./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec3_product23.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec3_product23.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash c32d742da56eb7f975371d3819f8188d43c88569b223fcc4a7217dc4d57efe24 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:57:53,639 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:57:53,640 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:57:53,659 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:57:53,659 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:57:53,660 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:57:53,661 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:57:53,662 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:57:53,663 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:57:53,664 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:57:53,665 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:57:53,666 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:57:53,666 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:57:53,667 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:57:53,667 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:57:53,668 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:57:53,669 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:57:53,671 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:57:53,672 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:57:53,676 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:57:53,680 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:57:53,681 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:57:53,682 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:57:53,682 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:57:53,684 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:57:53,685 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:57:53,685 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:57:53,685 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:57:53,686 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:57:53,686 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:57:53,687 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:57:53,687 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:57:53,688 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:57:53,688 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:57:53,689 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:57:53,690 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:57:53,691 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:57:53,691 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:57:53,691 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:57:53,691 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:57:53,692 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:57:53,693 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:57:53,706 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:57:53,709 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:57:53,710 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:57:53,710 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:57:53,710 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:57:53,711 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:57:53,712 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:57:53,712 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:57:53,712 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:57:53,712 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:57:53,713 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:57:53,713 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:57:53,713 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:57:53,713 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:57:53,713 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:57:53,714 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:57:53,714 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:57:53,714 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:57:53,714 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:57:53,714 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:57:53,714 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:57:53,714 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:57:53,715 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:57:53,715 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:57:53,715 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:57:53,715 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:57:53,715 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:57:53,716 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:57:53,716 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:57:53,717 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:57:53,717 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:57:53,717 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:57:53,717 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:57:53,717 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> c32d742da56eb7f975371d3819f8188d43c88569b223fcc4a7217dc4d57efe24 [2022-02-20 17:57:53,908 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:57:53,927 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:57:53,929 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:57:53,931 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:57:53,931 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:57:53,932 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec3_product23.cil.c [2022-02-20 17:57:53,981 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/82d367773/af16e9a9a93f4f8b80f1a5f60ebdaa1a/FLAGef61e44fc [2022-02-20 17:57:54,462 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:57:54,462 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product23.cil.c [2022-02-20 17:57:54,505 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/82d367773/af16e9a9a93f4f8b80f1a5f60ebdaa1a/FLAGef61e44fc [2022-02-20 17:57:55,007 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/82d367773/af16e9a9a93f4f8b80f1a5f60ebdaa1a [2022-02-20 17:57:55,017 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:57:55,018 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:57:55,020 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:57:55,020 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:57:55,022 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:57:55,023 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,024 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@53b19337 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55, skipping insertion in model container [2022-02-20 17:57:55,024 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,031 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:57:55,079 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:57:55,346 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product23.cil.c[22258,22271] [2022-02-20 17:57:55,523 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:57:55,534 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:57:55,594 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product23.cil.c[22258,22271] [2022-02-20 17:57:55,631 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:57:55,676 