtils]: 121: Hoare triple {15979#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {15979#false} is VALID [2022-02-20 17:56:07,993 INFO L290 TraceCheckUtils]: 122: Hoare triple {15979#false} assume !false; {15979#false} is VALID [2022-02-20 17:56:07,994 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:56:07,994 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:07,994 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [821516072] [2022-02-20 17:56:07,994 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [821516072] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:07,994 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:07,994 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:56:07,994 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1914558827] [2022-02-20 17:56:07,995 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:07,996 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 123 [2022-02-20 17:56:07,996 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:07,996 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:08,069 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 112 edges. 112 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:08,070 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:56:08,070 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:08,070 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:56:08,071 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:56:08,071 INFO L87 Difference]: Start difference. First operand 491 states and 758 transitions. Second operand has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:16,297 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:16,297 INFO L93 Difference]: Finished difference Result 1093 states and 1709 transitions. [2022-02-20 17:56:16,297 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:56:16,298 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 123 [2022-02-20 17:56:16,298 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:16,298 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:16,316 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1457 transitions. [2022-02-20 17:56:16,316 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:16,360 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1457 transitions. [2022-02-20 17:56:16,361 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1457 transitions. [2022-02-20 17:56:17,534 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1457 edges. 1457 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:17,559 INFO L225 Difference]: With dead ends: 1093 [2022-02-20 17:56:17,560 INFO L226 Difference]: Without dead ends: 625 [2022-02-20 17:56:17,561 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:56:17,562 INFO L933 BasicCegarLoop]: 694 mSDtfsCounter, 1552 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2308 mSolverCounterSat, 567 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1572 SdHoareTripleChecker+Valid, 1680 SdHoareTripleChecker+Invalid, 2875 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 567 IncrementalHoareTripleChecker+Valid, 2308 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.7s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:17,562 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1572 Valid, 1680 Invalid, 2875 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [567 Valid, 2308 Invalid, 0 Unknown, 0 Unchecked, 3.7s Time] [2022-02-20 17:56:17,564 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 625 states. [2022-02-20 17:56:17,665 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 625 to 491. [2022-02-20 17:56:17,665 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:17,667 INFO L82 GeneralOperation]: Start isEquivalent. First operand 625 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) [2022-02-20 17:56:17,669 INFO L74 IsIncluded]: Start isIncluded. First operand 625 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) [2022-02-20 17:56:17,671 INFO L87 Difference]: Start difference. First operand 625 states. Second operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) [2022-02-20 17:56:17,693 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:17,693 INFO L93 Difference]: Finished difference Result 625 states and 982 transitions. [2022-02-20 17:56:17,693 INFO L276 IsEmpty]: Start isEmpty. Operand 625 states and 982 transitions. [2022-02-20 17:56:17,696 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:17,697 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:17,698 INFO L74 IsIncluded]: Start isIncluded. First operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) Second operand 625 states. [2022-02-20 17:56:17,699 INFO L87 Difference]: Start difference. First operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) Second operand 625 states. [2022-02-20 17:56:17,720 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:17,720 INFO L93 Difference]: Finished difference Result 625 states and 982 transitions. [2022-02-20 17:56:17,720 INFO L276 IsEmpty]: Start isEmpty. Operand 625 states and 982 transitions. [2022-02-20 17:56:17,723 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:17,723 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:17,724 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:17,724 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:17,737 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 491 states, 381 states have (on average 1.5590551181102361) internal successors, (594), 387 states have internal predecessors, (594), 79 states have call successors, (79), 28 states have call predecessors, (79), 30 states have return successors, (84), 77 states have call predecessors, (84), 78 states have call successors, (84) [2022-02-20 17:56:17,752 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 491 states to 491 states and 757 transitions. [2022-02-20 17:56:17,752 INFO L78 Accepts]: Start accepts. Automaton has 491 states and 757 transitions. Word has length 123 [2022-02-20 17:56:17,752 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:17,752 INFO L470 AbstractCegarLoop]: Abstraction has 491 states and 757 transitions. [2022-02-20 17:56:17,753 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.125) internal successors, (81), 5 states have internal predecessors, (81), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:17,753 INFO L276 IsEmpty]: Start isEmpty. Operand 491 states and 757 transitions. [2022-02-20 17:56:17,755 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 125 [2022-02-20 17:56:17,755 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:17,755 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:17,756 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:56:17,756 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:17,756 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:17,756 INFO L85 PathProgramCache]: Analyzing trace with hash -2021439229, now seen corresponding path program 2 times [2022-02-20 17:56:17,756 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:17,756 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [451438016] [2022-02-20 17:56:17,757 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:17,757 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:17,784 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,804 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:17,805 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,807 INFO L290 TraceCheckUtils]: 0: Hoare triple {19579#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,807 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,807 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,807 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19516#true} #1278#return; {19516#true} is VALID [2022-02-20 17:56:17,812 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:17,813 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,815 INFO L290 TraceCheckUtils]: 0: Hoare triple {19580#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,815 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,815 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,815 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19516#true} #1280#return; {19516#true} is VALID [2022-02-20 17:56:17,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:17,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,819 INFO L290 TraceCheckUtils]: 0: Hoare triple {19579#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,819 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume !(1 == ~handle); {19516#true} is VALID [2022-02-20 17:56:17,819 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,819 INFO L290 TraceCheckUtils]: 3: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,819 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19516#true} {19516#true} #1282#return; {19516#true} is VALID [2022-02-20 17:56:17,819 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:17,822 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,823 INFO L290 TraceCheckUtils]: 0: Hoare triple {19580#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,823 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume !(1 == ~handle); {19516#true} is VALID [2022-02-20 17:56:17,824 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,824 INFO L290 TraceCheckUtils]: 3: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,824 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19516#true} {19516#true} #1284#return; {19516#true} is VALID [2022-02-20 17:56:17,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:17,825 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,836 INFO L290 TraceCheckUtils]: 0: Hoare triple {19579#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19581#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,837 INFO L290 TraceCheckUtils]: 1: Hoare triple {19581#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19581#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,837 INFO L290 TraceCheckUtils]: 2: Hoare triple {19581#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19582#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,837 INFO L290 TraceCheckUtils]: 3: Hoare triple {19582#(= 2 |setClientId_#in~handle|)} assume true; {19582#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,838 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19582#(= 2 |setClientId_#in~handle|)} {19536#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1286#return; {19517#false} is VALID [2022-02-20 17:56:17,838 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:56:17,840 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,843 INFO L290 TraceCheckUtils]: 0: Hoare triple {19580#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,843 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,844 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,844 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19517#false} #1288#return; {19517#false} is VALID [2022-02-20 17:56:17,849 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:56:17,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {19583#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,851 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,852 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19517#false} #1220#return; {19517#false} is VALID [2022-02-20 17:56:17,857 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:56:17,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,859 INFO L290 TraceCheckUtils]: 0: Hoare triple {19584#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,860 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,860 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,860 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19517#false} #1222#return; {19517#false} is VALID [2022-02-20 17:56:17,860 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:56:17,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {19516#true} ~handle := #in~handle;havoc ~retValue_acc~31; {19516#true} is VALID [2022-02-20 17:56:17,863 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {19516#true} is VALID [2022-02-20 17:56:17,863 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,863 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19517#false} #1200#return; {19517#false} is VALID [2022-02-20 17:56:17,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:56:17,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,868 INFO L290 TraceCheckUtils]: 0: Hoare triple {19516#true} ~handle := #in~handle;havoc ~retValue_acc~25; {19516#true} is VALID [2022-02-20 17:56:17,868 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {19516#true} is VALID [2022-02-20 17:56:17,868 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,868 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19517#false} #1202#return; {19517#false} is VALID [2022-02-20 17:56:17,869 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:56:17,869 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,871 INFO L290 TraceCheckUtils]: 0: Hoare triple {19516#true} ~handle := #in~handle;havoc ~retValue_acc~10; {19516#true} is VALID [2022-02-20 17:56:17,871 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {19516#true} is VALID [2022-02-20 17:56:17,871 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,871 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19517#false} #1234#return; {19517#false} is VALID [2022-02-20 17:56:17,871 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:56:17,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,874 INFO L290 TraceCheckUtils]: 0: Hoare triple {19516#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {19516#true} is VALID [2022-02-20 17:56:17,874 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle; {19516#true} is VALID [2022-02-20 17:56:17,874 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {19516#true} is VALID [2022-02-20 17:56:17,874 INFO L290 TraceCheckUtils]: 3: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,874 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19516#true} {19517#false} #1236#return; {19517#false} is VALID [2022-02-20 17:56:17,875 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:56:17,875 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,877 INFO L290 TraceCheckUtils]: 0: Hoare triple {19583#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,877 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,877 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,877 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19517#false} #1242#return; {19517#false} is VALID [2022-02-20 17:56:17,877 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 17:56:17,878 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:17,880 INFO L290 TraceCheckUtils]: 0: Hoare triple {19516#true} ~handle := #in~handle;havoc ~retValue_acc~13; {19516#true} is VALID [2022-02-20 17:56:17,880 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {19516#true} is VALID [2022-02-20 17:56:17,880 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,880 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19516#true} {19517#false} #1246#return; {19517#false} is VALID [2022-02-20 17:56:17,881 INFO L290 TraceCheckUtils]: 0: Hoare triple {19516#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {19516#true} is VALID [2022-02-20 17:56:17,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {19516#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {19516#true} is VALID [2022-02-20 17:56:17,881 INFO L290 TraceCheckUtils]: 2: Hoare triple {19516#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19516#true} is VALID [2022-02-20 17:56:17,881 INFO L290 TraceCheckUtils]: 3: Hoare triple {19516#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {19516#true} is VALID [2022-02-20 17:56:17,881 INFO L290 TraceCheckUtils]: 4: Hoare triple {19516#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {19516#true} is VALID [2022-02-20 17:56:17,881 INFO L290 TraceCheckUtils]: 5: Hoare triple {19516#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19516#true} is VALID [2022-02-20 17:56:17,882 INFO L272 TraceCheckUtils]: 6: Hoare triple {19516#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19579#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:17,882 INFO L290 TraceCheckUtils]: 7: Hoare triple {19579#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,882 INFO L290 TraceCheckUtils]: 8: Hoare triple {19516#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,883 INFO L290 TraceCheckUtils]: 9: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,883 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19516#true} {19516#true} #1278#return; {19516#true} is VALID [2022-02-20 17:56:17,883 INFO L290 TraceCheckUtils]: 11: Hoare triple {19516#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19516#true} is VALID [2022-02-20 17:56:17,883 INFO L272 TraceCheckUtils]: 12: Hoare triple {19516#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19580#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:17,884 INFO L290 TraceCheckUtils]: 13: Hoare triple {19580#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,884 INFO L290 TraceCheckUtils]: 14: Hoare triple {19516#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,884 INFO L290 TraceCheckUtils]: 15: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,884 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19516#true} {19516#true} #1280#return; {19516#true} is VALID [2022-02-20 17:56:17,884 INFO L290 TraceCheckUtils]: 17: Hoare triple {19516#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19516#true} is VALID [2022-02-20 17:56:17,885 INFO L272 TraceCheckUtils]: 18: Hoare triple {19516#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19579#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:17,885 INFO L290 TraceCheckUtils]: 19: Hoare triple {19579#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,885 INFO L290 TraceCheckUtils]: 20: Hoare triple {19516#true} assume !(1 == ~handle); {19516#true} is VALID [2022-02-20 17:56:17,885 INFO L290 TraceCheckUtils]: 21: Hoare triple {19516#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,885 INFO L290 TraceCheckUtils]: 22: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,886 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19516#true} {19516#true} #1282#return; {19516#true} is VALID [2022-02-20 17:56:17,886 INFO L290 TraceCheckUtils]: 24: Hoare triple {19516#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19516#true} is VALID [2022-02-20 17:56:17,886 INFO L272 TraceCheckUtils]: 25: Hoare triple {19516#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19580#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:17,886 INFO L290 TraceCheckUtils]: 26: Hoare triple {19580#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,887 INFO L290 TraceCheckUtils]: 27: Hoare triple {19516#true} assume !(1 == ~handle); {19516#true} is VALID [2022-02-20 17:56:17,887 INFO L290 TraceCheckUtils]: 28: Hoare triple {19516#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,887 INFO L290 TraceCheckUtils]: 29: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,888 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19516#true} {19516#true} #1284#return; {19516#true} is VALID [2022-02-20 17:56:17,888 INFO L290 TraceCheckUtils]: 31: Hoare triple {19516#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19536#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:17,889 INFO L272 TraceCheckUtils]: 32: Hoare triple {19536#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19579#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:17,889 INFO L290 TraceCheckUtils]: 33: Hoare triple {19579#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19581#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,889 INFO L290 TraceCheckUtils]: 34: Hoare triple {19581#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19581#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,890 INFO L290 TraceCheckUtils]: 35: Hoare triple {19581#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19582#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,890 INFO L290 TraceCheckUtils]: 36: Hoare triple {19582#(= 2 |setClientId_#in~handle|)} assume true; {19582#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:17,891 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {19582#(= 2 |setClientId_#in~handle|)} {19536#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1286#return; {19517#false} is VALID [2022-02-20 17:56:17,891 INFO L290 TraceCheckUtils]: 38: Hoare triple {19517#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {19517#false} is VALID [2022-02-20 17:56:17,891 INFO L272 TraceCheckUtils]: 39: Hoare triple {19517#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19580#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:17,891 INFO L290 TraceCheckUtils]: 40: Hoare triple {19580#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,891 INFO L290 TraceCheckUtils]: 41: Hoare triple {19516#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,891 INFO L290 TraceCheckUtils]: 42: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,891 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {19516#true} {19517#false} #1288#return; {19517#false} is VALID [2022-02-20 17:56:17,892 INFO L290 TraceCheckUtils]: 44: Hoare triple {19517#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {19517#false} is VALID [2022-02-20 17:56:17,892 INFO L290 TraceCheckUtils]: 45: Hoare triple {19517#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19517#false} is VALID [2022-02-20 17:56:17,892 INFO L290 TraceCheckUtils]: 46: Hoare triple {19517#false} assume !false; {19517#false} is VALID [2022-02-20 17:56:17,892 INFO L290 TraceCheckUtils]: 47: Hoare triple {19517#false} assume test_~splverifierCounter~0#1 < 4; {19517#false} is VALID [2022-02-20 17:56:17,892 INFO L290 TraceCheckUtils]: 48: Hoare triple {19517#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19517#false} is VALID [2022-02-20 17:56:17,892 INFO L290 TraceCheckUtils]: 49: Hoare triple {19517#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {19517#false} is VALID [2022-02-20 17:56:17,892 INFO L290 TraceCheckUtils]: 50: Hoare triple {19517#false} assume !(0 != test_~tmp___9~0#1); {19517#false} is VALID [2022-02-20 17:56:17,892 INFO L290 TraceCheckUtils]: 51: Hoare triple {19517#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {19517#false} is VALID [2022-02-20 17:56:17,893 INFO L290 TraceCheckUtils]: 52: Hoare triple {19517#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {19517#false} is VALID [2022-02-20 17:56:17,893 INFO L290 TraceCheckUtils]: 53: Hoare triple {19517#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {19517#false} is VALID [2022-02-20 17:56:17,893 INFO L290 TraceCheckUtils]: 54: Hoare triple {19517#false} assume { :end_inline_setClientAutoResponse } true; {19517#false} is VALID [2022-02-20 17:56:17,893 INFO L290 TraceCheckUtils]: 55: Hoare triple {19517#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {19517#false} is VALID [2022-02-20 17:56:17,893 INFO L290 TraceCheckUtils]: 56: Hoare triple {19517#false} assume !false; {19517#false} is VALID [2022-02-20 17:56:17,893 INFO L290 TraceCheckUtils]: 57: Hoare triple {19517#false} assume !(test_~splverifierCounter~0#1 < 4); {19517#false} is VALID [2022-02-20 17:56:17,893 INFO L290 TraceCheckUtils]: 58: Hoare triple {19517#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {19517#false} is VALID [2022-02-20 17:56:17,893 INFO L272 TraceCheckUtils]: 59: Hoare triple {19517#false} call sendEmail(~bob~0, ~rjh~0); {19517#false} is VALID [2022-02-20 17:56:17,894 INFO L290 TraceCheckUtils]: 60: Hoare triple {19517#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19517#false} is VALID [2022-02-20 17:56:17,894 INFO L272 TraceCheckUtils]: 61: Hoare triple {19517#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19583#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:17,894 INFO L290 TraceCheckUtils]: 62: Hoare triple {19583#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,894 INFO L290 TraceCheckUtils]: 63: Hoare triple {19516#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,894 INFO L290 TraceCheckUtils]: 64: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,894 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {19516#true} {19517#false} #1220#return; {19517#false} is VALID [2022-02-20 17:56:17,894 INFO L272 TraceCheckUtils]: 66: Hoare triple {19517#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19584#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:17,895 INFO L290 TraceCheckUtils]: 67: Hoare triple {19584#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,895 INFO L290 TraceCheckUtils]: 68: Hoare triple {19516#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,895 INFO L290 TraceCheckUtils]: 69: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,895 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {19516#true} {19517#false} #1222#return; {19517#false} is VALID [2022-02-20 17:56:17,895 INFO L290 TraceCheckUtils]: 71: Hoare triple {19517#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {19517#false} is VALID [2022-02-20 17:56:17,895 INFO L290 TraceCheckUtils]: 72: Hoare triple {19517#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {19517#false} is VALID [2022-02-20 17:56:17,895 INFO L272 TraceCheckUtils]: 73: Hoare triple {19517#false} call outgoing(~sender#1, ~email~0#1); {19517#false} is VALID [2022-02-20 17:56:17,896 INFO L290 TraceCheckUtils]: 74: Hoare triple {19517#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {19517#false} is VALID [2022-02-20 17:56:17,896 INFO L272 TraceCheckUtils]: 75: Hoare triple {19517#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {19516#true} is VALID [2022-02-20 17:56:17,896 INFO L290 TraceCheckUtils]: 76: Hoare triple {19516#true} ~handle := #in~handle;havoc ~retValue_acc~31; {19516#true} is VALID [2022-02-20 17:56:17,896 INFO L290 TraceCheckUtils]: 77: Hoare triple {19516#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {19516#true} is VALID [2022-02-20 17:56:17,896 INFO L290 TraceCheckUtils]: 78: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,896 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {19516#true} {19517#false} #1200#return; {19517#false} is VALID [2022-02-20 17:56:17,896 INFO L290 TraceCheckUtils]: 80: Hoare triple {19517#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {19517#false} is VALID [2022-02-20 17:56:17,896 INFO L290 TraceCheckUtils]: 81: Hoare triple {19517#false} assume 0 == sign_~privkey~1#1; {19517#false} is VALID [2022-02-20 17:56:17,896 INFO L290 TraceCheckUtils]: 82: Hoare triple {19517#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {19517#false} is VALID [2022-02-20 17:56:17,897 INFO L272 TraceCheckUtils]: 83: Hoare triple {19517#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {19516#true} is VALID [2022-02-20 17:56:17,897 INFO L290 TraceCheckUtils]: 84: Hoare triple {19516#true} ~handle := #in~handle;havoc ~retValue_acc~25; {19516#true} is VALID [2022-02-20 17:56:17,897 INFO L290 TraceCheckUtils]: 85: Hoare triple {19516#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {19516#true} is VALID [2022-02-20 17:56:17,897 INFO L290 TraceCheckUtils]: 86: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,897 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {19516#true} {19517#false} #1202#return; {19517#false} is VALID [2022-02-20 17:56:17,897 INFO L290 TraceCheckUtils]: 88: Hoare triple {19517#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {19517#false} is VALID [2022-02-20 17:56:17,897 INFO L290 TraceCheckUtils]: 89: Hoare triple {19517#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {19517#false} is VALID [2022-02-20 17:56:17,897 INFO L272 TraceCheckUtils]: 90: Hoare triple {19517#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {19517#false} is VALID [2022-02-20 17:56:17,898 INFO L290 TraceCheckUtils]: 91: Hoare triple {19517#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {19517#false} is VALID [2022-02-20 17:56:17,898 INFO L272 TraceCheckUtils]: 92: Hoare triple {19517#false} call #t~ret19#1 := getEmailTo(~msg#1); {19516#true} is VALID [2022-02-20 17:56:17,898 INFO L290 TraceCheckUtils]: 93: Hoare triple {19516#true} ~handle := #in~handle;havoc ~retValue_acc~10; {19516#true} is VALID [2022-02-20 17:56:17,898 INFO L290 TraceCheckUtils]: 94: Hoare triple {19516#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {19516#true} is VALID [2022-02-20 17:56:17,898 INFO L290 TraceCheckUtils]: 95: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,898 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {19516#true} {19517#false} #1234#return; {19517#false} is VALID [2022-02-20 17:56:17,898 INFO L290 TraceCheckUtils]: 97: Hoare triple {19517#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {19517#false} is VALID [2022-02-20 17:56:17,898 INFO L272 TraceCheckUtils]: 98: Hoare triple {19517#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {19516#true} is VALID [2022-02-20 17:56:17,899 INFO L290 TraceCheckUtils]: 99: Hoare triple {19516#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {19516#true} is VALID [2022-02-20 17:56:17,899 INFO L290 TraceCheckUtils]: 100: Hoare triple {19516#true} assume 1 == ~handle; {19516#true} is VALID [2022-02-20 17:56:17,899 INFO L290 TraceCheckUtils]: 101: Hoare triple {19516#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {19516#true} is VALID [2022-02-20 17:56:17,899 INFO L290 TraceCheckUtils]: 102: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,899 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {19516#true} {19517#false} #1236#return; {19517#false} is VALID [2022-02-20 17:56:17,899 INFO L290 TraceCheckUtils]: 104: Hoare triple {19517#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {19517#false} is VALID [2022-02-20 17:56:17,899 INFO L290 TraceCheckUtils]: 105: Hoare triple {19517#false} assume !(0 != ~pubkey~0#1); {19517#false} is VALID [2022-02-20 17:56:17,899 INFO L290 TraceCheckUtils]: 106: Hoare triple {19517#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {19517#false} is VALID [2022-02-20 17:56:17,900 INFO L290 TraceCheckUtils]: 107: Hoare triple {19517#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {19517#false} is VALID [2022-02-20 17:56:17,900 INFO L290 TraceCheckUtils]: 108: Hoare triple {19517#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {19517#false} is VALID [2022-02-20 17:56:17,900 INFO L272 TraceCheckUtils]: 109: Hoare triple {19517#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {19583#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:17,900 INFO L290 TraceCheckUtils]: 110: Hoare triple {19583#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19516#true} is VALID [2022-02-20 17:56:17,900 INFO L290 TraceCheckUtils]: 111: Hoare triple {19516#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19516#true} is VALID [2022-02-20 17:56:17,900 INFO L290 TraceCheckUtils]: 112: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,900 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {19516#true} {19517#false} #1242#return; {19517#false} is VALID [2022-02-20 17:56:17,900 INFO L290 TraceCheckUtils]: 114: Hoare triple {19517#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {19517#false} is VALID [2022-02-20 17:56:17,901 INFO L290 TraceCheckUtils]: 115: Hoare triple {19517#false} assume !(-1 == ~mail_is_sensitive~0); {19517#false} is VALID [2022-02-20 17:56:17,901 INFO L272 TraceCheckUtils]: 116: Hoare triple {19517#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {19516#true} is VALID [2022-02-20 17:56:17,901 INFO L290 TraceCheckUtils]: 117: Hoare triple {19516#true} ~handle := #in~handle;havoc ~retValue_acc~13; {19516#true} is VALID [2022-02-20 17:56:17,901 INFO L290 TraceCheckUtils]: 118: Hoare triple {19516#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {19516#true} is VALID [2022-02-20 17:56:17,901 INFO L290 TraceCheckUtils]: 119: Hoare triple {19516#true} assume true; {19516#true} is VALID [2022-02-20 17:56:17,901 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {19516#true} {19517#false} #1246#return; {19517#false} is VALID [2022-02-20 17:56:17,901 INFO L290 TraceCheckUtils]: 121: Hoare triple {19517#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {19517#false} is VALID [2022-02-20 17:56:17,901 INFO L290 TraceCheckUtils]: 122: Hoare triple {19517#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {19517#false} is VALID [2022-02-20 17:56:17,901 INFO L290 TraceCheckUtils]: 123: Hoare triple {19517#false} assume !false; {19517#false} is VALID [2022-02-20 17:56:17,902 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:56:17,902 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:17,902 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [451438016] [2022-02-20 17:56:17,902 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [451438016] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:17,902 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:17,903 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:56:17,903 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1387811834] [2022-02-20 17:56:17,903 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:17,904 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 124 [2022-02-20 17:56:17,904 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:17,904 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:17,974 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 113 edges. 113 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:17,974 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:56:17,975 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:17,975 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:56:17,975 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:56:17,975 INFO L87 Difference]: Start difference. First operand 491 states and 757 transitions. Second operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:25,366 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:25,367 INFO L93 Difference]: Finished difference Result 1095 states and 1712 transitions. [2022-02-20 17:56:25,367 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:56:25,367 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 124 [2022-02-20 17:56:25,368 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:25,368 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:25,380 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1458 transitions. [2022-02-20 17:56:25,380 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:25,392 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1458 transitions. [2022-02-20 17:56:25,392 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1458 transitions. [2022-02-20 17:56:26,617 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1458 edges. 1458 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:26,652 INFO L225 Difference]: With dead ends: 1095 [2022-02-20 17:56:26,652 INFO L226 Difference]: Without dead ends: 627 [2022-02-20 17:56:26,653 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:56:26,654 INFO L933 BasicCegarLoop]: 694 mSDtfsCounter, 1549 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2317 mSolverCounterSat, 564 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1569 SdHoareTripleChecker+Valid, 1680 SdHoareTripleChecker+Invalid, 2881 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 564 IncrementalHoareTripleChecker+Valid, 2317 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.3s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:26,655 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1569 Valid, 1680 Invalid, 2881 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [564 Valid, 2317 Invalid, 0 Unknown, 0 Unchecked, 3.3s Time] [2022-02-20 17:56:26,655 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 627 states. [2022-02-20 17:56:26,762 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 627 to 493. [2022-02-20 17:56:26,762 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:26,763 INFO L82 GeneralOperation]: Start isEquivalent. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) [2022-02-20 17:56:26,764 INFO L74 IsIncluded]: Start isIncluded. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) [2022-02-20 17:56:26,765 INFO L87 Difference]: Start difference. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) [2022-02-20 17:56:26,784 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:26,784 INFO L93 Difference]: Finished difference Result 627 states and 985 transitions. [2022-02-20 17:56:26,784 INFO L276 IsEmpty]: Start isEmpty. Operand 627 states and 985 transitions. [2022-02-20 17:56:26,792 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:26,793 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:26,796 INFO L74 IsIncluded]: Start isIncluded. First operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) Second operand 627 states. [2022-02-20 17:56:26,796 INFO L87 Difference]: Start difference. First operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) Second operand 627 states. [2022-02-20 17:56:26,814 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:26,814 INFO L93 Difference]: Finished difference Result 627 states and 985 transitions. [2022-02-20 17:56:26,814 INFO L276 IsEmpty]: Start isEmpty. Operand 627 states and 985 transitions. [2022-02-20 17:56:26,817 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:26,817 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:26,817 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:26,817 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:26,818 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (86), 77 states have call predecessors, (86), 78 states have call successors, (86) [2022-02-20 17:56:26,832 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 493 states to 493 states and 760 transitions. [2022-02-20 17:56:26,833 INFO L78 Accepts]: Start accepts. Automaton has 493 states and 760 transitions. Word has length 124 [2022-02-20 17:56:26,833 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:26,833 INFO L470 AbstractCegarLoop]: Abstraction has 493 states and 760 transitions. [2022-02-20 17:56:26,833 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (17), 6 states have call predecessors, (17), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:56:26,833 INFO L276 IsEmpty]: Start isEmpty. Operand 493 states and 760 transitions. [2022-02-20 17:56:26,835 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 126 [2022-02-20 17:56:26,835 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:26,835 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:26,835 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:56:26,835 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:26,836 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:26,836 INFO L85 PathProgramCache]: Analyzing trace with hash -1557390427, now seen corresponding path program 1 times [2022-02-20 17:56:26,836 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:26,836 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1214585306] [2022-02-20 17:56:26,836 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:26,836 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:26,857 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,884 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:26,885 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,887 INFO L290 TraceCheckUtils]: 0: Hoare triple {23128#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:26,887 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:26,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,887 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23063#true} {23063#true} #1278#return; {23063#true} is VALID [2022-02-20 17:56:26,892 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:26,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,895 INFO L290 TraceCheckUtils]: 0: Hoare triple {23129#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:26,895 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:26,895 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,895 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23063#true} {23063#true} #1280#return; {23063#true} is VALID [2022-02-20 17:56:26,895 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:26,896 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,899 INFO L290 TraceCheckUtils]: 0: Hoare triple {23128#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:26,899 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume !(1 == ~handle); {23063#true} is VALID [2022-02-20 17:56:26,899 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:26,899 INFO L290 TraceCheckUtils]: 3: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,899 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23063#true} {23063#true} #1282#return; {23063#true} is VALID [2022-02-20 17:56:26,899 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:26,901 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,902 INFO L290 TraceCheckUtils]: 0: Hoare triple {23129#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:26,903 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume !(1 == ~handle); {23063#true} is VALID [2022-02-20 17:56:26,903 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:26,903 INFO L290 TraceCheckUtils]: 3: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,903 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23063#true} {23063#true} #1284#return; {23063#true} is VALID [2022-02-20 17:56:26,903 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:26,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,921 INFO L290 TraceCheckUtils]: 0: Hoare triple {23128#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23130#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:26,922 INFO L290 TraceCheckUtils]: 1: Hoare triple {23130#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23130#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:26,922 INFO L290 TraceCheckUtils]: 2: Hoare triple {23130#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23130#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:26,922 INFO L290 TraceCheckUtils]: 3: Hoare triple {23130#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23131#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:26,923 INFO L290 TraceCheckUtils]: 4: Hoare triple {23131#(= 3 |setClientId_#in~handle|)} assume true; {23131#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:26,923 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {23131#(= 3 |setClientId_#in~handle|)} {23083#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1286#return; {23090#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:56:26,923 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:26,925 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,941 INFO L290 TraceCheckUtils]: 0: Hoare triple {23129#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23132#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:26,941 INFO L290 TraceCheckUtils]: 1: Hoare triple {23132#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23133#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:26,942 INFO L290 TraceCheckUtils]: 2: Hoare triple {23133#(= |setClientPrivateKey_#in~handle| 1)} assume true; {23133#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:26,942 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23133#(= |setClientPrivateKey_#in~handle| 1)} {23090#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1288#return; {23064#false} is VALID [2022-02-20 17:56:26,949 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:56:26,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {23134#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:26,952 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:26,952 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,952 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23063#true} {23064#false} #1220#return; {23064#false} is VALID [2022-02-20 17:56:26,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:56:26,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {23135#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:26,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:26,972 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,972 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23063#true} {23064#false} #1222#return; {23064#false} is VALID [2022-02-20 17:56:26,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:56:26,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,974 INFO L290 TraceCheckUtils]: 0: Hoare triple {23063#true} ~handle := #in~handle;havoc ~retValue_acc~31; {23063#true} is VALID [2022-02-20 17:56:26,974 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {23063#true} is VALID [2022-02-20 17:56:26,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,975 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23063#true} {23064#false} #1200#return; {23064#false} is VALID [2022-02-20 17:56:26,975 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:56:26,975 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,977 INFO L290 TraceCheckUtils]: 0: Hoare triple {23063#true} ~handle := #in~handle;havoc ~retValue_acc~25; {23063#true} is VALID [2022-02-20 17:56:26,977 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {23063#true} is VALID [2022-02-20 17:56:26,977 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,977 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23063#true} {23064#false} #1202#return; {23064#false} is VALID [2022-02-20 17:56:26,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:56:26,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {23063#true} ~handle := #in~handle;havoc ~retValue_acc~10; {23063#true} is VALID [2022-02-20 17:56:26,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {23063#true} is VALID [2022-02-20 17:56:26,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,980 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23063#true} {23064#false} #1234#return; {23064#false} is VALID [2022-02-20 17:56:26,980 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:56:26,987 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:26,988 INFO L290 TraceCheckUtils]: 0: Hoare triple {23063#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {23063#true} is VALID [2022-02-20 17:56:26,988 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle; {23063#true} is VALID [2022-02-20 17:56:26,989 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {23063#true} is VALID [2022-02-20 17:56:26,989 INFO L290 TraceCheckUtils]: 3: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:26,989 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23063#true} {23064#false} #1236#return; {23064#false} is VALID [2022-02-20 17:56:26,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 17:56:26,990 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:27,004 INFO L290 TraceCheckUtils]: 0: Hoare triple {23134#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:27,004 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:27,004 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,004 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23063#true} {23064#false} #1242#return; {23064#false} is VALID [2022-02-20 17:56:27,004 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 17:56:27,005 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:27,007 INFO L290 TraceCheckUtils]: 0: Hoare triple {23063#true} ~handle := #in~handle;havoc ~retValue_acc~13; {23063#true} is VALID [2022-02-20 17:56:27,007 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {23063#true} is VALID [2022-02-20 17:56:27,007 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,007 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23063#true} {23064#false} #1246#return; {23064#false} is VALID [2022-02-20 17:56:27,007 INFO L290 TraceCheckUtils]: 0: Hoare triple {23063#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {23063#true} is VALID [2022-02-20 17:56:27,008 INFO L290 TraceCheckUtils]: 1: Hoare triple {23063#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {23063#true} is VALID [2022-02-20 17:56:27,008 INFO L290 TraceCheckUtils]: 2: Hoare triple {23063#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23063#true} is VALID [2022-02-20 17:56:27,008 INFO L290 TraceCheckUtils]: 3: Hoare triple {23063#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {23063#true} is VALID [2022-02-20 17:56:27,008 INFO L290 TraceCheckUtils]: 4: Hoare triple {23063#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {23063#true} is VALID [2022-02-20 17:56:27,008 INFO L290 TraceCheckUtils]: 5: Hoare triple {23063#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {23063#true} is VALID [2022-02-20 17:56:27,009 INFO L272 TraceCheckUtils]: 6: Hoare triple {23063#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {23128#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:27,009 INFO L290 TraceCheckUtils]: 7: Hoare triple {23128#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:27,009 INFO L290 TraceCheckUtils]: 8: Hoare triple {23063#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:27,009 INFO L290 TraceCheckUtils]: 9: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,009 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {23063#true} {23063#true} #1278#return; {23063#true} is VALID [2022-02-20 17:56:27,009 INFO L290 TraceCheckUtils]: 11: Hoare triple {23063#true} assume { :end_inline_setup_bob__wrappee__Base } true; {23063#true} is VALID [2022-02-20 17:56:27,010 INFO L272 TraceCheckUtils]: 12: Hoare triple {23063#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {23129#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:27,010 INFO L290 TraceCheckUtils]: 13: Hoare triple {23129#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:27,010 INFO L290 TraceCheckUtils]: 14: Hoare triple {23063#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:27,010 INFO L290 TraceCheckUtils]: 15: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,010 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {23063#true} {23063#true} #1280#return; {23063#true} is VALID [2022-02-20 17:56:27,010 INFO L290 TraceCheckUtils]: 17: Hoare triple {23063#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {23063#true} is VALID [2022-02-20 17:56:27,011 INFO L272 TraceCheckUtils]: 18: Hoare triple {23063#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {23128#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:27,011 INFO L290 TraceCheckUtils]: 19: Hoare triple {23128#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:27,011 INFO L290 TraceCheckUtils]: 20: Hoare triple {23063#true} assume !(1 == ~handle); {23063#true} is VALID [2022-02-20 17:56:27,011 INFO L290 TraceCheckUtils]: 21: Hoare triple {23063#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:27,012 INFO L290 TraceCheckUtils]: 22: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,012 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {23063#true} {23063#true} #1282#return; {23063#true} is VALID [2022-02-20 17:56:27,012 INFO L290 TraceCheckUtils]: 24: Hoare triple {23063#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {23063#true} is VALID [2022-02-20 17:56:27,012 INFO L272 TraceCheckUtils]: 25: Hoare triple {23063#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {23129#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:27,013 INFO L290 TraceCheckUtils]: 26: Hoare triple {23129#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:27,013 INFO L290 TraceCheckUtils]: 27: Hoare triple {23063#true} assume !(1 == ~handle); {23063#true} is VALID [2022-02-20 17:56:27,013 INFO L290 TraceCheckUtils]: 28: Hoare triple {23063#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:27,013 INFO L290 TraceCheckUtils]: 29: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,013 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {23063#true} {23063#true} #1284#return; {23063#true} is VALID [2022-02-20 17:56:27,014 INFO L290 TraceCheckUtils]: 31: Hoare triple {23063#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {23083#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:27,014 INFO L272 TraceCheckUtils]: 32: Hoare triple {23083#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {23128#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:27,014 INFO L290 TraceCheckUtils]: 33: Hoare triple {23128#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23130#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:27,015 INFO L290 TraceCheckUtils]: 34: Hoare triple {23130#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23130#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:27,015 INFO L290 TraceCheckUtils]: 35: Hoare triple {23130#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23130#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:27,015 INFO L290 TraceCheckUtils]: 36: Hoare triple {23130#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23131#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:27,016 INFO L290 TraceCheckUtils]: 37: Hoare triple {23131#(= 3 |setClientId_#in~handle|)} assume true; {23131#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:27,016 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {23131#(= 3 |setClientId_#in~handle|)} {23083#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1286#return; {23090#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:56:27,017 INFO L290 TraceCheckUtils]: 39: Hoare triple {23090#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {23090#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:56:27,017 INFO L272 TraceCheckUtils]: 40: Hoare triple {23090#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {23129#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:27,017 INFO L290 TraceCheckUtils]: 41: Hoare triple {23129#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23132#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:27,018 INFO L290 TraceCheckUtils]: 42: Hoare triple {23132#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23133#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:27,018 INFO L290 TraceCheckUtils]: 43: Hoare triple {23133#(= |setClientPrivateKey_#in~handle| 1)} assume true; {23133#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:56:27,019 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {23133#(= |setClientPrivateKey_#in~handle| 1)} {23090#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1288#return; {23064#false} is VALID [2022-02-20 17:56:27,019 INFO L290 TraceCheckUtils]: 45: Hoare triple {23064#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {23064#false} is VALID [2022-02-20 17:56:27,019 INFO L290 TraceCheckUtils]: 46: Hoare triple {23064#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23064#false} is VALID [2022-02-20 17:56:27,019 INFO L290 TraceCheckUtils]: 47: Hoare triple {23064#false} assume !false; {23064#false} is VALID [2022-02-20 17:56:27,019 INFO L290 TraceCheckUtils]: 48: Hoare triple {23064#false} assume test_~splverifierCounter~0#1 < 4; {23064#false} is VALID [2022-02-20 17:56:27,019 INFO L290 TraceCheckUtils]: 49: Hoare triple {23064#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23064#false} is VALID [2022-02-20 17:56:27,020 INFO L290 TraceCheckUtils]: 50: Hoare triple {23064#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {23064#false} is VALID [2022-02-20 17:56:27,020 INFO L290 TraceCheckUtils]: 51: Hoare triple {23064#false} assume !(0 != test_~tmp___9~0#1); {23064#false} is VALID [2022-02-20 17:56:27,020 INFO L290 TraceCheckUtils]: 52: Hoare triple {23064#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {23064#false} is VALID [2022-02-20 17:56:27,020 INFO L290 TraceCheckUtils]: 53: Hoare triple {23064#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {23064#false} is VALID [2022-02-20 17:56:27,020 INFO L290 TraceCheckUtils]: 54: Hoare triple {23064#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {23064#false} is VALID [2022-02-20 17:56:27,020 INFO L290 TraceCheckUtils]: 55: Hoare triple {23064#false} assume { :end_inline_setClientAutoResponse } true; {23064#false} is VALID [2022-02-20 17:56:27,020 INFO L290 TraceCheckUtils]: 56: Hoare triple {23064#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {23064#false} is VALID [2022-02-20 17:56:27,021 INFO L290 TraceCheckUtils]: 57: Hoare triple {23064#false} assume !false; {23064#false} is VALID [2022-02-20 17:56:27,021 INFO L290 TraceCheckUtils]: 58: Hoare triple {23064#false} assume !(test_~splverifierCounter~0#1 < 4); {23064#false} is VALID [2022-02-20 17:56:27,021 INFO L290 TraceCheckUtils]: 59: Hoare triple {23064#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {23064#false} is VALID [2022-02-20 17:56:27,021 INFO L272 TraceCheckUtils]: 60: Hoare triple {23064#false} call sendEmail(~bob~0, ~rjh~0); {23064#false} is VALID [2022-02-20 17:56:27,021 INFO L290 TraceCheckUtils]: 61: Hoare triple {23064#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {23064#false} is VALID [2022-02-20 17:56:27,021 INFO L272 TraceCheckUtils]: 62: Hoare triple {23064#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {23134#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:27,021 INFO L290 TraceCheckUtils]: 63: Hoare triple {23134#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:27,022 INFO L290 TraceCheckUtils]: 64: Hoare triple {23063#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:27,022 INFO L290 TraceCheckUtils]: 65: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,022 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {23063#true} {23064#false} #1220#return; {23064#false} is VALID [2022-02-20 17:56:27,022 INFO L272 TraceCheckUtils]: 67: Hoare triple {23064#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {23135#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:27,022 INFO L290 TraceCheckUtils]: 68: Hoare triple {23135#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:27,022 INFO L290 TraceCheckUtils]: 69: Hoare triple {23063#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:27,023 INFO L290 TraceCheckUtils]: 70: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,023 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {23063#true} {23064#false} #1222#return; {23064#false} is VALID [2022-02-20 17:56:27,023 INFO L290 TraceCheckUtils]: 72: Hoare triple {23064#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {23064#false} is VALID [2022-02-20 17:56:27,023 INFO L290 TraceCheckUtils]: 73: Hoare triple {23064#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {23064#false} is VALID [2022-02-20 17:56:27,023 INFO L272 TraceCheckUtils]: 74: Hoare triple {23064#false} call outgoing(~sender#1, ~email~0#1); {23064#false} is VALID [2022-02-20 17:56:27,023 INFO L290 TraceCheckUtils]: 75: Hoare triple {23064#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {23064#false} is VALID [2022-02-20 17:56:27,023 INFO L272 TraceCheckUtils]: 76: Hoare triple {23064#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {23063#true} is VALID [2022-02-20 17:56:27,024 INFO L290 TraceCheckUtils]: 77: Hoare triple {23063#true} ~handle := #in~handle;havoc ~retValue_acc~31; {23063#true} is VALID [2022-02-20 17:56:27,024 INFO L290 TraceCheckUtils]: 78: Hoare triple {23063#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {23063#true} is VALID [2022-02-20 17:56:27,024 INFO L290 TraceCheckUtils]: 79: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,024 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {23063#true} {23064#false} #1200#return; {23064#false} is VALID [2022-02-20 17:56:27,024 INFO L290 TraceCheckUtils]: 81: Hoare triple {23064#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {23064#false} is VALID [2022-02-20 17:56:27,024 INFO L290 TraceCheckUtils]: 82: Hoare triple {23064#false} assume 0 == sign_~privkey~1#1; {23064#false} is VALID [2022-02-20 17:56:27,025 INFO L290 TraceCheckUtils]: 83: Hoare triple {23064#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {23064#false} is VALID [2022-02-20 17:56:27,025 INFO L272 TraceCheckUtils]: 84: Hoare triple {23064#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {23063#true} is VALID [2022-02-20 17:56:27,025 INFO L290 TraceCheckUtils]: 85: Hoare triple {23063#true} ~handle := #in~handle;havoc ~retValue_acc~25; {23063#true} is VALID [2022-02-20 17:56:27,025 INFO L290 TraceCheckUtils]: 86: Hoare triple {23063#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {23063#true} is VALID [2022-02-20 17:56:27,025 INFO L290 TraceCheckUtils]: 87: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,025 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {23063#true} {23064#false} #1202#return; {23064#false} is VALID [2022-02-20 17:56:27,025 INFO L290 TraceCheckUtils]: 89: Hoare triple {23064#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {23064#false} is VALID [2022-02-20 17:56:27,026 INFO L290 TraceCheckUtils]: 90: Hoare triple {23064#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {23064#false} is VALID [2022-02-20 17:56:27,026 INFO L272 TraceCheckUtils]: 91: Hoare triple {23064#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {23064#false} is VALID [2022-02-20 17:56:27,026 INFO L290 TraceCheckUtils]: 92: Hoare triple {23064#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {23064#false} is VALID [2022-02-20 17:56:27,026 INFO L272 TraceCheckUtils]: 93: Hoare triple {23064#false} call #t~ret19#1 := getEmailTo(~msg#1); {23063#true} is VALID [2022-02-20 17:56:27,026 INFO L290 TraceCheckUtils]: 94: Hoare triple {23063#true} ~handle := #in~handle;havoc ~retValue_acc~10; {23063#true} is VALID [2022-02-20 17:56:27,026 INFO L290 TraceCheckUtils]: 95: Hoare triple {23063#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {23063#true} is VALID [2022-02-20 17:56:27,026 INFO L290 TraceCheckUtils]: 96: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,027 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {23063#true} {23064#false} #1234#return; {23064#false} is VALID [2022-02-20 17:56:27,027 INFO L290 TraceCheckUtils]: 98: Hoare triple {23064#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {23064#false} is VALID [2022-02-20 17:56:27,027 INFO L272 TraceCheckUtils]: 99: Hoare triple {23064#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {23063#true} is VALID [2022-02-20 17:56:27,027 INFO L290 TraceCheckUtils]: 100: Hoare triple {23063#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {23063#true} is VALID [2022-02-20 17:56:27,027 INFO L290 TraceCheckUtils]: 101: Hoare triple {23063#true} assume 1 == ~handle; {23063#true} is VALID [2022-02-20 17:56:27,027 INFO L290 TraceCheckUtils]: 102: Hoare triple {23063#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {23063#true} is VALID [2022-02-20 17:56:27,028 INFO L290 TraceCheckUtils]: 103: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,028 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {23063#true} {23064#false} #1236#return; {23064#false} is VALID [2022-02-20 17:56:27,028 INFO L290 TraceCheckUtils]: 105: Hoare triple {23064#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {23064#false} is VALID [2022-02-20 17:56:27,028 INFO L290 TraceCheckUtils]: 106: Hoare triple {23064#false} assume !(0 != ~pubkey~0#1); {23064#false} is VALID [2022-02-20 17:56:27,028 INFO L290 TraceCheckUtils]: 107: Hoare triple {23064#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {23064#false} is VALID [2022-02-20 17:56:27,028 INFO L290 TraceCheckUtils]: 108: Hoare triple {23064#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {23064#false} is VALID [2022-02-20 17:56:27,028 INFO L290 TraceCheckUtils]: 109: Hoare triple {23064#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {23064#false} is VALID [2022-02-20 17:56:27,029 INFO L272 TraceCheckUtils]: 110: Hoare triple {23064#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {23134#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:27,029 INFO L290 TraceCheckUtils]: 111: Hoare triple {23134#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23063#true} is VALID [2022-02-20 17:56:27,029 INFO L290 TraceCheckUtils]: 112: Hoare triple {23063#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23063#true} is VALID [2022-02-20 17:56:27,029 INFO L290 TraceCheckUtils]: 113: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,029 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {23063#true} {23064#false} #1242#return; {23064#false} is VALID [2022-02-20 17:56:27,029 INFO L290 TraceCheckUtils]: 115: Hoare triple {23064#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {23064#false} is VALID [2022-02-20 17:56:27,030 INFO L290 TraceCheckUtils]: 116: Hoare triple {23064#false} assume !