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:57:55,676 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55 WrapperNode [2022-02-20 17:57:55,677 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:57:55,677 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:57:55,677 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:57:55,678 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:57:55,682 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,715 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,782 INFO L137 Inliner]: procedures = 131, calls = 227, calls flagged for inlining = 58, calls inlined = 51, statements flattened = 958 [2022-02-20 17:57:55,786 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:57:55,786 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:57:55,787 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:57:55,787 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:57:55,793 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,793 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,803 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,817 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,857 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,863 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,867 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,898 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:57:55,900 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:57:55,900 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:57:55,901 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:57:55,902 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (1/1) ... [2022-02-20 17:57:55,907 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:57:55,915 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:57:55,926 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:57:55,960 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:57:55,988 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:57:55,988 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:57:55,988 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:57:55,988 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:57:55,988 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:57:55,989 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:57:55,989 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__AutoResponder [2022-02-20 17:57:55,989 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__AutoResponder [2022-02-20 17:57:55,989 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:57:55,989 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:57:55,989 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:57:55,989 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:57:55,989 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:57:55,990 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:57:55,990 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:57:55,990 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:57:55,990 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:57:55,990 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:57:55,990 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:57:55,990 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:57:55,991 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:57:55,991 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:57:55,991 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:57:55,991 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:57:55,991 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:57:55,991 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:57:55,991 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:57:55,991 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:57:55,992 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:57:55,992 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:57:55,992 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:57:55,992 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:57:55,992 INFO L130 BoogieDeclarations]: Found specification of procedure __automaton_fail [2022-02-20 17:57:55,992 INFO L138 BoogieDeclarations]: Found implementation of procedure __automaton_fail [2022-02-20 17:57:55,992 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:57:55,992 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:57:55,993 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:57:55,993 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:57:55,993 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:57:55,993 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:57:55,993 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:57:55,993 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:57:55,994 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:57:55,994 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:57:55,994 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:57:55,994 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:57:55,994 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:57:55,994 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:57:55,994 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:57:55,995 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:57:55,995 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:57:55,995 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:57:55,995 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:57:56,233 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:57:56,235 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:57:56,873 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:57:56,881 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:57:56,882 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:57:56,883 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:57:56 BoogieIcfgContainer [2022-02-20 17:57:56,883 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:57:56,884 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:57:56,884 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:57:56,887 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:57:56,887 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:57:55" (1/3) ... [2022-02-20 17:57:56,887 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3459f0df and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:57:56, skipping insertion in model container [2022-02-20 17:57:56,887 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:57:55" (2/3) ... [2022-02-20 17:57:56,888 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3459f0df and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:57:56, skipping insertion in model container [2022-02-20 17:57:56,888 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:57:56" (3/3) ... [2022-02-20 17:57:56,889 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec3_product23.cil.c [2022-02-20 17:57:56,892 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:57:56,892 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:57:56,922 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:57:56,926 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:57:56,926 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:57:56,947 INFO L276 IsEmpty]: Start isEmpty. Operand has 384 states, 300 states have (on average 1.5666666666666667) internal successors, (470), 305 states have internal predecessors, (470), 58 states have call successors, (58), 24 states have call predecessors, (58), 24 states have return successors, (58), 56 states have call predecessors, (58), 58 states have call successors, (58) [2022-02-20 17:57:56,961 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 132 [2022-02-20 17:57:56,961 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:56,962 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:56,962 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:56,966 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:56,966 INFO L85 PathProgramCache]: Analyzing trace with hash -391445380, now seen corresponding path program 1 times [2022-02-20 17:57:56,972 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:56,973 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1486360519] [2022-02-20 17:57:56,973 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:56,974 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:57,161 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:57:57,295 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,307 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {387#true} #1181#return; {387#true} is VALID [2022-02-20 17:57:57,314 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:57:57,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,324 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,324 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,324 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,324 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {387#true} #1183#return; {387#true} is VALID [2022-02-20 17:57:57,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:57,328 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {462#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:57,350 INFO L290 TraceCheckUtils]: 1: Hoare triple {462#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {463#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:57,351 INFO L290 TraceCheckUtils]: 2: Hoare triple {463#(= |setClientId_#in~handle| 1)} assume true; {463#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:57,352 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {463#(= |setClientId_#in~handle| 1)} {397#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1185#return; {388#false} is VALID [2022-02-20 17:57:57,353 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:57:57,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,362 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,362 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,362 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,363 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1187#return; {388#false} is VALID [2022-02-20 17:57:57,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:57:57,369 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,373 INFO L290 TraceCheckUtils]: 0: Hoare triple {460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,373 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,374 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,374 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1189#return; {388#false} is VALID [2022-02-20 17:57:57,375 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:57:57,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,386 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,387 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,387 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,388 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1191#return; {388#false} is VALID [2022-02-20 17:57:57,395 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:57:57,398 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,400 INFO L290 TraceCheckUtils]: 0: Hoare triple {464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,400 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,401 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,401 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1133#return; {388#false} is VALID [2022-02-20 17:57:57,408 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:57:57,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,412 INFO L290 TraceCheckUtils]: 0: Hoare triple {465#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,412 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,413 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1135#return; {388#false} is VALID [2022-02-20 17:57:57,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:57:57,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,416 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~29; {387#true} is VALID [2022-02-20 17:57:57,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {387#true} is VALID [2022-02-20 17:57:57,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,417 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1115#return; {388#false} is VALID [2022-02-20 17:57:57,417 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:57:57,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,421 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~7; {387#true} is VALID [2022-02-20 17:57:57,421 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {387#true} is VALID [2022-02-20 17:57:57,421 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,421 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1117#return; {388#false} is VALID [2022-02-20 17:57:57,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:57:57,422 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,425 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {387#true} is VALID [2022-02-20 17:57:57,425 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle; {387#true} is VALID [2022-02-20 17:57:57,425 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {387#true} is VALID [2022-02-20 17:57:57,425 INFO L290 TraceCheckUtils]: 3: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,425 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {387#true} {388#false} #1119#return; {388#false} is VALID [2022-02-20 17:57:57,426 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:57:57,427 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,429 INFO L290 TraceCheckUtils]: 0: Hoare triple {465#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,429 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,430 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,430 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1121#return; {388#false} is VALID [2022-02-20 17:57:57,430 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:57:57,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,433 INFO L290 TraceCheckUtils]: 0: Hoare triple {464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,433 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,433 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,434 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1147#return; {388#false} is VALID [2022-02-20 17:57:57,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:57:57,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~12; {387#true} is VALID [2022-02-20 17:57:57,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {387#true} is VALID [2022-02-20 17:57:57,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,437 