(-1 == ~mail_is_sensitive~0); {23064#false} is VALID [2022-02-20 17:56:27,030 INFO L272 TraceCheckUtils]: 117: Hoare triple {23064#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {23063#true} is VALID [2022-02-20 17:56:27,030 INFO L290 TraceCheckUtils]: 118: Hoare triple {23063#true} ~handle := #in~handle;havoc ~retValue_acc~13; {23063#true} is VALID [2022-02-20 17:56:27,030 INFO L290 TraceCheckUtils]: 119: Hoare triple {23063#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {23063#true} is VALID [2022-02-20 17:56:27,030 INFO L290 TraceCheckUtils]: 120: Hoare triple {23063#true} assume true; {23063#true} is VALID [2022-02-20 17:56:27,030 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {23063#true} {23064#false} #1246#return; {23064#false} is VALID [2022-02-20 17:56:27,030 INFO L290 TraceCheckUtils]: 122: Hoare triple {23064#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {23064#false} is VALID [2022-02-20 17:56:27,031 INFO L290 TraceCheckUtils]: 123: Hoare triple {23064#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {23064#false} is VALID [2022-02-20 17:56:27,031 INFO L290 TraceCheckUtils]: 124: Hoare triple {23064#false} assume !false; {23064#false} is VALID [2022-02-20 17:56:27,031 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:56:27,031 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:27,032 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1214585306] [2022-02-20 17:56:27,032 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1214585306] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:27,032 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:27,032 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:56:27,032 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1180427834] [2022-02-20 17:56:27,032 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:27,033 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 125 [2022-02-20 17:56:27,033 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:27,033 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:27,116 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 117 edges. 117 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:27,117 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:56:27,117 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:27,117 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:56:27,117 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:56:27,118 INFO L87 Difference]: Start difference. First operand 493 states and 760 transitions. Second operand has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:38,591 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:38,591 INFO L93 Difference]: Finished difference Result 1093 states and 1707 transitions. [2022-02-20 17:56:38,591 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:56:38,591 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 125 [2022-02-20 17:56:38,592 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:38,592 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:38,625 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1459 transitions. [2022-02-20 17:56:38,626 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:38,639 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1459 transitions. [2022-02-20 17:56:38,639 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1459 transitions. [2022-02-20 17:56:39,924 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1459 edges. 1459 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:39,946 INFO L225 Difference]: With dead ends: 1093 [2022-02-20 17:56:39,946 INFO L226 Difference]: Without dead ends: 627 [2022-02-20 17:56:39,947 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:56:39,948 INFO L933 BasicCegarLoop]: 675 mSDtfsCounter, 1692 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 4168 mSolverCounterSat, 629 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 5.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1692 SdHoareTripleChecker+Valid, 2041 SdHoareTripleChecker+Invalid, 4797 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 629 IncrementalHoareTripleChecker+Valid, 4168 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 5.4s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:39,948 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1692 Valid, 2041 Invalid, 4797 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [629 Valid, 4168 Invalid, 0 Unknown, 0 Unchecked, 5.4s Time] [2022-02-20 17:56:39,950 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 627 states. [2022-02-20 17:56:40,050 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 627 to 493. [2022-02-20 17:56:40,050 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:40,051 INFO L82 GeneralOperation]: Start isEquivalent. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 17:56:40,052 INFO L74 IsIncluded]: Start isIncluded. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 17:56:40,053 INFO L87 Difference]: Start difference. First operand 627 states. Second operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 17:56:40,070 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:40,071 INFO L93 Difference]: Finished difference Result 627 states and 984 transitions. [2022-02-20 17:56:40,071 INFO L276 IsEmpty]: Start isEmpty. Operand 627 states and 984 transitions. [2022-02-20 17:56:40,073 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:40,073 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:40,074 INFO L74 IsIncluded]: Start isIncluded. First operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) Second operand 627 states. [2022-02-20 17:56:40,075 INFO L87 Difference]: Start difference. First operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) Second operand 627 states. [2022-02-20 17:56:40,093 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:40,093 INFO L93 Difference]: Finished difference Result 627 states and 984 transitions. [2022-02-20 17:56:40,093 INFO L276 IsEmpty]: Start isEmpty. Operand 627 states and 984 transitions. [2022-02-20 17:56:40,096 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:40,096 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:40,096 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:40,096 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:40,097 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 493 states, 382 states have (on average 1.557591623036649) internal successors, (595), 389 states have internal predecessors, (595), 79 states have call successors, (79), 28 states have call predecessors, (79), 31 states have return successors, (85), 77 states have call predecessors, (85), 78 states have call successors, (85) [2022-02-20 17:56:40,130 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 493 states to 493 states and 759 transitions. [2022-02-20 17:56:40,130 INFO L78 Accepts]: Start accepts. Automaton has 493 states and 759 transitions. Word has length 125 [2022-02-20 17:56:40,130 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:40,130 INFO L470 AbstractCegarLoop]: Abstraction has 493 states and 759 transitions. [2022-02-20 17:56:40,131 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.818181818181818) internal successors, (86), 8 states have internal predecessors, (86), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:40,131 INFO L276 IsEmpty]: Start isEmpty. Operand 493 states and 759 transitions. [2022-02-20 17:56:40,133 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 127 [2022-02-20 17:56:40,133 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:40,133 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:40,133 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:56:40,134 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:40,134 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:40,134 INFO L85 PathProgramCache]: Analyzing trace with hash -1919225920, now seen corresponding path program 2 times [2022-02-20 17:56:40,134 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:40,134 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1757138592] [2022-02-20 17:56:40,135 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:40,135 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:40,161 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,196 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:40,198 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,200 INFO L290 TraceCheckUtils]: 0: Hoare triple {26685#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,200 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,200 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,200 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26619#true} {26619#true} #1278#return; {26619#true} is VALID [2022-02-20 17:56:40,205 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:40,207 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {26686#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,209 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,209 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,209 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26619#true} {26619#true} #1280#return; {26619#true} is VALID [2022-02-20 17:56:40,209 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:40,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,213 INFO L290 TraceCheckUtils]: 0: Hoare triple {26685#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume !(1 == ~handle); {26619#true} is VALID [2022-02-20 17:56:40,213 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,213 INFO L290 TraceCheckUtils]: 3: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,213 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26619#true} {26619#true} #1282#return; {26619#true} is VALID [2022-02-20 17:56:40,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:40,216 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,219 INFO L290 TraceCheckUtils]: 0: Hoare triple {26686#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,219 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume !(1 == ~handle); {26619#true} is VALID [2022-02-20 17:56:40,219 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,219 INFO L290 TraceCheckUtils]: 3: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,220 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26619#true} {26619#true} #1284#return; {26619#true} is VALID [2022-02-20 17:56:40,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:40,222 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {26685#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {26687#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {26687#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,237 INFO L290 TraceCheckUtils]: 3: Hoare triple {26687#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26688#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,238 INFO L290 TraceCheckUtils]: 4: Hoare triple {26688#(= 3 |setClientId_#in~handle|)} assume true; {26688#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,239 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {26688#(= 3 |setClientId_#in~handle|)} {26639#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1286#return; {26646#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:56:40,239 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:40,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {26686#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:40,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {26689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {26689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:40,260 INFO L290 TraceCheckUtils]: 2: Hoare triple {26689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26690#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:40,261 INFO L290 TraceCheckUtils]: 3: Hoare triple {26690#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {26690#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:40,261 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26690#(= 2 |setClientPrivateKey_#in~handle|)} {26646#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1288#return; {26620#false} is VALID [2022-02-20 17:56:40,269 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:56:40,270 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,273 INFO L290 TraceCheckUtils]: 0: Hoare triple {26691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,273 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,273 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,274 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26619#true} {26620#false} #1220#return; {26620#false} is VALID [2022-02-20 17:56:40,283 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:56:40,284 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {26692#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,286 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,286 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26619#true} {26620#false} #1222#return; {26620#false} is VALID [2022-02-20 17:56:40,286 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:56:40,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,288 INFO L290 TraceCheckUtils]: 0: Hoare triple {26619#true} ~handle := #in~handle;havoc ~retValue_acc~31; {26619#true} is VALID [2022-02-20 17:56:40,288 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {26619#true} is VALID [2022-02-20 17:56:40,288 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,288 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26619#true} {26620#false} #1200#return; {26620#false} is VALID [2022-02-20 17:56:40,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:56:40,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,290 INFO L290 TraceCheckUtils]: 0: Hoare triple {26619#true} ~handle := #in~handle;havoc ~retValue_acc~25; {26619#true} is VALID [2022-02-20 17:56:40,290 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {26619#true} is VALID [2022-02-20 17:56:40,291 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,291 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26619#true} {26620#false} #1202#return; {26620#false} is VALID [2022-02-20 17:56:40,291 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:56:40,291 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {26619#true} ~handle := #in~handle;havoc ~retValue_acc~10; {26619#true} is VALID [2022-02-20 17:56:40,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {26619#true} is VALID [2022-02-20 17:56:40,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,294 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26619#true} {26620#false} #1234#return; {26620#false} is VALID [2022-02-20 17:56:40,294 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:56:40,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {26619#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {26619#true} is VALID [2022-02-20 17:56:40,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle; {26619#true} is VALID [2022-02-20 17:56:40,296 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {26619#true} is VALID [2022-02-20 17:56:40,296 INFO L290 TraceCheckUtils]: 3: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,297 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26619#true} {26620#false} #1236#return; {26620#false} is VALID [2022-02-20 17:56:40,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:56:40,297 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,299 INFO L290 TraceCheckUtils]: 0: Hoare triple {26691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,299 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,299 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,300 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26619#true} {26620#false} #1242#return; {26620#false} is VALID [2022-02-20 17:56:40,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:56:40,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:40,302 INFO L290 TraceCheckUtils]: 0: Hoare triple {26619#true} ~handle := #in~handle;havoc ~retValue_acc~13; {26619#true} is VALID [2022-02-20 17:56:40,302 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {26619#true} is VALID [2022-02-20 17:56:40,302 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,303 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26619#true} {26620#false} #1246#return; {26620#false} is VALID [2022-02-20 17:56:40,303 INFO L290 TraceCheckUtils]: 0: Hoare triple {26619#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {26619#true} is VALID [2022-02-20 17:56:40,303 INFO L290 TraceCheckUtils]: 1: Hoare triple {26619#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {26619#true} is VALID [2022-02-20 17:56:40,303 INFO L290 TraceCheckUtils]: 2: Hoare triple {26619#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {26619#true} is VALID [2022-02-20 17:56:40,303 INFO L290 TraceCheckUtils]: 3: Hoare triple {26619#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {26619#true} is VALID [2022-02-20 17:56:40,303 INFO L290 TraceCheckUtils]: 4: Hoare triple {26619#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {26619#true} is VALID [2022-02-20 17:56:40,303 INFO L290 TraceCheckUtils]: 5: Hoare triple {26619#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {26619#true} is VALID [2022-02-20 17:56:40,304 INFO L272 TraceCheckUtils]: 6: Hoare triple {26619#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {26685#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,304 INFO L290 TraceCheckUtils]: 7: Hoare triple {26685#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,304 INFO L290 TraceCheckUtils]: 8: Hoare triple {26619#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,304 INFO L290 TraceCheckUtils]: 9: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,305 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {26619#true} {26619#true} #1278#return; {26619#true} is VALID [2022-02-20 17:56:40,305 INFO L290 TraceCheckUtils]: 11: Hoare triple {26619#true} assume { :end_inline_setup_bob__wrappee__Base } true; {26619#true} is VALID [2022-02-20 17:56:40,305 INFO L272 TraceCheckUtils]: 12: Hoare triple {26619#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {26686#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:40,305 INFO L290 TraceCheckUtils]: 13: Hoare triple {26686#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,306 INFO L290 TraceCheckUtils]: 14: Hoare triple {26619#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,306 INFO L290 TraceCheckUtils]: 15: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,306 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {26619#true} {26619#true} #1280#return; {26619#true} is VALID [2022-02-20 17:56:40,306 INFO L290 TraceCheckUtils]: 17: Hoare triple {26619#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {26619#true} is VALID [2022-02-20 17:56:40,306 INFO L272 TraceCheckUtils]: 18: Hoare triple {26619#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {26685#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,307 INFO L290 TraceCheckUtils]: 19: Hoare triple {26685#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,307 INFO L290 TraceCheckUtils]: 20: Hoare triple {26619#true} assume !(1 == ~handle); {26619#true} is VALID [2022-02-20 17:56:40,307 INFO L290 TraceCheckUtils]: 21: Hoare triple {26619#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,307 INFO L290 TraceCheckUtils]: 22: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,307 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {26619#true} {26619#true} #1282#return; {26619#true} is VALID [2022-02-20 17:56:40,307 INFO L290 TraceCheckUtils]: 24: Hoare triple {26619#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {26619#true} is VALID [2022-02-20 17:56:40,308 INFO L272 TraceCheckUtils]: 25: Hoare triple {26619#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {26686#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:40,308 INFO L290 TraceCheckUtils]: 26: Hoare triple {26686#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,308 INFO L290 TraceCheckUtils]: 27: Hoare triple {26619#true} assume !(1 == ~handle); {26619#true} is VALID [2022-02-20 17:56:40,308 INFO L290 TraceCheckUtils]: 28: Hoare triple {26619#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,308 INFO L290 TraceCheckUtils]: 29: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,309 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {26619#true} {26619#true} #1284#return; {26619#true} is VALID [2022-02-20 17:56:40,309 INFO L290 TraceCheckUtils]: 31: Hoare triple {26619#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {26639#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:56:40,310 INFO L272 TraceCheckUtils]: 32: Hoare triple {26639#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {26685#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:40,310 INFO L290 TraceCheckUtils]: 33: Hoare triple {26685#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,310 INFO L290 TraceCheckUtils]: 34: Hoare triple {26687#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,310 INFO L290 TraceCheckUtils]: 35: Hoare triple {26687#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26687#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,311 INFO L290 TraceCheckUtils]: 36: Hoare triple {26687#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26688#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,311 INFO L290 TraceCheckUtils]: 37: Hoare triple {26688#(= 3 |setClientId_#in~handle|)} assume true; {26688#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:40,312 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {26688#(= 3 |setClientId_#in~handle|)} {26639#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1286#return; {26646#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:56:40,312 INFO L290 TraceCheckUtils]: 39: Hoare triple {26646#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {26646#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:56:40,313 INFO L272 TraceCheckUtils]: 40: Hoare triple {26646#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {26686#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:40,313 INFO L290 TraceCheckUtils]: 41: Hoare triple {26686#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:40,313 INFO L290 TraceCheckUtils]: 42: Hoare triple {26689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {26689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:40,314 INFO L290 TraceCheckUtils]: 43: Hoare triple {26689#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26690#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:40,314 INFO L290 TraceCheckUtils]: 44: Hoare triple {26690#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {26690#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:56:40,315 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {26690#(= 2 |setClientPrivateKey_#in~handle|)} {26646#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1288#return; {26620#false} is VALID [2022-02-20 17:56:40,315 INFO L290 TraceCheckUtils]: 46: Hoare triple {26620#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {26620#false} is VALID [2022-02-20 17:56:40,315 INFO L290 TraceCheckUtils]: 47: Hoare triple {26620#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26620#false} is VALID [2022-02-20 17:56:40,315 INFO L290 TraceCheckUtils]: 48: Hoare triple {26620#false} assume !false; {26620#false} is VALID [2022-02-20 17:56:40,315 INFO L290 TraceCheckUtils]: 49: Hoare triple {26620#false} assume test_~splverifierCounter~0#1 < 4; {26620#false} is VALID [2022-02-20 17:56:40,315 INFO L290 TraceCheckUtils]: 50: Hoare triple {26620#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26620#false} is VALID [2022-02-20 17:56:40,315 INFO L290 TraceCheckUtils]: 51: Hoare triple {26620#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {26620#false} is VALID [2022-02-20 17:56:40,316 INFO L290 TraceCheckUtils]: 52: Hoare triple {26620#false} assume !