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1149#return; {388#false} is VALID [2022-02-20 17:57:57,437 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:57:57,438 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,440 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~7; {387#true} is VALID [2022-02-20 17:57:57,440 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {387#true} is VALID [2022-02-20 17:57:57,441 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,441 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1151#return; {388#false} is VALID [2022-02-20 17:57:57,441 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:57:57,442 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,444 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~6; {387#true} is VALID [2022-02-20 17:57:57,444 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {387#true} is VALID [2022-02-20 17:57:57,444 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,444 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {387#true} {388#false} #1153#return; {388#false} is VALID [2022-02-20 17:57:57,445 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 17:57:57,445 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,447 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {387#true} is VALID [2022-02-20 17:57:57,448 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume 1 == ~handle; {387#true} is VALID [2022-02-20 17:57:57,448 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {387#true} is VALID [2022-02-20 17:57:57,448 INFO L290 TraceCheckUtils]: 3: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,448 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {387#true} {388#false} #1155#return; {388#false} is VALID [2022-02-20 17:57:57,449 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {387#true} is VALID [2022-02-20 17:57:57,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {387#true} is VALID [2022-02-20 17:57:57,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {387#true} is VALID [2022-02-20 17:57:57,450 INFO L290 TraceCheckUtils]: 3: Hoare triple {387#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {387#true} is VALID [2022-02-20 17:57:57,450 INFO L290 TraceCheckUtils]: 4: Hoare triple {387#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {387#true} is VALID [2022-02-20 17:57:57,450 INFO L290 TraceCheckUtils]: 5: Hoare triple {387#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {387#true} is VALID [2022-02-20 17:57:57,451 INFO L272 TraceCheckUtils]: 6: Hoare triple {387#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:57,451 INFO L290 TraceCheckUtils]: 7: Hoare triple {460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,451 INFO L290 TraceCheckUtils]: 8: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,451 INFO L290 TraceCheckUtils]: 9: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,452 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {387#true} {387#true} #1181#return; {387#true} is VALID [2022-02-20 17:57:57,452 INFO L290 TraceCheckUtils]: 11: Hoare triple {387#true} assume { :end_inline_setup_bob__wrappee__Base } true; {387#true} is VALID [2022-02-20 17:57:57,453 INFO L272 TraceCheckUtils]: 12: Hoare triple {387#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:57,453 INFO L290 TraceCheckUtils]: 13: Hoare triple {461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,453 INFO L290 TraceCheckUtils]: 14: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,453 INFO L290 TraceCheckUtils]: 15: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,453 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {387#true} {387#true} #1183#return; {387#true} is VALID [2022-02-20 17:57:57,454 INFO L290 TraceCheckUtils]: 17: Hoare triple {387#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {397#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:57:57,455 INFO L272 TraceCheckUtils]: 18: Hoare triple {397#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:57,455 INFO L290 TraceCheckUtils]: 19: Hoare triple {460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {462#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:57,456 INFO L290 TraceCheckUtils]: 20: Hoare triple {462#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {463#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:57,456 INFO L290 TraceCheckUtils]: 21: Hoare triple {463#(= |setClientId_#in~handle| 1)} assume true; {463#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:57,457 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {463#(= |setClientId_#in~handle| 1)} {397#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1185#return; {388#false} is VALID [2022-02-20 17:57:57,457 INFO L290 TraceCheckUtils]: 23: Hoare triple {388#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {388#false} is VALID [2022-02-20 17:57:57,457 INFO L272 TraceCheckUtils]: 24: Hoare triple {388#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:57,457 INFO L290 TraceCheckUtils]: 25: Hoare triple {461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,457 INFO L290 TraceCheckUtils]: 26: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,458 INFO L290 TraceCheckUtils]: 27: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,458 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {387#true} {388#false} #1187#return; {388#false} is VALID [2022-02-20 17:57:57,458 INFO L290 TraceCheckUtils]: 29: Hoare triple {388#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {388#false} is VALID [2022-02-20 17:57:57,458 INFO L272 TraceCheckUtils]: 30: Hoare triple {388#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:57,458 INFO L290 TraceCheckUtils]: 31: Hoare triple {460#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,458 INFO L290 TraceCheckUtils]: 32: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,459 INFO L290 TraceCheckUtils]: 33: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,459 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {387#true} {388#false} #1189#return; {388#false} is VALID [2022-02-20 17:57:57,459 INFO L290 TraceCheckUtils]: 35: Hoare triple {388#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {388#false} is VALID [2022-02-20 17:57:57,459 INFO L272 TraceCheckUtils]: 36: Hoare triple {388#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:57,459 INFO L290 TraceCheckUtils]: 37: Hoare triple {461#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,460 INFO L290 TraceCheckUtils]: 38: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,460 INFO L290 TraceCheckUtils]: 39: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,460 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {387#true} {388#false} #1191#return; {388#false} is VALID [2022-02-20 17:57:57,460 INFO L290 TraceCheckUtils]: 41: Hoare triple {388#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {388#false} is VALID [2022-02-20 17:57:57,460 INFO L290 TraceCheckUtils]: 42: Hoare triple {388#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {388#false} is VALID [2022-02-20 17:57:57,461 INFO L290 TraceCheckUtils]: 43: Hoare triple {388#false} assume !true; {388#false} is VALID [2022-02-20 17:57:57,461 INFO L290 TraceCheckUtils]: 44: Hoare triple {388#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {388#false} is VALID [2022-02-20 17:57:57,461 INFO L272 TraceCheckUtils]: 45: Hoare triple {388#false} call sendEmail(~bob~0, ~rjh~0); {388#false} is VALID [2022-02-20 17:57:57,461 INFO L290 TraceCheckUtils]: 46: Hoare triple {388#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {388#false} is VALID [2022-02-20 17:57:57,461 INFO L272 TraceCheckUtils]: 47: Hoare triple {388#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:57,462 INFO L290 TraceCheckUtils]: 48: Hoare triple {464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,462 INFO L290 TraceCheckUtils]: 49: Hoare triple {387#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,462 INFO L290 TraceCheckUtils]: 50: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,462 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {387#true} {388#false} #1133#return; {388#false} is VALID [2022-02-20 17:57:57,462 INFO L272 TraceCheckUtils]: 52: Hoare triple {388#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {465#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:57,462 INFO L290 TraceCheckUtils]: 53: Hoare triple {465#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,463 INFO L290 TraceCheckUtils]: 54: Hoare triple {387#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,463 INFO L290 TraceCheckUtils]: 55: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,463 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {387#true} {388#false} #1135#return; {388#false} is VALID [2022-02-20 17:57:57,463 INFO L290 TraceCheckUtils]: 57: Hoare triple {388#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {388#false} is VALID [2022-02-20 17:57:57,463 INFO L290 TraceCheckUtils]: 58: Hoare triple {388#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {388#false} is VALID [2022-02-20 17:57:57,464 INFO L272 TraceCheckUtils]: 59: Hoare triple {388#false} call outgoing(~sender#1, ~email~0#1); {388#false} is VALID [2022-02-20 17:57:57,464 INFO L290 TraceCheckUtils]: 60: Hoare triple {388#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {388#false} is VALID [2022-02-20 17:57:57,464 INFO L290 TraceCheckUtils]: 61: Hoare triple {388#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {388#false} is VALID [2022-02-20 17:57:57,464 INFO L290 TraceCheckUtils]: 62: Hoare triple {388#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {388#false} is VALID [2022-02-20 17:57:57,464 INFO L290 TraceCheckUtils]: 63: Hoare triple {388#false} assume 0 == sign_~privkey~0#1; {388#false} is VALID [2022-02-20 17:57:57,465 INFO L290 TraceCheckUtils]: 64: Hoare triple {388#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {388#false} is VALID [2022-02-20 17:57:57,465 INFO L272 TraceCheckUtils]: 65: Hoare triple {388#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {387#true} is VALID [2022-02-20 17:57:57,465 INFO L290 TraceCheckUtils]: 66: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~29; {387#true} is VALID [2022-02-20 17:57:57,465 INFO L290 TraceCheckUtils]: 67: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {387#true} is VALID [2022-02-20 17:57:57,465 INFO L290 TraceCheckUtils]: 68: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,465 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {387#true} {388#false} #1115#return; {388#false} is VALID [2022-02-20 17:57:57,466 INFO L290 TraceCheckUtils]: 70: Hoare triple {388#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {388#false} is VALID [2022-02-20 17:57:57,466 INFO L290 TraceCheckUtils]: 71: Hoare triple {388#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {388#false} is VALID [2022-02-20 17:57:57,466 INFO L290 TraceCheckUtils]: 72: Hoare triple {388#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret87#1 := puts(37, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret87#1; {388#false} is VALID [2022-02-20 17:57:57,466 INFO L272 TraceCheckUtils]: 73: Hoare triple {388#false} call outgoing__wrappee__AddressBook_#t~ret88#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {387#true} is VALID [2022-02-20 17:57:57,466 INFO L290 TraceCheckUtils]: 74: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~7; {387#true} is VALID [2022-02-20 17:57:57,467 INFO L290 TraceCheckUtils]: 75: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {387#true} is VALID [2022-02-20 17:57:57,467 INFO L290 TraceCheckUtils]: 76: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,467 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {387#true} {388#false} #1117#return; {388#false} is VALID [2022-02-20 17:57:57,467 INFO L290 TraceCheckUtils]: 78: Hoare triple {388#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret88#1;havoc outgoing__wrappee__AddressBook_#t~ret88#1;outgoing__wrappee__AddressBook_~receiver~0#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret89#1 := puts(38, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret89#1; {388#false} is VALID [2022-02-20 17:57:57,467 INFO L272 TraceCheckUtils]: 79: Hoare triple {388#false} call outgoing__wrappee__AddressBook_#t~ret90#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {387#true} is VALID [2022-02-20 17:57:57,487 INFO L290 TraceCheckUtils]: 80: Hoare triple {387#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {387#true} is VALID [2022-02-20 17:57:57,487 INFO L290 TraceCheckUtils]: 81: Hoare triple {387#true} assume 1 == ~handle; {387#true} is VALID [2022-02-20 17:57:57,487 INFO L290 TraceCheckUtils]: 82: Hoare triple {387#true} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {387#true} is VALID [2022-02-20 17:57:57,487 INFO L290 TraceCheckUtils]: 83: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,488 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {387#true} {388#false} #1119#return; {388#false} is VALID [2022-02-20 17:57:57,488 INFO L290 TraceCheckUtils]: 85: Hoare triple {388#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~4#1 := outgoing__wrappee__AddressBook_#t~ret90#1;havoc outgoing__wrappee__AddressBook_#t~ret90#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~4#1; {388#false} is VALID [2022-02-20 17:57:57,488 INFO L272 TraceCheckUtils]: 86: Hoare triple {388#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {465#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:57,488 INFO L290 TraceCheckUtils]: 87: Hoare triple {465#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,488 INFO L290 TraceCheckUtils]: 88: Hoare triple {387#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,489 INFO L290 TraceCheckUtils]: 89: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,489 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {387#true} {388#false} #1121#return; {388#false} is VALID [2022-02-20 17:57:57,489 INFO L272 TraceCheckUtils]: 91: Hoare triple {388#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {388#false} is VALID [2022-02-20 17:57:57,489 INFO L290 TraceCheckUtils]: 92: Hoare triple {388#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {388#false} is VALID [2022-02-20 17:57:57,489 INFO L290 TraceCheckUtils]: 93: Hoare triple {388#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {388#false} is VALID [2022-02-20 17:57:57,489 INFO L290 TraceCheckUtils]: 94: Hoare triple {388#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {388#false} is VALID [2022-02-20 17:57:57,490 INFO L272 TraceCheckUtils]: 95: Hoare triple {388#false} call setEmailFrom(~msg#1, ~tmp~12#1); {464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:57,490 