(0 != test_~tmp___9~0#1); {26620#false} is VALID [2022-02-20 17:56:40,316 INFO L290 TraceCheckUtils]: 53: Hoare triple {26620#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {26620#false} is VALID [2022-02-20 17:56:40,316 INFO L290 TraceCheckUtils]: 54: Hoare triple {26620#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {26620#false} is VALID [2022-02-20 17:56:40,316 INFO L290 TraceCheckUtils]: 55: Hoare triple {26620#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {26620#false} is VALID [2022-02-20 17:56:40,316 INFO L290 TraceCheckUtils]: 56: Hoare triple {26620#false} assume { :end_inline_setClientAutoResponse } true; {26620#false} is VALID [2022-02-20 17:56:40,316 INFO L290 TraceCheckUtils]: 57: Hoare triple {26620#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {26620#false} is VALID [2022-02-20 17:56:40,317 INFO L290 TraceCheckUtils]: 58: Hoare triple {26620#false} assume !false; {26620#false} is VALID [2022-02-20 17:56:40,317 INFO L290 TraceCheckUtils]: 59: Hoare triple {26620#false} assume !(test_~splverifierCounter~0#1 < 4); {26620#false} is VALID [2022-02-20 17:56:40,317 INFO L290 TraceCheckUtils]: 60: Hoare triple {26620#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {26620#false} is VALID [2022-02-20 17:56:40,317 INFO L272 TraceCheckUtils]: 61: Hoare triple {26620#false} call sendEmail(~bob~0, ~rjh~0); {26620#false} is VALID [2022-02-20 17:56:40,317 INFO L290 TraceCheckUtils]: 62: Hoare triple {26620#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {26620#false} is VALID [2022-02-20 17:56:40,317 INFO L272 TraceCheckUtils]: 63: Hoare triple {26620#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {26691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:40,317 INFO L290 TraceCheckUtils]: 64: Hoare triple {26691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,318 INFO L290 TraceCheckUtils]: 65: Hoare triple {26619#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,318 INFO L290 TraceCheckUtils]: 66: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,318 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {26619#true} {26620#false} #1220#return; {26620#false} is VALID [2022-02-20 17:56:40,318 INFO L272 TraceCheckUtils]: 68: Hoare triple {26620#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {26692#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:40,318 INFO L290 TraceCheckUtils]: 69: Hoare triple {26692#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,318 INFO L290 TraceCheckUtils]: 70: Hoare triple {26619#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,319 INFO L290 TraceCheckUtils]: 71: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,319 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {26619#true} {26620#false} #1222#return; {26620#false} is VALID [2022-02-20 17:56:40,319 INFO L290 TraceCheckUtils]: 73: Hoare triple {26620#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {26620#false} is VALID [2022-02-20 17:56:40,319 INFO L290 TraceCheckUtils]: 74: Hoare triple {26620#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {26620#false} is VALID [2022-02-20 17:56:40,319 INFO L272 TraceCheckUtils]: 75: Hoare triple {26620#false} call outgoing(~sender#1, ~email~0#1); {26620#false} is VALID [2022-02-20 17:56:40,319 INFO L290 TraceCheckUtils]: 76: Hoare triple {26620#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {26620#false} is VALID [2022-02-20 17:56:40,319 INFO L272 TraceCheckUtils]: 77: Hoare triple {26620#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {26619#true} is VALID [2022-02-20 17:56:40,320 INFO L290 TraceCheckUtils]: 78: Hoare triple {26619#true} ~handle := #in~handle;havoc ~retValue_acc~31; {26619#true} is VALID [2022-02-20 17:56:40,320 INFO L290 TraceCheckUtils]: 79: Hoare triple {26619#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {26619#true} is VALID [2022-02-20 17:56:40,320 INFO L290 TraceCheckUtils]: 80: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,320 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {26619#true} {26620#false} #1200#return; {26620#false} is VALID [2022-02-20 17:56:40,320 INFO L290 TraceCheckUtils]: 82: Hoare triple {26620#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {26620#false} is VALID [2022-02-20 17:56:40,320 INFO L290 TraceCheckUtils]: 83: Hoare triple {26620#false} assume 0 == sign_~privkey~1#1; {26620#false} is VALID [2022-02-20 17:56:40,320 INFO L290 TraceCheckUtils]: 84: Hoare triple {26620#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {26620#false} is VALID [2022-02-20 17:56:40,321 INFO L272 TraceCheckUtils]: 85: Hoare triple {26620#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {26619#true} is VALID [2022-02-20 17:56:40,321 INFO L290 TraceCheckUtils]: 86: Hoare triple {26619#true} ~handle := #in~handle;havoc ~retValue_acc~25; {26619#true} is VALID [2022-02-20 17:56:40,321 INFO L290 TraceCheckUtils]: 87: Hoare triple {26619#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {26619#true} is VALID [2022-02-20 17:56:40,321 INFO L290 TraceCheckUtils]: 88: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,321 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {26619#true} {26620#false} #1202#return; {26620#false} is VALID [2022-02-20 17:56:40,321 INFO L290 TraceCheckUtils]: 90: Hoare triple {26620#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {26620#false} is VALID [2022-02-20 17:56:40,322 INFO L290 TraceCheckUtils]: 91: Hoare triple {26620#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {26620#false} is VALID [2022-02-20 17:56:40,322 INFO L272 TraceCheckUtils]: 92: Hoare triple {26620#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {26620#false} is VALID [2022-02-20 17:56:40,322 INFO L290 TraceCheckUtils]: 93: Hoare triple {26620#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {26620#false} is VALID [2022-02-20 17:56:40,322 INFO L272 TraceCheckUtils]: 94: Hoare triple {26620#false} call #t~ret19#1 := getEmailTo(~msg#1); {26619#true} is VALID [2022-02-20 17:56:40,322 INFO L290 TraceCheckUtils]: 95: Hoare triple {26619#true} ~handle := #in~handle;havoc ~retValue_acc~10; {26619#true} is VALID [2022-02-20 17:56:40,322 INFO L290 TraceCheckUtils]: 96: Hoare triple {26619#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {26619#true} is VALID [2022-02-20 17:56:40,322 INFO L290 TraceCheckUtils]: 97: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,323 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {26619#true} {26620#false} #1234#return; {26620#false} is VALID [2022-02-20 17:56:40,323 INFO L290 TraceCheckUtils]: 99: Hoare triple {26620#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {26620#false} is VALID [2022-02-20 17:56:40,323 INFO L272 TraceCheckUtils]: 100: Hoare triple {26620#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {26619#true} is VALID [2022-02-20 17:56:40,323 INFO L290 TraceCheckUtils]: 101: Hoare triple {26619#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {26619#true} is VALID [2022-02-20 17:56:40,323 INFO L290 TraceCheckUtils]: 102: Hoare triple {26619#true} assume 1 == ~handle; {26619#true} is VALID [2022-02-20 17:56:40,323 INFO L290 TraceCheckUtils]: 103: Hoare triple {26619#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {26619#true} is VALID [2022-02-20 17:56:40,323 INFO L290 TraceCheckUtils]: 104: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,324 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {26619#true} {26620#false} #1236#return; {26620#false} is VALID [2022-02-20 17:56:40,324 INFO L290 TraceCheckUtils]: 106: Hoare triple {26620#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {26620#false} is VALID [2022-02-20 17:56:40,324 INFO L290 TraceCheckUtils]: 107: Hoare triple {26620#false} assume !(0 != ~pubkey~0#1); {26620#false} is VALID [2022-02-20 17:56:40,324 INFO L290 TraceCheckUtils]: 108: Hoare triple {26620#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {26620#false} is VALID [2022-02-20 17:56:40,324 INFO L290 TraceCheckUtils]: 109: Hoare triple {26620#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {26620#false} is VALID [2022-02-20 17:56:40,324 INFO L290 TraceCheckUtils]: 110: Hoare triple {26620#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {26620#false} is VALID [2022-02-20 17:56:40,325 INFO L272 TraceCheckUtils]: 111: Hoare triple {26620#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {26691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:40,325 INFO L290 TraceCheckUtils]: 112: Hoare triple {26691#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26619#true} is VALID [2022-02-20 17:56:40,325 INFO L290 TraceCheckUtils]: 113: Hoare triple {26619#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26619#true} is VALID [2022-02-20 17:56:40,325 INFO L290 TraceCheckUtils]: 114: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,325 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {26619#true} {26620#false} #1242#return; {26620#false} is VALID [2022-02-20 17:56:40,325 INFO L290 TraceCheckUtils]: 116: Hoare triple {26620#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {26620#false} is VALID [2022-02-20 17:56:40,325 INFO L290 TraceCheckUtils]: 117: Hoare triple {26620#false} assume !(-1 == ~mail_is_sensitive~0); {26620#false} is VALID [2022-02-20 17:56:40,325 INFO L272 TraceCheckUtils]: 118: Hoare triple {26620#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {26619#true} is VALID [2022-02-20 17:56:40,326 INFO L290 TraceCheckUtils]: 119: Hoare triple {26619#true} ~handle := #in~handle;havoc ~retValue_acc~13; {26619#true} is VALID [2022-02-20 17:56:40,326 INFO L290 TraceCheckUtils]: 120: Hoare triple {26619#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {26619#true} is VALID [2022-02-20 17:56:40,326 INFO L290 TraceCheckUtils]: 121: Hoare triple {26619#true} assume true; {26619#true} is VALID [2022-02-20 17:56:40,326 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {26619#true} {26620#false} #1246#return; {26620#false} is VALID [2022-02-20 17:56:40,326 INFO L290 TraceCheckUtils]: 123: Hoare triple {26620#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {26620#false} is VALID [2022-02-20 17:56:40,326 INFO L290 TraceCheckUtils]: 124: Hoare triple {26620#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {26620#false} is VALID [2022-02-20 17:56:40,326 INFO L290 TraceCheckUtils]: 125: Hoare triple {26620#false} assume !false; {26620#false} is VALID [2022-02-20 17:56:40,327 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:56:40,327 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:40,327 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1757138592] [2022-02-20 17:56:40,327 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1757138592] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:56:40,327 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:56:40,327 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:56:40,327 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [714252938] [2022-02-20 17:56:40,328 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:56:40,328 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 126 [2022-02-20 17:56:40,328 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:40,329 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:40,413 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 118 edges. 118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:40,414 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:56:40,414 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:40,415 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:56:40,415 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:56:40,415 INFO L87 Difference]: Start difference. First operand 493 states and 759 transitions. Second operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:50,890 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:50,890 INFO L93 Difference]: Finished difference Result 1095 states and 1713 transitions. [2022-02-20 17:56:50,890 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:56:50,890 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 126 [2022-02-20 17:56:50,891 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:56:50,891 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:50,901 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1460 transitions. [2022-02-20 17:56:50,901 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:50,913 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1460 transitions. [2022-02-20 17:56:50,913 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1460 transitions. [2022-02-20 17:56:52,267 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1460 edges. 1460 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:52,288 INFO L225 Difference]: With dead ends: 1095 [2022-02-20 17:56:52,288 INFO L226 Difference]: Without dead ends: 629 [2022-02-20 17:56:52,290 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:56:52,290 INFO L933 BasicCegarLoop]: 675 mSDtfsCounter, 1689 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 4182 mSolverCounterSat, 630 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1689 SdHoareTripleChecker+Valid, 2041 SdHoareTripleChecker+Invalid, 4812 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 630 IncrementalHoareTripleChecker+Valid, 4182 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.9s IncrementalHoareTripleChecker+Time [2022-02-20 17:56:52,290 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1689 Valid, 2041 Invalid, 4812 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [630 Valid, 4182 Invalid, 0 Unknown, 0 Unchecked, 4.9s Time] [2022-02-20 17:56:52,291 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 629 states. [2022-02-20 17:56:52,382 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 629 to 495. [2022-02-20 17:56:52,382 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:56:52,383 INFO L82 GeneralOperation]: Start isEquivalent. First operand 629 states. Second operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) [2022-02-20 17:56:52,384 INFO L74 IsIncluded]: Start isIncluded. First operand 629 states. Second operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) [2022-02-20 17:56:52,385 INFO L87 Difference]: Start difference. First operand 629 states. Second operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) [2022-02-20 17:56:52,401 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:52,401 INFO L93 Difference]: Finished difference Result 629 states and 990 transitions. [2022-02-20 17:56:52,401 INFO L276 IsEmpty]: Start isEmpty. Operand 629 states and 990 transitions. [2022-02-20 17:56:52,404 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:52,404 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:52,405 INFO L74 IsIncluded]: Start isIncluded. First operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) Second operand 629 states. [2022-02-20 17:56:52,405 INFO L87 Difference]: Start difference. First operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) Second operand 629 states. [2022-02-20 17:56:52,421 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:56:52,422 INFO L93 Difference]: Finished difference Result 629 states and 990 transitions. [2022-02-20 17:56:52,422 INFO L276 IsEmpty]: Start isEmpty. Operand 629 states and 990 transitions. [2022-02-20 17:56:52,424 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:56:52,424 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:56:52,424 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:56:52,424 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:56:52,425 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 495 states, 383 states have (on average 1.556135770234987) internal successors, (596), 391 states have internal predecessors, (596), 79 states have call successors, (79), 28 states have call predecessors, (79), 32 states have return successors, (90), 77 states have call predecessors, (90), 78 states have call successors, (90) [2022-02-20 17:56:52,438 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 495 states to 495 states and 765 transitions. [2022-02-20 17:56:52,438 INFO L78 Accepts]: Start accepts. Automaton has 495 states and 765 transitions. Word has length 126 [2022-02-20 17:56:52,438 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:56:52,438 INFO L470 AbstractCegarLoop]: Abstraction has 495 states and 765 transitions. [2022-02-20 17:56:52,439 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (17), 6 states have call predecessors, (17), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:56:52,439 INFO L276 IsEmpty]: Start isEmpty. Operand 495 states and 765 transitions. [2022-02-20 17:56:52,440 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 128 [2022-02-20 17:56:52,440 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:56:52,440 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:56:52,440 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 17:56:52,441 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION === [outgoing__wrappee__AutoResponderErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:56:52,441 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:56:52,441 INFO L85 PathProgramCache]: Analyzing trace with hash 913432522, now seen corresponding path program 1 times [2022-02-20 17:56:52,441 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:56:52,441 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [196330172] [2022-02-20 17:56:52,441 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:52,441 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:56:52,463 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,490 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:56:52,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,493 INFO L290 TraceCheckUtils]: 0: Hoare triple {30252#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,493 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,493 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,493 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30184#true} {30184#true} #1278#return; {30184#true} is VALID [2022-02-20 17:56:52,499 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:56:52,500 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,501 INFO L290 TraceCheckUtils]: 0: Hoare triple {30253#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,502 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,502 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,502 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30184#true} {30184#true} #1280#return; {30184#true} is VALID [2022-02-20 17:56:52,502 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:56:52,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,515 INFO L290 TraceCheckUtils]: 0: Hoare triple {30252#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30254#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:52,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {30254#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {30254#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:52,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {30254#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30255#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:52,516 INFO L290 TraceCheckUtils]: 3: Hoare triple {30255#(= 2 |setClientId_#in~handle|)} assume true; {30255#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:52,517 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30255#(= 2 |setClientId_#in~handle|)} {30194#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1282#return; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,517 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:56:52,518 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,520 INFO L290 TraceCheckUtils]: 0: Hoare triple {30253#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,520 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,520 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,520 INFO L290 TraceCheckUtils]: 3: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,520 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30184#true} {30200#(not (= ~rjh~0 1))} #1284#return; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,521 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:56:52,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,523 INFO L290 TraceCheckUtils]: 0: Hoare triple {30252#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,523 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,523 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume !(2 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,523 INFO L290 TraceCheckUtils]: 3: Hoare triple {30184#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,524 INFO L290 TraceCheckUtils]: 4: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,524 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30184#true} {30200#(not (= ~rjh~0 1))} #1286#return; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,524 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:56:52,525 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,527 INFO L290 TraceCheckUtils]: 0: Hoare triple {30253#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,527 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume !(2 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,527 INFO L290 TraceCheckUtils]: 3: Hoare triple {30184#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,527 INFO L290 TraceCheckUtils]: 4: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,528 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30184#true} {30200#(not (= ~rjh~0 1))} #1288#return; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,534 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:56:52,535 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {30256#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,537 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,537 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30184#true} {30185#false} #1220#return; {30185#false} is VALID [2022-02-20 17:56:52,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:56:52,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {30257#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,546 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,546 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30184#true} {30185#false} #1222#return; {30185#false} is VALID [2022-02-20 17:56:52,546 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:56:52,547 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,548 INFO L290 TraceCheckUtils]: 0: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~31; {30184#true} is VALID [2022-02-20 17:56:52,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {30184#true} is VALID [2022-02-20 17:56:52,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,548 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30184#true} {30185#false} #1200#return; {30185#false} is VALID [2022-02-20 17:56:52,549 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:56:52,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,550 INFO L290 TraceCheckUtils]: 0: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~25; {30184#true} is VALID [2022-02-20 17:56:52,550 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {30184#true} is VALID [2022-02-20 17:56:52,551 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,551 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30184#true} {30185#false} #1202#return; {30185#false} is VALID [2022-02-20 17:56:52,551 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:56:52,551 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,553 INFO L290 TraceCheckUtils]: 0: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~10; {30184#true} is VALID [2022-02-20 17:56:52,553 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {30184#true} is VALID [2022-02-20 17:56:52,553 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,553 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30184#true} {30185#false} #1234#return; {30185#false} is VALID [2022-02-20 17:56:52,553 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:56:52,554 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,555 INFO L290 TraceCheckUtils]: 0: Hoare triple {30184#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {30184#true} is VALID [2022-02-20 17:56:52,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle; {30184#true} is VALID [2022-02-20 17:56:52,555 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {30184#true} is VALID [2022-02-20 17:56:52,555 INFO L290 TraceCheckUtils]: 3: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,555 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30184#true} {30185#false} #1236#return; {30185#false} is VALID [2022-02-20 17:56:52,555 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:56:52,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,557 INFO L290 TraceCheckUtils]: 0: Hoare triple {30256#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,557 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,557 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,558 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30184#true} {30185#false} #1242#return; {30185#false} is VALID [2022-02-20 17:56:52,558 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:56:52,558 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~13; {30184#true} is VALID [2022-02-20 17:56:52,559 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {30184#true} is VALID [2022-02-20 17:56:52,560 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,560 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30184#true} {30185#false} #1246#return; {30185#false} is VALID [2022-02-20 17:56:52,560 INFO L290 TraceCheckUtils]: 0: Hoare triple {30184#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {30184#true} is VALID [2022-02-20 17:56:52,560 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {30184#true} is VALID [2022-02-20 17:56:52,560 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30184#true} is VALID [2022-02-20 17:56:52,560 INFO L290 TraceCheckUtils]: 3: Hoare triple {30184#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {30184#true} is VALID [2022-02-20 17:56:52,560 INFO L290 TraceCheckUtils]: 4: Hoare triple {30184#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {30184#true} is VALID [2022-02-20 17:56:52,561 INFO L290 TraceCheckUtils]: 5: Hoare triple {30184#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30184#true} is VALID [2022-02-20 17:56:52,561 INFO L272 TraceCheckUtils]: 6: Hoare triple {30184#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30252#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:52,561 INFO L290 TraceCheckUtils]: 7: Hoare triple {30252#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,561 INFO L290 TraceCheckUtils]: 8: Hoare triple {30184#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,562 INFO L290 TraceCheckUtils]: 9: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,562 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30184#true} {30184#true} #1278#return; {30184#true} is VALID [2022-02-20 17:56:52,562 INFO L290 TraceCheckUtils]: 11: Hoare triple {30184#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30184#true} is VALID [2022-02-20 17:56:52,562 INFO L272 TraceCheckUtils]: 12: Hoare triple {30184#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30253#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:52,562 INFO L290 TraceCheckUtils]: 13: Hoare triple {30253#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,563 INFO L290 TraceCheckUtils]: 14: Hoare triple {30184#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,563 INFO L290 TraceCheckUtils]: 15: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,563 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30184#true} {30184#true} #1280#return; {30184#true} is VALID [2022-02-20 17:56:52,563 INFO L290 TraceCheckUtils]: 17: Hoare triple {30184#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30194#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:56:52,564 INFO L272 TraceCheckUtils]: 18: Hoare triple {30194#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30252#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:52,564 INFO L290 TraceCheckUtils]: 19: Hoare triple {30252#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30254#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:52,564 INFO L290 TraceCheckUtils]: 20: Hoare triple {30254#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {30254#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:52,565 INFO L290 TraceCheckUtils]: 21: Hoare triple {30254#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30255#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:52,565 INFO L290 TraceCheckUtils]: 22: Hoare triple {30255#(= 2 |setClientId_#in~handle|)} assume true; {30255#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:56:52,566 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30255#(= 2 |setClientId_#in~handle|)} {30194#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1282#return; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,566 INFO L290 TraceCheckUtils]: 24: Hoare triple {30200#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,566 INFO L272 TraceCheckUtils]: 25: Hoare triple {30200#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30253#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:52,567 INFO L290 TraceCheckUtils]: 26: Hoare triple {30253#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,567 INFO L290 TraceCheckUtils]: 27: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,567 INFO L290 TraceCheckUtils]: 28: Hoare triple {30184#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,567 INFO L290 TraceCheckUtils]: 29: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,567 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30184#true} {30200#(not (= ~rjh~0 1))} #1284#return; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,568 INFO L290 TraceCheckUtils]: 31: Hoare triple {30200#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,568 INFO L272 TraceCheckUtils]: 32: Hoare triple {30200#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30252#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:56:52,568 INFO L290 TraceCheckUtils]: 33: Hoare triple {30252#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,569 INFO L290 TraceCheckUtils]: 34: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,569 INFO L290 TraceCheckUtils]: 35: Hoare triple {30184#true} assume !(2 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,569 INFO L290 TraceCheckUtils]: 36: Hoare triple {30184#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,569 INFO L290 TraceCheckUtils]: 37: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,569 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30184#true} {30200#(not (= ~rjh~0 1))} #1286#return; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,570 INFO L290 TraceCheckUtils]: 39: Hoare triple {30200#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,570 INFO L272 TraceCheckUtils]: 40: Hoare triple {30200#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30253#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:56:52,570 INFO L290 TraceCheckUtils]: 41: Hoare triple {30253#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,570 INFO L290 TraceCheckUtils]: 42: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,571 INFO L290 TraceCheckUtils]: 43: Hoare triple {30184#true} assume !(2 == ~handle); {30184#true} is VALID [2022-02-20 17:56:52,571 INFO L290 TraceCheckUtils]: 44: Hoare triple {30184#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,571 INFO L290 TraceCheckUtils]: 45: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,571 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {30184#true} {30200#(not (= ~rjh~0 1))} #1288#return; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,572 INFO L290 TraceCheckUtils]: 47: Hoare triple {30200#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,572 INFO L290 TraceCheckUtils]: 48: Hoare triple {30200#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,572 INFO L290 TraceCheckUtils]: 49: Hoare triple {30200#(not (= ~rjh~0 1))} assume !false; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,572 INFO L290 TraceCheckUtils]: 50: Hoare triple {30200#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,573 INFO L290 TraceCheckUtils]: 51: Hoare triple {30200#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,573 INFO L290 TraceCheckUtils]: 52: Hoare triple {30200#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,573 INFO L290 TraceCheckUtils]: 53: Hoare triple {30200#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,574 INFO L290 TraceCheckUtils]: 54: Hoare triple {30200#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {30200#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:56:52,574 INFO L290 TraceCheckUtils]: 55: Hoare triple {30200#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {30218#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID [2022-02-20 17:56:52,574 INFO L290 TraceCheckUtils]: 56: Hoare triple {30218#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {30185#false} is VALID [2022-02-20 17:56:52,574 INFO L290 TraceCheckUtils]: 57: Hoare triple {30185#false} assume { :end_inline_setClientAutoResponse } true; {30185#false} is VALID [2022-02-20 17:56:52,574 INFO L290 TraceCheckUtils]: 58: Hoare triple {30185#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {30185#false} is VALID [2022-02-20 17:56:52,575 INFO L290 TraceCheckUtils]: 59: Hoare triple {30185#false} assume !false; {30185#false} is VALID [2022-02-20 17:56:52,575 INFO L290 TraceCheckUtils]: 60: Hoare triple {30185#false} assume !(test_~splverifierCounter~0#1 < 4); {30185#false} is VALID [2022-02-20 17:56:52,575 INFO L290 TraceCheckUtils]: 61: Hoare triple {30185#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {30185#false} is VALID [2022-02-20 17:56:52,575 INFO L272 TraceCheckUtils]: 62: Hoare triple {30185#false} call sendEmail(~bob~0, ~rjh~0); {30185#false} is VALID [2022-02-20 17:56:52,575 INFO L290 TraceCheckUtils]: 63: Hoare triple {30185#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30185#false} is VALID [2022-02-20 17:56:52,575 INFO L272 TraceCheckUtils]: 64: Hoare triple {30185#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30256#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:52,575 INFO L290 TraceCheckUtils]: 65: Hoare triple {30256#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,575 INFO L290 TraceCheckUtils]: 66: Hoare triple {30184#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,576 INFO L290 TraceCheckUtils]: 67: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,576 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {30184#true} {30185#false} #1220#return; {30185#false} is VALID [2022-02-20 17:56:52,576 INFO L272 TraceCheckUtils]: 69: Hoare triple {30185#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30257#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:56:52,576 INFO L290 TraceCheckUtils]: 70: Hoare triple {30257#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,576 INFO L290 TraceCheckUtils]: 71: Hoare triple {30184#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,576 INFO L290 TraceCheckUtils]: 72: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,576 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {30184#true} {30185#false} #1222#return; {30185#false} is VALID [2022-02-20 17:56:52,576 INFO L290 TraceCheckUtils]: 74: Hoare triple {30185#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {30185#false} is VALID [2022-02-20 17:56:52,576 INFO L290 TraceCheckUtils]: 75: Hoare triple {30185#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {30185#false} is VALID [2022-02-20 17:56:52,577 INFO L272 TraceCheckUtils]: 76: Hoare triple {30185#false} call outgoing(~sender#1, ~email~0#1); {30185#false} is VALID [2022-02-20 17:56:52,577 INFO L290 TraceCheckUtils]: 77: Hoare triple {30185#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {30185#false} is VALID [2022-02-20 17:56:52,577 INFO L272 TraceCheckUtils]: 78: Hoare triple {30185#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {30184#true} is VALID [2022-02-20 17:56:52,577 INFO L290 TraceCheckUtils]: 79: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~31; {30184#true} is VALID [2022-02-20 17:56:52,577 INFO L290 TraceCheckUtils]: 80: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {30184#true} is VALID [2022-02-20 17:56:52,577 INFO L290 TraceCheckUtils]: 81: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,577 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {30184#true} {30185#false} #1200#return; {30185#false} is VALID [2022-02-20 17:56:52,577 INFO L290 TraceCheckUtils]: 83: Hoare triple {30185#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {30185#false} is VALID [2022-02-20 17:56:52,578 INFO L290 TraceCheckUtils]: 84: Hoare triple {30185#false} assume 0 == sign_~privkey~1#1; {30185#false} is VALID [2022-02-20 17:56:52,578 INFO L290 TraceCheckUtils]: 85: Hoare triple {30185#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {30185#false} is VALID [2022-02-20 17:56:52,578 INFO L272 TraceCheckUtils]: 86: Hoare triple {30185#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30184#true} is VALID [2022-02-20 17:56:52,578 INFO L290 TraceCheckUtils]: 87: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~25; {30184#true} is VALID [2022-02-20 17:56:52,578 INFO L290 TraceCheckUtils]: 88: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {30184#true} is VALID [2022-02-20 17:56:52,578 INFO L290 TraceCheckUtils]: 89: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,578 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {30184#true} {30185#false} #1202#return; {30185#false} is VALID [2022-02-20 17:56:52,578 INFO L290 TraceCheckUtils]: 91: Hoare triple {30185#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {30185#false} is VALID [2022-02-20 17:56:52,579 INFO L290 TraceCheckUtils]: 92: Hoare triple {30185#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {30185#false} is VALID [2022-02-20 17:56:52,579 INFO L272 TraceCheckUtils]: 93: Hoare triple {30185#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30185#false} is VALID [2022-02-20 17:56:52,579 INFO L290 TraceCheckUtils]: 94: Hoare triple {30185#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {30185#false} is VALID [2022-02-20 17:56:52,579 INFO L272 TraceCheckUtils]: 95: Hoare triple {30185#false} call #t~ret19#1 := getEmailTo(~msg#1); {30184#true} is VALID [2022-02-20 17:56:52,579 INFO L290 TraceCheckUtils]: 96: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~10; {30184#true} is VALID [2022-02-20 17:56:52,579 INFO L290 TraceCheckUtils]: 97: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {30184#true} is VALID [2022-02-20 17:56:52,579 INFO L290 TraceCheckUtils]: 98: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,579 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {30184#true} {30185#false} #1234#return; {30185#false} is VALID [2022-02-20 17:56:52,579 INFO L290 TraceCheckUtils]: 100: Hoare triple {30185#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {30185#false} is VALID [2022-02-20 17:56:52,580 INFO L272 TraceCheckUtils]: 101: Hoare triple {30185#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {30184#true} is VALID [2022-02-20 17:56:52,580 INFO L290 TraceCheckUtils]: 102: Hoare triple {30184#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {30184#true} is VALID [2022-02-20 17:56:52,580 INFO L290 TraceCheckUtils]: 103: Hoare triple {30184#true} assume 1 == ~handle; {30184#true} is VALID [2022-02-20 17:56:52,580 INFO L290 TraceCheckUtils]: 104: Hoare triple {30184#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {30184#true} is VALID [2022-02-20 17:56:52,580 INFO L290 TraceCheckUtils]: 105: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,580 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {30184#true} {30185#false} #1236#return; {30185#false} is VALID [2022-02-20 17:56:52,580 INFO L290 TraceCheckUtils]: 107: Hoare triple {30185#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {30185#false} is VALID [2022-02-20 17:56:52,580 INFO L290 TraceCheckUtils]: 108: Hoare triple {30185#false} assume !(0 != ~pubkey~0#1); {30185#false} is VALID [2022-02-20 17:56:52,581 INFO L290 TraceCheckUtils]: 109: Hoare triple {30185#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {30185#false} is VALID [2022-02-20 17:56:52,581 INFO L290 TraceCheckUtils]: 110: Hoare triple {30185#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {30185#false} is VALID [2022-02-20 17:56:52,581 INFO L290 TraceCheckUtils]: 111: Hoare triple {30185#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {30185#false} is VALID [2022-02-20 17:56:52,581 INFO L272 TraceCheckUtils]: 112: Hoare triple {30185#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {30256#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:56:52,581 INFO L290 TraceCheckUtils]: 113: Hoare triple {30256#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:52,581 INFO L290 TraceCheckUtils]: 114: Hoare triple {30184#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:52,581 INFO L290 TraceCheckUtils]: 115: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,581 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {30184#true} {30185#false} #1242#return; {30185#false} is VALID [2022-02-20 17:56:52,582 INFO L290 TraceCheckUtils]: 117: Hoare triple {30185#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {30185#false} is VALID [2022-02-20 17:56:52,582 INFO L290 TraceCheckUtils]: 118: Hoare triple {30185#false} assume !(-1 == ~mail_is_sensitive~0); {30185#false} is VALID [2022-02-20 17:56:52,582 INFO L272 TraceCheckUtils]: 119: Hoare triple {30185#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {30184#true} is VALID [2022-02-20 17:56:52,582 INFO L290 TraceCheckUtils]: 120: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~13; {30184#true} is VALID [2022-02-20 17:56:52,582 INFO L290 TraceCheckUtils]: 121: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {30184#true} is VALID [2022-02-20 17:56:52,582 INFO L290 TraceCheckUtils]: 122: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:52,582 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {30184#true} {30185#false} #1246#return; {30185#false} is VALID [2022-02-20 17:56:52,582 INFO L290 TraceCheckUtils]: 124: Hoare triple {30185#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {30185#false} is VALID [2022-02-20 17:56:52,582 INFO L290 TraceCheckUtils]: 125: Hoare triple {30185#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {30185#false} is VALID [2022-02-20 17:56:52,583 INFO L290 TraceCheckUtils]: 126: Hoare triple {30185#false} assume !false; {30185#false} is VALID [2022-02-20 17:56:52,583 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 23 trivial. 0 not checked. [2022-02-20 17:56:52,583 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:56:52,583 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [196330172] [2022-02-20 17:56:52,583 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [196330172] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:56:52,583 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1709492453] [2022-02-20 17:56:52,584 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:56:52,584 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:56:52,584 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:56:52,585 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:56:52,586 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 17:56:52,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,821 INFO L263 TraceCheckSpWp]: Trace formula consists of 1187 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:56:52,869 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:56:52,870 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:56:53,173 INFO L290 TraceCheckUtils]: 0: Hoare triple {30184#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {30184#true} is VALID [2022-02-20 17:56:53,173 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {30184#true} is VALID [2022-02-20 17:56:53,173 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30184#true} is VALID [2022-02-20 17:56:53,173 INFO L290 TraceCheckUtils]: 3: Hoare triple {30184#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {30184#true} is VALID [2022-02-20 17:56:53,173 INFO L290 TraceCheckUtils]: 4: Hoare triple {30184#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {30184#true} is VALID [2022-02-20 17:56:53,174 INFO L290 TraceCheckUtils]: 5: Hoare triple {30184#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30184#true} is VALID [2022-02-20 17:56:53,174 INFO L272 TraceCheckUtils]: 6: Hoare triple {30184#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30184#true} is VALID [2022-02-20 17:56:53,174 INFO L290 TraceCheckUtils]: 7: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,174 INFO L290 TraceCheckUtils]: 8: Hoare triple {30184#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,175 INFO L290 TraceCheckUtils]: 9: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,175 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30184#true} {30184#true} #1278#return; {30184#true} is VALID [2022-02-20 17:56:53,175 INFO L290 TraceCheckUtils]: 11: Hoare triple {30184#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30184#true} is VALID [2022-02-20 17:56:53,175 INFO L272 TraceCheckUtils]: 12: Hoare triple {30184#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30184#true} is VALID [2022-02-20 17:56:53,175 INFO L290 TraceCheckUtils]: 13: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,175 INFO L290 TraceCheckUtils]: 14: Hoare triple {30184#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,175 INFO L290 TraceCheckUtils]: 15: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,175 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30184#true} {30184#true} #1280#return; {30184#true} is VALID [2022-02-20 17:56:53,176 INFO L290 TraceCheckUtils]: 17: Hoare triple {30184#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30184#true} is VALID [2022-02-20 17:56:53,176 INFO L272 TraceCheckUtils]: 18: Hoare triple {30184#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30184#true} is VALID [2022-02-20 17:56:53,176 INFO L290 TraceCheckUtils]: 19: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,176 INFO L290 TraceCheckUtils]: 20: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,176 INFO L290 TraceCheckUtils]: 21: Hoare triple {30184#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,176 INFO L290 TraceCheckUtils]: 22: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,176 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30184#true} {30184#true} #1282#return; {30184#true} is VALID [2022-02-20 17:56:53,176 INFO L290 TraceCheckUtils]: 24: Hoare triple {30184#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {30184#true} is VALID [2022-02-20 17:56:53,177 INFO L272 TraceCheckUtils]: 25: Hoare triple {30184#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30184#true} is VALID [2022-02-20 17:56:53,177 INFO L290 TraceCheckUtils]: 26: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,177 INFO L290 TraceCheckUtils]: 27: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,177 INFO L290 TraceCheckUtils]: 28: Hoare triple {30184#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,177 INFO L290 TraceCheckUtils]: 29: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,177 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30184#true} {30184#true} #1284#return; {30184#true} is VALID [2022-02-20 17:56:53,178 INFO L290 TraceCheckUtils]: 31: Hoare triple {30184#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30184#true} is VALID [2022-02-20 17:56:53,178 INFO L272 TraceCheckUtils]: 32: Hoare triple {30184#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30184#true} is VALID [2022-02-20 17:56:53,178 INFO L290 TraceCheckUtils]: 33: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,178 INFO L290 TraceCheckUtils]: 34: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,178 INFO L290 TraceCheckUtils]: 35: Hoare triple {30184#true} assume !(2 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,178 INFO L290 TraceCheckUtils]: 36: Hoare triple {30184#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,178 INFO L290 TraceCheckUtils]: 37: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,178 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30184#true} {30184#true} #1286#return; {30184#true} is VALID [2022-02-20 17:56:53,179 INFO L290 TraceCheckUtils]: 39: Hoare triple {30184#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {30184#true} is VALID [2022-02-20 17:56:53,179 INFO L272 TraceCheckUtils]: 40: Hoare triple {30184#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30184#true} is VALID [2022-02-20 17:56:53,179 INFO L290 TraceCheckUtils]: 41: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,179 INFO L290 TraceCheckUtils]: 42: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,179 INFO L290 TraceCheckUtils]: 43: Hoare triple {30184#true} assume !(2 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,179 INFO L290 TraceCheckUtils]: 44: Hoare triple {30184#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,179 INFO L290 TraceCheckUtils]: 45: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,179 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {30184#true} {30184#true} #1288#return; {30184#true} is VALID [2022-02-20 17:56:53,179 INFO L290 TraceCheckUtils]: 47: Hoare triple {30184#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {30184#true} is VALID [2022-02-20 17:56:53,180 INFO L290 TraceCheckUtils]: 48: Hoare triple {30184#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30405#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:53,180 INFO L290 TraceCheckUtils]: 49: Hoare triple {30405#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {30405#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:53,181 INFO L290 TraceCheckUtils]: 50: Hoare triple {30405#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {30405#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:56:53,182 INFO L290 TraceCheckUtils]: 51: Hoare triple {30405#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:53,182 INFO L290 TraceCheckUtils]: 52: Hoare triple {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:53,182 INFO L290 TraceCheckUtils]: 53: Hoare triple {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:53,183 INFO L290 TraceCheckUtils]: 54: Hoare triple {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:53,183 INFO L290 TraceCheckUtils]: 55: Hoare triple {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:53,183 INFO L290 TraceCheckUtils]: 56: Hoare triple {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:53,184 INFO L290 TraceCheckUtils]: 57: Hoare triple {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:53,184 INFO L290 TraceCheckUtils]: 58: Hoare triple {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:53,184 INFO L290 TraceCheckUtils]: 59: Hoare triple {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:56:53,185 INFO L290 TraceCheckUtils]: 60: Hoare triple {30415#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {30185#false} is VALID [2022-02-20 17:56:53,185 INFO L290 TraceCheckUtils]: 61: Hoare triple {30185#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {30185#false} is VALID [2022-02-20 17:56:53,185 INFO L272 TraceCheckUtils]: 62: Hoare triple {30185#false} call sendEmail(~bob~0, ~rjh~0); {30185#false} is VALID [2022-02-20 17:56:53,185 INFO L290 TraceCheckUtils]: 63: Hoare triple {30185#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30185#false} is VALID [2022-02-20 17:56:53,185 INFO L272 TraceCheckUtils]: 64: Hoare triple {30185#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30185#false} is VALID [2022-02-20 17:56:53,185 INFO L290 TraceCheckUtils]: 65: Hoare triple {30185#false} ~handle := #in~handle;~value := #in~value; {30185#false} is VALID [2022-02-20 17:56:53,185 INFO L290 TraceCheckUtils]: 66: Hoare triple {30185#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30185#false} is VALID [2022-02-20 17:56:53,186 INFO L290 TraceCheckUtils]: 67: Hoare triple {30185#false} assume true; {30185#false} is VALID [2022-02-20 17:56:53,186 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {30185#false} {30185#false} #1220#return; {30185#false} is VALID [2022-02-20 17:56:53,186 INFO L272 TraceCheckUtils]: 69: Hoare triple {30185#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30185#false} is VALID [2022-02-20 17:56:53,186 INFO L290 TraceCheckUtils]: 70: Hoare triple {30185#false} ~handle := #in~handle;~value := #in~value; {30185#false} is VALID [2022-02-20 17:56:53,186 INFO L290 TraceCheckUtils]: 71: Hoare triple {30185#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30185#false} is VALID [2022-02-20 17:56:53,186 INFO L290 TraceCheckUtils]: 72: Hoare triple {30185#false} assume true; {30185#false} is VALID [2022-02-20 17:56:53,186 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {30185#false} {30185#false} #1222#return; {30185#false} is VALID [2022-02-20 17:56:53,186 INFO L290 TraceCheckUtils]: 74: Hoare triple {30185#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {30185#false} is VALID [2022-02-20 17:56:53,186 INFO L290 TraceCheckUtils]: 75: Hoare triple {30185#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {30185#false} is VALID [2022-02-20 17:56:53,187 INFO L272 TraceCheckUtils]: 76: Hoare triple {30185#false} call outgoing(~sender#1, ~email~0#1); {30185#false} is VALID [2022-02-20 17:56:53,187 INFO L290 TraceCheckUtils]: 77: Hoare triple {30185#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {30185#false} is VALID [2022-02-20 17:56:53,187 INFO L272 TraceCheckUtils]: 78: Hoare triple {30185#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {30185#false} is VALID [2022-02-20 17:56:53,187 INFO L290 TraceCheckUtils]: 79: Hoare triple {30185#false} ~handle := #in~handle;havoc ~retValue_acc~31; {30185#false} is VALID [2022-02-20 17:56:53,187 INFO L290 TraceCheckUtils]: 80: Hoare triple {30185#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {30185#false} is VALID [2022-02-20 17:56:53,187 INFO L290 TraceCheckUtils]: 81: Hoare triple {30185#false} assume true; {30185#false} is VALID [2022-02-20 17:56:53,187 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {30185#false} {30185#false} #1200#return; {30185#false} is VALID [2022-02-20 17:56:53,187 INFO L290 TraceCheckUtils]: 83: Hoare triple {30185#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {30185#false} is VALID [2022-02-20 17:56:53,188 INFO L290 TraceCheckUtils]: 84: Hoare triple {30185#false} assume 0 == sign_~privkey~1#1; {30185#false} is VALID [2022-02-20 17:56:53,188 INFO L290 TraceCheckUtils]: 85: Hoare triple {30185#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {30185#false} is VALID [2022-02-20 17:56:53,188 INFO L272 TraceCheckUtils]: 86: Hoare triple {30185#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30185#false} is VALID [2022-02-20 17:56:53,188 INFO L290 TraceCheckUtils]: 87: Hoare triple {30185#false} ~handle := #in~handle;havoc ~retValue_acc~25; {30185#false} is VALID [2022-02-20 17:56:53,188 INFO L290 TraceCheckUtils]: 88: Hoare triple {30185#false} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {30185#false} is VALID [2022-02-20 17:56:53,188 INFO L290 TraceCheckUtils]: 89: Hoare triple {30185#false} assume true; {30185#false} is VALID [2022-02-20 17:56:53,188 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {30185#false} {30185#false} #1202#return; {30185#false} is VALID [2022-02-20 17:56:53,188 INFO L290 TraceCheckUtils]: 91: Hoare triple {30185#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {30185#false} is VALID [2022-02-20 17:56:53,189 INFO L290 TraceCheckUtils]: 92: Hoare triple {30185#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {30185#false} is VALID [2022-02-20 17:56:53,189 INFO L272 TraceCheckUtils]: 93: Hoare triple {30185#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30185#false} is VALID [2022-02-20 17:56:53,189 INFO L290 TraceCheckUtils]: 94: Hoare triple {30185#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {30185#false} is VALID [2022-02-20 17:56:53,189 INFO L272 TraceCheckUtils]: 95: Hoare triple {30185#false} call #t~ret19#1 := getEmailTo(~msg#1); {30185#false} is VALID [2022-02-20 17:56:53,189 INFO L290 TraceCheckUtils]: 96: Hoare triple {30185#false} ~handle := #in~handle;havoc ~retValue_acc~10; {30185#false} is VALID [2022-02-20 17:56:53,189 INFO L290 TraceCheckUtils]: 97: Hoare triple {30185#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {30185#false} is VALID [2022-02-20 17:56:53,189 INFO L290 TraceCheckUtils]: 98: Hoare triple {30185#false} assume true; {30185#false} is VALID [2022-02-20 17:56:53,189 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {30185#false} {30185#false} #1234#return; {30185#false} is VALID [2022-02-20 17:56:53,189 INFO L290 TraceCheckUtils]: 100: Hoare triple {30185#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {30185#false} is VALID [2022-02-20 17:56:53,190 INFO L272 TraceCheckUtils]: 101: Hoare triple {30185#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {30185#false} is VALID [2022-02-20 17:56:53,190 INFO L290 TraceCheckUtils]: 102: Hoare triple {30185#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {30185#false} is VALID [2022-02-20 17:56:53,190 INFO L290 TraceCheckUtils]: 103: Hoare triple {30185#false} assume 1 == ~handle; {30185#false} is VALID [2022-02-20 17:56:53,190 INFO L290 TraceCheckUtils]: 104: Hoare triple {30185#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {30185#false} is VALID [2022-02-20 17:56:53,190 INFO L290 TraceCheckUtils]: 105: Hoare triple {30185#false} assume true; {30185#false} is VALID [2022-02-20 17:56:53,190 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {30185#false} {30185#false} #1236#return; {30185#false} is VALID [2022-02-20 17:56:53,190 INFO L290 TraceCheckUtils]: 107: Hoare triple {30185#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {30185#false} is VALID [2022-02-20 17:56:53,190 INFO L290 TraceCheckUtils]: 108: Hoare triple {30185#false} assume !(0 != ~pubkey~0#1); {30185#false} is VALID [2022-02-20 17:56:53,191 INFO L290 TraceCheckUtils]: 109: Hoare triple {30185#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {30185#false} is VALID [2022-02-20 17:56:53,191 INFO L290 TraceCheckUtils]: 110: Hoare triple {30185#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {30185#false} is VALID [2022-02-20 17:56:53,191 INFO L290 TraceCheckUtils]: 111: Hoare triple {30185#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {30185#false} is VALID [2022-02-20 17:56:53,191 INFO L272 TraceCheckUtils]: 112: Hoare triple {30185#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {30185#false} is VALID [2022-02-20 17:56:53,191 INFO L290 TraceCheckUtils]: 113: Hoare triple {30185#false} ~handle := #in~handle;~value := #in~value; {30185#false} is VALID [2022-02-20 17:56:53,191 INFO L290 TraceCheckUtils]: 114: Hoare triple {30185#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30185#false} is VALID [2022-02-20 17:56:53,191 INFO L290 TraceCheckUtils]: 115: Hoare triple {30185#false} assume true; {30185#false} is VALID [2022-02-20 17:56:53,191 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {30185#false} {30185#false} #1242#return; {30185#false} is VALID [2022-02-20 17:56:53,192 INFO L290 TraceCheckUtils]: 117: Hoare triple {30185#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {30185#false} is VALID [2022-02-20 17:56:53,192 INFO L290 TraceCheckUtils]: 118: Hoare triple {30185#false} assume !(-1 == ~mail_is_sensitive~0); {30185#false} is VALID [2022-02-20 17:56:53,192 INFO L272 TraceCheckUtils]: 119: Hoare triple {30185#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {30185#false} is VALID [2022-02-20 17:56:53,192 INFO L290 TraceCheckUtils]: 120: Hoare triple {30185#false} ~handle := #in~handle;havoc ~retValue_acc~13; {30185#false} is VALID [2022-02-20 17:56:53,192 INFO L290 TraceCheckUtils]: 121: Hoare triple {30185#false} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {30185#false} is VALID [2022-02-20 17:56:53,192 INFO L290 TraceCheckUtils]: 122: Hoare triple {30185#false} assume true; {30185#false} is VALID [2022-02-20 17:56:53,192 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {30185#false} {30185#false} #1246#return; {30185#false} is VALID [2022-02-20 17:56:53,192 INFO L290 TraceCheckUtils]: 124: Hoare triple {30185#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {30185#false} is VALID [2022-02-20 17:56:53,193 INFO L290 TraceCheckUtils]: 125: Hoare triple {30185#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {30185#false} is VALID [2022-02-20 17:56:53,193 INFO L290 TraceCheckUtils]: 126: Hoare triple {30185#false} assume !false; {30185#false} is VALID [2022-02-20 17:56:53,193 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:56:53,193 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 17:56:53,552 INFO L290 TraceCheckUtils]: 126: Hoare triple {30185#false} assume !false; {30185#false} is VALID [2022-02-20 17:56:53,553 INFO L290 TraceCheckUtils]: 125: Hoare triple {30185#false} assume ~mail_is_sensitive~0 != __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;assume { :begin_inline___automaton_fail } true; {30185#false} is VALID [2022-02-20 17:56:53,553 INFO L290 TraceCheckUtils]: 124: Hoare triple {30185#false} assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1 := __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1; {30185#false} is VALID [2022-02-20 17:56:53,553 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {30184#true} {30185#false} #1246#return; {30185#false} is VALID [2022-02-20 17:56:53,553 INFO L290 TraceCheckUtils]: 122: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,553 INFO L290 TraceCheckUtils]: 121: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~13 := ~__ste_email_isEncrypted0~0;#res := ~retValue_acc~13; {30184#true} is VALID [2022-02-20 17:56:53,553 INFO L290 TraceCheckUtils]: 120: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~13; {30184#true} is VALID [2022-02-20 17:56:53,553 INFO L272 TraceCheckUtils]: 119: Hoare triple {30185#false} call __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1 := isEncrypted(__utac_acc__AddressBookEncrypt_spec__1_~msg#1); {30184#true} is VALID [2022-02-20 17:56:53,553 INFO L290 TraceCheckUtils]: 118: Hoare triple {30185#false} assume !(-1 == ~mail_is_sensitive~0); {30185#false} is VALID [2022-02-20 17:56:53,554 INFO L290 TraceCheckUtils]: 117: Hoare triple {30185#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret16#1, mail_#t~ret17#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1, mail_~tmp~1#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~__utac__ad__arg2~0#1;havoc mail_~tmp~1#1;mail_~__utac__ad__arg1~0#1 := mail_~client#1;mail_~__utac__ad__arg2~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__AddressBookEncrypt_spec__1 } true;__utac_acc__AddressBookEncrypt_spec__1_#in~client#1, __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1, mail_~__utac__ad__arg2~0#1;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret46#1, __utac_acc__AddressBookEncrypt_spec__1_#t~ret47#1, __utac_acc__AddressBookEncrypt_spec__1_~client#1, __utac_acc__AddressBookEncrypt_spec__1_~msg#1, __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;__utac_acc__AddressBookEncrypt_spec__1_~client#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~client#1;__utac_acc__AddressBookEncrypt_spec__1_~msg#1 := __utac_acc__AddressBookEncrypt_spec__1_#in~msg#1;havoc __utac_acc__AddressBookEncrypt_spec__1_~tmp~12#1;call __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 := puts(10, 0);assume -2147483648 <= __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 && __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1 <= 2147483647;havoc __utac_acc__AddressBookEncrypt_spec__1_#t~ret45#1; {30185#false} is VALID [2022-02-20 17:56:53,554 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {30184#true} {30185#false} #1242#return; {30185#false} is VALID [2022-02-20 17:56:53,554 INFO L290 TraceCheckUtils]: 115: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,554 INFO L290 TraceCheckUtils]: 114: Hoare triple {30184#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,554 INFO L290 TraceCheckUtils]: 113: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,554 INFO L272 TraceCheckUtils]: 112: Hoare triple {30185#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1); {30184#true} is VALID [2022-02-20 17:56:53,554 INFO L290 TraceCheckUtils]: 111: Hoare triple {30185#false} outgoing__wrappee__Keys_#t~ret18#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret18#1 && outgoing__wrappee__Keys_#t~ret18#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~2#1 := outgoing__wrappee__Keys_#t~ret18#1;havoc outgoing__wrappee__Keys_#t~ret18#1; {30185#false} is VALID [2022-02-20 17:56:53,554 INFO L290 TraceCheckUtils]: 110: Hoare triple {30185#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~38#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~38#1; {30185#false} is VALID [2022-02-20 17:56:53,555 INFO L290 TraceCheckUtils]: 109: Hoare triple {30185#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret18#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~2#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~2#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~38#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~38#1; {30185#false} is VALID [2022-02-20 17:56:53,555 INFO L290 TraceCheckUtils]: 108: Hoare triple {30185#false} assume !