INFO L290 TraceCheckUtils]: 96: Hoare triple {464#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:57,490 INFO L290 TraceCheckUtils]: 97: Hoare triple {387#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:57,490 INFO L290 TraceCheckUtils]: 98: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,490 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {387#true} {388#false} #1147#return; {388#false} is VALID [2022-02-20 17:57:57,490 INFO L290 TraceCheckUtils]: 100: Hoare triple {388#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {388#false} is VALID [2022-02-20 17:57:57,491 INFO L272 TraceCheckUtils]: 101: Hoare triple {388#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {387#true} is VALID [2022-02-20 17:57:57,491 INFO L290 TraceCheckUtils]: 102: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~12; {387#true} is VALID [2022-02-20 17:57:57,491 INFO L290 TraceCheckUtils]: 103: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {387#true} is VALID [2022-02-20 17:57:57,491 INFO L290 TraceCheckUtils]: 104: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,491 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {387#true} {388#false} #1149#return; {388#false} is VALID [2022-02-20 17:57:57,492 INFO L290 TraceCheckUtils]: 106: Hoare triple {388#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {388#false} is VALID [2022-02-20 17:57:57,492 INFO L290 TraceCheckUtils]: 107: Hoare triple {388#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {388#false} is VALID [2022-02-20 17:57:57,492 INFO L272 TraceCheckUtils]: 108: Hoare triple {388#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {387#true} is VALID [2022-02-20 17:57:57,492 INFO L290 TraceCheckUtils]: 109: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~7; {387#true} is VALID [2022-02-20 17:57:57,492 INFO L290 TraceCheckUtils]: 110: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {387#true} is VALID [2022-02-20 17:57:57,492 INFO L290 TraceCheckUtils]: 111: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,493 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {387#true} {388#false} #1151#return; {388#false} is VALID [2022-02-20 17:57:57,493 INFO L290 TraceCheckUtils]: 113: Hoare triple {388#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {388#false} is VALID [2022-02-20 17:57:57,493 INFO L290 TraceCheckUtils]: 114: Hoare triple {388#false} assume 1 == ~sent_signed~0; {388#false} is VALID [2022-02-20 17:57:57,493 INFO L272 TraceCheckUtils]: 115: Hoare triple {388#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {387#true} is VALID [2022-02-20 17:57:57,493 INFO L290 TraceCheckUtils]: 116: Hoare triple {387#true} ~handle := #in~handle;havoc ~retValue_acc~6; {387#true} is VALID [2022-02-20 17:57:57,493 INFO L290 TraceCheckUtils]: 117: Hoare triple {387#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {387#true} is VALID [2022-02-20 17:57:57,494 INFO L290 TraceCheckUtils]: 118: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,494 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {387#true} {388#false} #1153#return; {388#false} is VALID [2022-02-20 17:57:57,494 INFO L290 TraceCheckUtils]: 120: Hoare triple {388#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {388#false} is VALID [2022-02-20 17:57:57,494 INFO L272 TraceCheckUtils]: 121: Hoare triple {388#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {387#true} is VALID [2022-02-20 17:57:57,494 INFO L290 TraceCheckUtils]: 122: Hoare triple {387#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {387#true} is VALID [2022-02-20 17:57:57,494 INFO L290 TraceCheckUtils]: 123: Hoare triple {387#true} assume 1 == ~handle; {387#true} is VALID [2022-02-20 17:57:57,495 INFO L290 TraceCheckUtils]: 124: Hoare triple {387#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {387#true} is VALID [2022-02-20 17:57:57,495 INFO L290 TraceCheckUtils]: 125: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:57,495 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {387#true} {388#false} #1155#return; {388#false} is VALID [2022-02-20 17:57:57,495 INFO L290 TraceCheckUtils]: 127: Hoare triple {388#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {388#false} is VALID [2022-02-20 17:57:57,495 INFO L290 TraceCheckUtils]: 128: Hoare triple {388#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {388#false} is VALID [2022-02-20 17:57:57,495 INFO L272 TraceCheckUtils]: 129: Hoare triple {388#false} call __automaton_fail(); {388#false} is VALID [2022-02-20 17:57:57,496 INFO L290 TraceCheckUtils]: 130: Hoare triple {388#false} assume !false; {388#false} is VALID [2022-02-20 17:57:57,496 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:57:57,497 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:57,497 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1486360519] [2022-02-20 17:57:57,498 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1486360519] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:57:57,498 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1447936295] [2022-02-20 17:57:57,498 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:57,498 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:57:57,498 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:57:57,505 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:57:57,509 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:57:57,768 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,773 INFO L263 TraceCheckSpWp]: Trace formula consists of 1224 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:57:57,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:57,832 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:57:58,115 INFO L290 TraceCheckUtils]: 0: Hoare triple {387#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {387#true} is VALID [2022-02-20 17:57:58,116 INFO L290 TraceCheckUtils]: 1: Hoare triple {387#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {387#true} is VALID [2022-02-20 17:57:58,116 INFO L290 TraceCheckUtils]: 2: Hoare triple {387#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {387#true} is VALID [2022-02-20 17:57:58,116 INFO L290 TraceCheckUtils]: 3: Hoare triple {387#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {387#true} is VALID [2022-02-20 17:57:58,116 INFO L290 TraceCheckUtils]: 4: Hoare triple {387#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {387#true} is VALID [2022-02-20 17:57:58,117 INFO L290 TraceCheckUtils]: 5: Hoare triple {387#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {387#true} is VALID [2022-02-20 17:57:58,117 INFO L272 TraceCheckUtils]: 6: Hoare triple {387#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {387#true} is VALID [2022-02-20 17:57:58,117 INFO L290 TraceCheckUtils]: 7: Hoare triple {387#true} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:58,117 INFO L290 TraceCheckUtils]: 8: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:58,117 INFO L290 TraceCheckUtils]: 9: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:58,117 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {387#true} {387#true} #1181#return; {387#true} is VALID [2022-02-20 17:57:58,118 INFO L290 TraceCheckUtils]: 11: Hoare triple {387#true} assume { :end_inline_setup_bob__wrappee__Base } true; {387#true} is VALID [2022-02-20 17:57:58,118 INFO L272 TraceCheckUtils]: 12: Hoare triple {387#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {387#true} is VALID [2022-02-20 17:57:58,118 INFO L290 TraceCheckUtils]: 13: Hoare triple {387#true} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:58,118 INFO L290 TraceCheckUtils]: 14: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:58,118 INFO L290 TraceCheckUtils]: 15: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:58,118 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {387#true} {387#true} #1183#return; {387#true} is VALID [2022-02-20 17:57:58,119 INFO L290 TraceCheckUtils]: 17: Hoare triple {387#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {387#true} is VALID [2022-02-20 17:57:58,119 INFO L272 TraceCheckUtils]: 18: Hoare triple {387#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {387#true} is VALID [2022-02-20 17:57:58,119 INFO L290 TraceCheckUtils]: 19: Hoare triple {387#true} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:58,119 INFO L290 TraceCheckUtils]: 20: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:58,119 INFO L290 TraceCheckUtils]: 21: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:58,119 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {387#true} {387#true} #1185#return; {387#true} is VALID [2022-02-20 17:57:58,120 INFO L290 TraceCheckUtils]: 23: Hoare triple {387#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {387#true} is VALID [2022-02-20 17:57:58,120 INFO L272 TraceCheckUtils]: 24: Hoare triple {387#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {387#true} is VALID [2022-02-20 17:57:58,120 INFO L290 TraceCheckUtils]: 25: Hoare triple {387#true} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:58,120 INFO L290 TraceCheckUtils]: 26: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:58,120 INFO L290 TraceCheckUtils]: 27: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:58,120 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {387#true} {387#true} #1187#return; {387#true} is VALID [2022-02-20 17:57:58,120 INFO L290 TraceCheckUtils]: 29: Hoare triple {387#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {387#true} is VALID [2022-02-20 17:57:58,121 INFO L272 TraceCheckUtils]: 30: Hoare triple {387#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {387#true} is VALID [2022-02-20 17:57:58,121 INFO L290 TraceCheckUtils]: 31: Hoare triple {387#true} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:58,121 INFO L290 TraceCheckUtils]: 32: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:58,121 INFO L290 TraceCheckUtils]: 33: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:58,121 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {387#true} {387#true} #1189#return; {387#true} is VALID [2022-02-20 17:57:58,121 INFO L290 TraceCheckUtils]: 35: Hoare triple {387#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {387#true} is VALID [2022-02-20 17:57:58,122 INFO L272 TraceCheckUtils]: 36: Hoare triple {387#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {387#true} is VALID [2022-02-20 17:57:58,122 INFO L290 TraceCheckUtils]: 37: Hoare triple {387#true} ~handle := #in~handle;~value := #in~value; {387#true} is VALID [2022-02-20 17:57:58,122 INFO L290 TraceCheckUtils]: 38: Hoare triple {387#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {387#true} is VALID [2022-02-20 17:57:58,122 INFO L290 TraceCheckUtils]: 39: Hoare triple {387#true} assume true; {387#true} is VALID [2022-02-20 17:57:58,122 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {387#true} {387#true} #1191#return; {387#true} is VALID [2022-02-20 17:57:58,122 INFO L290 TraceCheckUtils]: 41: Hoare triple {387#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {387#true} is VALID [2022-02-20 17:57:58,123 INFO L290 TraceCheckUtils]: 42: Hoare triple {387#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {387#true} is VALID [2022-02-20 17:57:58,126 INFO L290 TraceCheckUtils]: 43: Hoare triple {387#true} assume !true; {388#false} is VALID [2022-02-20 17:57:58,127 INFO L290 TraceCheckUtils]: 44: Hoare triple {388#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {388#false} is VALID [2022-02-20 17:57:58,127 INFO L272 TraceCheckUtils]: 45: Hoare triple {388#false} call sendEmail(~bob~0, ~rjh~0); {388#false} is VALID [2022-02-20 17:57:58,127 INFO L290 TraceCheckUtils]: 46: Hoare triple {388#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {388#false} is VALID [2022-02-20 17:57:58,127 INFO L272 TraceCheckUtils]: 47: Hoare triple {388#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {388#false} is VALID [2022-02-20 17:57:58,143 INFO L290 TraceCheckUtils]: 48: Hoare triple {388#false} ~handle := #in~handle;~value := #in~value; {388#false} is VALID [2022-02-20 17:57:58,143 INFO L290 TraceCheckUtils]: 49: Hoare triple {388#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {388#false} is VALID [2022-02-20 17:57:58,143 INFO L290 TraceCheckUtils]: 50: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,144 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {388#false} {388#false} #1133#return; {388#false} is VALID [2022-02-20 17:57:58,146 INFO L272 TraceCheckUtils]: 52: Hoare triple {388#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {388#false} is VALID [2022-02-20 17:57:58,147 INFO L290 TraceCheckUtils]: 53: Hoare triple {388#false} ~handle := #in~handle;~value := #in~value; {388#false} is VALID [2022-02-20 17:57:58,149 INFO L290 TraceCheckUtils]: 54: Hoare triple {388#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {388#false} is VALID [2022-02-20 17:57:58,149 INFO L290 TraceCheckUtils]: 55: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,151 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {388#false} {388#false} #1135#return; {388#false} is VALID [2022-02-20 17:57:58,151 INFO L290 TraceCheckUtils]: 57: Hoare triple {388#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {388#false} is VALID [2022-02-20 17:57:58,151 INFO L290 TraceCheckUtils]: 58: Hoare triple {388#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {388#false} is VALID [2022-02-20 17:57:58,151 INFO L272 TraceCheckUtils]: 59: Hoare triple {388#false} call outgoing(~sender#1, ~email~0#1); {388#false} is VALID [2022-02-20 17:57:58,151 INFO L290 TraceCheckUtils]: 60: Hoare triple {388#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {388#false} is VALID [2022-02-20 17:57:58,152 INFO L290 TraceCheckUtils]: 61: Hoare triple {388#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {388#false} is VALID [2022-02-20 17:57:58,152 INFO L290 TraceCheckUtils]: 62: Hoare triple {388#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {388#false} is VALID [2022-02-20 17:57:58,152 INFO L290 TraceCheckUtils]: 63: Hoare triple {388#false} assume 0 == sign_~privkey~0#1; {388#false} is VALID [2022-02-20 17:57:58,152 INFO L290 TraceCheckUtils]: 64: Hoare triple {388#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {388#false} is VALID [2022-02-20 17:57:58,152 INFO L272 TraceCheckUtils]: 65: Hoare triple {388#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {388#false} is VALID [2022-02-20 17:57:58,152 INFO L290 TraceCheckUtils]: 66: Hoare triple {388#false} ~handle := #in~handle;havoc ~retValue_acc~29; {388#false} is VALID [2022-02-20 17:57:58,153 INFO L290 TraceCheckUtils]: 67: Hoare triple {388#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {388#false} is