(0 != ~pubkey~0#1); {30185#false} is VALID [2022-02-20 17:56:53,555 INFO L290 TraceCheckUtils]: 107: Hoare triple {30185#false} assume -2147483648 <= #t~ret20#1 && #t~ret20#1 <= 2147483647;~tmp___0~1#1 := #t~ret20#1;havoc #t~ret20#1;~pubkey~0#1 := ~tmp___0~1#1; {30185#false} is VALID [2022-02-20 17:56:53,555 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {30184#true} {30185#false} #1236#return; {30185#false} is VALID [2022-02-20 17:56:53,555 INFO L290 TraceCheckUtils]: 105: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,555 INFO L290 TraceCheckUtils]: 104: Hoare triple {30184#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~36 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~36; {30184#true} is VALID [2022-02-20 17:56:53,555 INFO L290 TraceCheckUtils]: 103: Hoare triple {30184#true} assume 1 == ~handle; {30184#true} is VALID [2022-02-20 17:56:53,555 INFO L290 TraceCheckUtils]: 102: Hoare triple {30184#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~36; {30184#true} is VALID [2022-02-20 17:56:53,555 INFO L272 TraceCheckUtils]: 101: Hoare triple {30185#false} call #t~ret20#1 := findPublicKey(~client#1, ~receiver~0#1); {30184#true} is VALID [2022-02-20 17:56:53,556 INFO L290 TraceCheckUtils]: 100: Hoare triple {30185#false} assume -2147483648 <= #t~ret19#1 && #t~ret19#1 <= 2147483647;~tmp~3#1 := #t~ret19#1;havoc #t~ret19#1;~receiver~0#1 := ~tmp~3#1; {30185#false} is VALID [2022-02-20 17:56:53,556 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {30184#true} {30185#false} #1234#return; {30185#false} is VALID [2022-02-20 17:56:53,556 INFO L290 TraceCheckUtils]: 98: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,556 INFO L290 TraceCheckUtils]: 97: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_email_to0~0;#res := ~retValue_acc~10; {30184#true} is VALID [2022-02-20 17:56:53,556 INFO L290 TraceCheckUtils]: 96: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~10; {30184#true} is VALID [2022-02-20 17:56:53,556 INFO L272 TraceCheckUtils]: 95: Hoare triple {30185#false} call #t~ret19#1 := getEmailTo(~msg#1); {30184#true} is VALID [2022-02-20 17:56:53,556 INFO L290 TraceCheckUtils]: 94: Hoare triple {30185#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~3#1;havoc ~pubkey~0#1;havoc ~tmp___0~1#1; {30185#false} is VALID [2022-02-20 17:56:53,556 INFO L272 TraceCheckUtils]: 93: Hoare triple {30185#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30185#false} is VALID [2022-02-20 17:56:53,557 INFO L290 TraceCheckUtils]: 92: Hoare triple {30185#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {30185#false} is VALID [2022-02-20 17:56:53,557 INFO L290 TraceCheckUtils]: 91: Hoare triple {30185#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret21#1 && outgoing__wrappee__AddressBook_#t~ret21#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~4#1 := outgoing__wrappee__AddressBook_#t~ret21#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~4#1; {30185#false} is VALID [2022-02-20 17:56:53,557 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {30184#true} {30185#false} #1202#return; {30185#false} is VALID [2022-02-20 17:56:53,557 INFO L290 TraceCheckUtils]: 89: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,557 INFO L290 TraceCheckUtils]: 88: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~25 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~25; {30184#true} is VALID [2022-02-20 17:56:53,557 INFO L290 TraceCheckUtils]: 87: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~25; {30184#true} is VALID [2022-02-20 17:56:53,557 INFO L272 TraceCheckUtils]: 86: Hoare triple {30185#false} call outgoing__wrappee__AddressBook_#t~ret21#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30184#true} is VALID [2022-02-20 17:56:53,557 INFO L290 TraceCheckUtils]: 85: Hoare triple {30185#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret21#1, outgoing__wrappee__AddressBook_#t~ret22#1, outgoing__wrappee__AddressBook_#t~ret23#1, outgoing__wrappee__AddressBook_#t~ret24#1, outgoing__wrappee__AddressBook_#t~ret25#1, outgoing__wrappee__AddressBook_#t~ret26#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~4#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~2#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~1#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~4#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~2#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~1#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {30185#false} is VALID [2022-02-20 17:56:53,557 INFO L290 TraceCheckUtils]: 84: Hoare triple {30185#false} assume 0 == sign_~privkey~1#1; {30185#false} is VALID [2022-02-20 17:56:53,558 INFO L290 TraceCheckUtils]: 83: Hoare triple {30185#false} assume -2147483648 <= sign_#t~ret38#1 && sign_#t~ret38#1 <= 2147483647;sign_~tmp~10#1 := sign_#t~ret38#1;havoc sign_#t~ret38#1;sign_~privkey~1#1 := sign_~tmp~10#1; {30185#false} is VALID [2022-02-20 17:56:53,558 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {30184#true} {30185#false} #1200#return; {30185#false} is VALID [2022-02-20 17:56:53,558 INFO L290 TraceCheckUtils]: 81: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,558 INFO L290 TraceCheckUtils]: 80: Hoare triple {30184#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~31; {30184#true} is VALID [2022-02-20 17:56:53,558 INFO L290 TraceCheckUtils]: 79: Hoare triple {30184#true} ~handle := #in~handle;havoc ~retValue_acc~31; {30184#true} is VALID [2022-02-20 17:56:53,558 INFO L272 TraceCheckUtils]: 78: Hoare triple {30185#false} call sign_#t~ret38#1 := getClientPrivateKey(sign_~client#1); {30184#true} is VALID [2022-02-20 17:56:53,558 INFO L290 TraceCheckUtils]: 77: Hoare triple {30185#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret38#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~10#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~10#1; {30185#false} is VALID [2022-02-20 17:56:53,558 INFO L272 TraceCheckUtils]: 76: Hoare triple {30185#false} call outgoing(~sender#1, ~email~0#1); {30185#false} is VALID [2022-02-20 17:56:53,559 INFO L290 TraceCheckUtils]: 75: Hoare triple {30185#false} #t~ret34#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret34#1 && #t~ret34#1 <= 2147483647;~tmp~8#1 := #t~ret34#1;havoc #t~ret34#1;~email~0#1 := ~tmp~8#1; {30185#false} is VALID [2022-02-20 17:56:53,559 INFO L290 TraceCheckUtils]: 74: Hoare triple {30185#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {30185#false} is VALID [2022-02-20 17:56:53,559 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {30184#true} {30185#false} #1222#return; {30185#false} is VALID [2022-02-20 17:56:53,559 INFO L290 TraceCheckUtils]: 72: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,559 INFO L290 TraceCheckUtils]: 71: Hoare triple {30184#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,559 INFO L290 TraceCheckUtils]: 70: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,559 INFO L272 TraceCheckUtils]: 69: Hoare triple {30185#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30184#true} is VALID [2022-02-20 17:56:53,559 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {30184#true} {30185#false} #1220#return; {30185#false} is VALID [2022-02-20 17:56:53,560 INFO L290 TraceCheckUtils]: 67: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,560 INFO L290 TraceCheckUtils]: 66: Hoare triple {30184#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,560 INFO L290 TraceCheckUtils]: 65: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,560 INFO L272 TraceCheckUtils]: 64: Hoare triple {30185#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30184#true} is VALID [2022-02-20 17:56:53,560 INFO L290 TraceCheckUtils]: 63: Hoare triple {30185#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~8#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30185#false} is VALID [2022-02-20 17:56:53,560 INFO L272 TraceCheckUtils]: 62: Hoare triple {30185#false} call sendEmail(~bob~0, ~rjh~0); {30185#false} is VALID [2022-02-20 17:56:53,560 INFO L290 TraceCheckUtils]: 61: Hoare triple {30185#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret94#1, bobToRjh_#t~ret95#1, bobToRjh_#t~ret96#1, bobToRjh_#t~ret97#1, bobToRjh_~tmp~23#1, bobToRjh_~tmp___0~8#1, bobToRjh_~tmp___1~5#1;havoc bobToRjh_~tmp~23#1;havoc bobToRjh_~tmp___0~8#1;havoc bobToRjh_~tmp___1~5#1;call bobToRjh_#t~ret94#1 := puts(33, 0);assume -2147483648 <= bobToRjh_#t~ret94#1 && bobToRjh_#t~ret94#1 <= 2147483647;havoc bobToRjh_#t~ret94#1; {30185#false} is VALID [2022-02-20 17:56:53,561 INFO L290 TraceCheckUtils]: 60: Hoare triple {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {30185#false} is VALID [2022-02-20 17:56:53,561 INFO L290 TraceCheckUtils]: 59: Hoare triple {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:53,561 INFO L290 TraceCheckUtils]: 58: Hoare triple {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:53,562 INFO L290 TraceCheckUtils]: 57: Hoare triple {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:53,562 INFO L290 TraceCheckUtils]: 56: Hoare triple {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:53,562 INFO L290 TraceCheckUtils]: 55: Hoare triple {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:53,563 INFO L290 TraceCheckUtils]: 54: Hoare triple {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:53,563 INFO L290 TraceCheckUtils]: 53: Hoare triple {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:53,563 INFO L290 TraceCheckUtils]: 52: Hoare triple {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:53,564 INFO L290 TraceCheckUtils]: 51: Hoare triple {30867#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30839#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:56:53,564 INFO L290 TraceCheckUtils]: 50: Hoare triple {30867#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {30867#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:56:53,564 INFO L290 TraceCheckUtils]: 49: Hoare triple {30867#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {30867#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:56:53,565 INFO L290 TraceCheckUtils]: 48: Hoare triple {30184#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_#t~nondet8#1, test_#t~nondet9#1, test_#t~nondet10#1, test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_#t~nondet15#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30867#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:56:53,565 INFO L290 TraceCheckUtils]: 47: Hoare triple {30184#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset := 37, 0;havoc setup_#t~nondet101#1; {30184#true} is VALID [2022-02-20 17:56:53,565 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {30184#true} {30184#true} #1288#return; {30184#true} is VALID [2022-02-20 17:56:53,565 INFO L290 TraceCheckUtils]: 45: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,565 INFO L290 TraceCheckUtils]: 44: Hoare triple {30184#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,565 INFO L290 TraceCheckUtils]: 43: Hoare triple {30184#true} assume !(2 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,565 INFO L290 TraceCheckUtils]: 42: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,566 INFO L290 TraceCheckUtils]: 41: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,566 INFO L272 TraceCheckUtils]: 40: Hoare triple {30184#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30184#true} is VALID [2022-02-20 17:56:53,566 INFO L290 TraceCheckUtils]: 39: Hoare triple {30184#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {30184#true} is VALID [2022-02-20 17:56:53,566 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30184#true} {30184#true} #1286#return; {30184#true} is VALID [2022-02-20 17:56:53,566 INFO L290 TraceCheckUtils]: 37: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,566 INFO L290 TraceCheckUtils]: 36: Hoare triple {30184#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,566 INFO L290 TraceCheckUtils]: 35: Hoare triple {30184#true} assume !(2 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,566 INFO L290 TraceCheckUtils]: 34: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,567 INFO L290 TraceCheckUtils]: 33: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,567 INFO L272 TraceCheckUtils]: 32: Hoare triple {30184#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30184#true} is VALID [2022-02-20 17:56:53,567 INFO L290 TraceCheckUtils]: 31: Hoare triple {30184#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 36, 0;havoc setup_#t~nondet100#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30184#true} is VALID [2022-02-20 17:56:53,567 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30184#true} {30184#true} #1284#return; {30184#true} is VALID [2022-02-20 17:56:53,567 INFO L290 TraceCheckUtils]: 29: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,567 INFO L290 TraceCheckUtils]: 28: Hoare triple {30184#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,567 INFO L290 TraceCheckUtils]: 27: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,567 INFO L290 TraceCheckUtils]: 26: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,567 INFO L272 TraceCheckUtils]: 25: Hoare triple {30184#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30184#true} is VALID [2022-02-20 17:56:53,568 INFO L290 TraceCheckUtils]: 24: Hoare triple {30184#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {30184#true} is VALID [2022-02-20 17:56:53,568 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30184#true} {30184#true} #1282#return; {30184#true} is VALID [2022-02-20 17:56:53,568 INFO L290 TraceCheckUtils]: 22: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,568 INFO L290 TraceCheckUtils]: 21: Hoare triple {30184#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,568 INFO L290 TraceCheckUtils]: 20: Hoare triple {30184#true} assume !(1 == ~handle); {30184#true} is VALID [2022-02-20 17:56:53,568 INFO L290 TraceCheckUtils]: 19: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,568 INFO L272 TraceCheckUtils]: 18: Hoare triple {30184#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30184#true} is VALID [2022-02-20 17:56:53,568 INFO L290 TraceCheckUtils]: 17: Hoare triple {30184#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 35, 0;havoc setup_#t~nondet99#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30184#true} is VALID [2022-02-20 17:56:53,568 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30184#true} {30184#true} #1280#return; {30184#true} is VALID [2022-02-20 17:56:53,569 INFO L290 TraceCheckUtils]: 15: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,569 INFO L290 TraceCheckUtils]: 14: Hoare triple {30184#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,569 INFO L290 TraceCheckUtils]: 13: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,569 INFO L272 TraceCheckUtils]: 12: Hoare triple {30184#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30184#true} is VALID [2022-02-20 17:56:53,569 INFO L290 TraceCheckUtils]: 11: Hoare triple {30184#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30184#true} is VALID [2022-02-20 17:56:53,569 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30184#true} {30184#true} #1278#return; {30184#true} is VALID [2022-02-20 17:56:53,569 INFO L290 TraceCheckUtils]: 9: Hoare triple {30184#true} assume true; {30184#true} is VALID [2022-02-20 17:56:53,569 INFO L290 TraceCheckUtils]: 8: Hoare triple {30184#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30184#true} is VALID [2022-02-20 17:56:53,570 INFO L290 TraceCheckUtils]: 7: Hoare triple {30184#true} ~handle := #in~handle;~value := #in~value; {30184#true} is VALID [2022-02-20 17:56:53,570 INFO L272 TraceCheckUtils]: 6: Hoare triple {30184#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30184#true} is VALID [2022-02-20 17:56:53,570 INFO L290 TraceCheckUtils]: 5: Hoare triple {30184#true} assume 0 != main_~tmp~24#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet99#1, setup_#t~nondet100#1, setup_#t~nondet101#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~4#1.base, setup_~__cil_tmp3~4#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30184#true} is VALID [2022-02-20 17:56:53,570 INFO L290 TraceCheckUtils]: 4: Hoare triple {30184#true} main_#t~ret102#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret102#1 && main_#t~ret102#1 <= 2147483647;main_~tmp~24#1 := main_#t~ret102#1;havoc main_#t~ret102#1; {30184#true} is VALID [2022-02-20 17:56:53,570 INFO L290 TraceCheckUtils]: 3: Hoare triple {30184#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~1#1;havoc valid_product_~retValue_acc~1#1;valid_product_~retValue_acc~1#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~1#1; {30184#true} is VALID [2022-02-20 17:56:53,570 INFO L290 TraceCheckUtils]: 2: Hoare triple {30184#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30184#true} is VALID [2022-02-20 17:56:53,570 INFO L290 TraceCheckUtils]: 1: Hoare triple {30184#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret102#1, main_~retValue_acc~43#1, main_~tmp~24#1;havoc main_~retValue_acc~43#1;havoc main_~tmp~24#1;assume { :begin_inline_select_helpers } true; {30184#true} is VALID [2022-02-20 17:56:53,570 INFO L290 TraceCheckUtils]: 0: Hoare triple {30184#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(34, 5);call #Ultimate.allocInit(30, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(20, 8);call #Ultimate.allocInit(22, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(115, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(44, 33);call #Ultimate.allocInit(44, 34);call #Ultimate.allocInit(9, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(11, 37);call #Ultimate.allocInit(19, 38);call #Ultimate.allocInit(4, 39);call write~init~int(37, 39, 0, 1);call write~init~int(100, 39, 1, 1);call write~init~int(10, 39, 2, 1);call write~init~int(0, 39, 3, 1);call #Ultimate.allocInit(4, 40);call write~init~int(37, 40, 0, 1);call write~init~int(100, 40, 1, 1);call write~init~int(10, 40, 2, 1);call write~init~int(0, 40, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~mail_is_sensitive~0 := -1;~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0; {30184#true} is VALID [2022-02-20 17:56:53,571 INFO L134 CoverageAnalysis]: Checked inductivity of 32 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:56:53,571 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1709492453] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 17:56:53,571 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 17:56:53,571 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15 [2022-02-20 17:56:53,573 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [475114108] [2022-02-20 17:56:53,573 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 17:56:53,573 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 10.285714285714286) internal successors, (144), 11 states have internal predecessors, (144), 4 states have call successors, (34), 6 states have call predecessors, (34), 3 states have return successors, (26), 3 states have call predecessors, (26), 4 states have call successors, (26) Word has length 127 [2022-02-20 17:56:53,655 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:56:53,656 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 14 states have (on average 10.285714285714286) internal successors, (144), 11 states have internal predecessors, (144), 4 states have call successors, (34), 6 states have call predecessors, (34), 3 states have return successors, (26), 3 states have call predecessors, (26), 4 states have call successors, (26) [2022-02-20 17:56:53,817 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 204 edges. 204 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:56:53,818 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 17:56:53,818 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:56:53,818 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 17:56:53,818 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=177, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:56:53,819 INFO L87 Difference]: Start difference. First operand 495 states and 765 transitions. Second operand has 15 states, 14 states have (on average 10.285714285714286) internal successors, (144), 11 states have internal predecessors, (144), 4 states have call successors, (34), 6 states have call predecessors, (34), 3 states have return successors, (26), 3 states have call predecessors, (26), 4 states have call successors, (26)