VALID [2022-02-20 17:57:58,153 INFO L290 TraceCheckUtils]: 68: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,153 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {388#false} {388#false} #1115#return; {388#false} is VALID [2022-02-20 17:57:58,153 INFO L290 TraceCheckUtils]: 70: Hoare triple {388#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {388#false} is VALID [2022-02-20 17:57:58,153 INFO L290 TraceCheckUtils]: 71: Hoare triple {388#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {388#false} is VALID [2022-02-20 17:57:58,153 INFO L290 TraceCheckUtils]: 72: Hoare triple {388#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret87#1 := puts(37, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret87#1; {388#false} is VALID [2022-02-20 17:57:58,154 INFO L272 TraceCheckUtils]: 73: Hoare triple {388#false} call outgoing__wrappee__AddressBook_#t~ret88#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {388#false} is VALID [2022-02-20 17:57:58,154 INFO L290 TraceCheckUtils]: 74: Hoare triple {388#false} ~handle := #in~handle;havoc ~retValue_acc~7; {388#false} is VALID [2022-02-20 17:57:58,154 INFO L290 TraceCheckUtils]: 75: Hoare triple {388#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {388#false} is VALID [2022-02-20 17:57:58,154 INFO L290 TraceCheckUtils]: 76: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,154 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {388#false} {388#false} #1117#return; {388#false} is VALID [2022-02-20 17:57:58,154 INFO L290 TraceCheckUtils]: 78: Hoare triple {388#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret88#1;havoc outgoing__wrappee__AddressBook_#t~ret88#1;outgoing__wrappee__AddressBook_~receiver~0#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret89#1 := puts(38, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret89#1; {388#false} is VALID [2022-02-20 17:57:58,154 INFO L272 TraceCheckUtils]: 79: Hoare triple {388#false} call outgoing__wrappee__AddressBook_#t~ret90#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {388#false} is VALID [2022-02-20 17:57:58,155 INFO L290 TraceCheckUtils]: 80: Hoare triple {388#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {388#false} is VALID [2022-02-20 17:57:58,155 INFO L290 TraceCheckUtils]: 81: Hoare triple {388#false} assume 1 == ~handle; {388#false} is VALID [2022-02-20 17:57:58,155 INFO L290 TraceCheckUtils]: 82: Hoare triple {388#false} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {388#false} is VALID [2022-02-20 17:57:58,155 INFO L290 TraceCheckUtils]: 83: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,155 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {388#false} {388#false} #1119#return; {388#false} is VALID [2022-02-20 17:57:58,155 INFO L290 TraceCheckUtils]: 85: Hoare triple {388#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~4#1 := outgoing__wrappee__AddressBook_#t~ret90#1;havoc outgoing__wrappee__AddressBook_#t~ret90#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~4#1; {388#false} is VALID [2022-02-20 17:57:58,155 INFO L272 TraceCheckUtils]: 86: Hoare triple {388#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {388#false} is VALID [2022-02-20 17:57:58,156 INFO L290 TraceCheckUtils]: 87: Hoare triple {388#false} ~handle := #in~handle;~value := #in~value; {388#false} is VALID [2022-02-20 17:57:58,156 INFO L290 TraceCheckUtils]: 88: Hoare triple {388#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {388#false} is VALID [2022-02-20 17:57:58,156 INFO L290 TraceCheckUtils]: 89: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,156 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {388#false} {388#false} #1121#return; {388#false} is VALID [2022-02-20 17:57:58,156 INFO L272 TraceCheckUtils]: 91: Hoare triple {388#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {388#false} is VALID [2022-02-20 17:57:58,156 INFO L290 TraceCheckUtils]: 92: Hoare triple {388#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {388#false} is VALID [2022-02-20 17:57:58,156 INFO L290 TraceCheckUtils]: 93: Hoare triple {388#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {388#false} is VALID [2022-02-20 17:57:58,157 INFO L290 TraceCheckUtils]: 94: Hoare triple {388#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {388#false} is VALID [2022-02-20 17:57:58,157 INFO L272 TraceCheckUtils]: 95: Hoare triple {388#false} call setEmailFrom(~msg#1, ~tmp~12#1); {388#false} is VALID [2022-02-20 17:57:58,157 INFO L290 TraceCheckUtils]: 96: Hoare triple {388#false} ~handle := #in~handle;~value := #in~value; {388#false} is VALID [2022-02-20 17:57:58,157 INFO L290 TraceCheckUtils]: 97: Hoare triple {388#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {388#false} is VALID [2022-02-20 17:57:58,157 INFO L290 TraceCheckUtils]: 98: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,157 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {388#false} {388#false} #1147#return; {388#false} is VALID [2022-02-20 17:57:58,158 INFO L290 TraceCheckUtils]: 100: Hoare triple {388#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {388#false} is VALID [2022-02-20 17:57:58,158 INFO L272 TraceCheckUtils]: 101: Hoare triple {388#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {388#false} is VALID [2022-02-20 17:57:58,158 INFO L290 TraceCheckUtils]: 102: Hoare triple {388#false} ~handle := #in~handle;havoc ~retValue_acc~12; {388#false} is VALID [2022-02-20 17:57:58,158 INFO L290 TraceCheckUtils]: 103: Hoare triple {388#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {388#false} is VALID [2022-02-20 17:57:58,158 INFO L290 TraceCheckUtils]: 104: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,158 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {388#false} {388#false} #1149#return; {388#false} is VALID [2022-02-20 17:57:58,158 INFO L290 TraceCheckUtils]: 106: Hoare triple {388#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {388#false} is VALID [2022-02-20 17:57:58,159 INFO L290 TraceCheckUtils]: 107: Hoare triple {388#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {388#false} is VALID [2022-02-20 17:57:58,159 INFO L272 TraceCheckUtils]: 108: Hoare triple {388#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {388#false} is VALID [2022-02-20 17:57:58,159 INFO L290 TraceCheckUtils]: 109: Hoare triple {388#false} ~handle := #in~handle;havoc ~retValue_acc~7; {388#false} is VALID [2022-02-20 17:57:58,159 INFO L290 TraceCheckUtils]: 110: Hoare triple {388#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {388#false} is VALID [2022-02-20 17:57:58,159 INFO L290 TraceCheckUtils]: 111: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,159 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {388#false} {388#false} #1151#return; {388#false} is VALID [2022-02-20 17:57:58,160 INFO L290 TraceCheckUtils]: 113: Hoare triple {388#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {388#false} is VALID [2022-02-20 17:57:58,160 INFO L290 TraceCheckUtils]: 114: Hoare triple {388#false} assume 1 == ~sent_signed~0; {388#false} is VALID [2022-02-20 17:57:58,160 INFO L272 TraceCheckUtils]: 115: Hoare triple {388#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {388#false} is VALID [2022-02-20 17:57:58,160 INFO L290 TraceCheckUtils]: 116: Hoare triple {388#false} ~handle := #in~handle;havoc ~retValue_acc~6; {388#false} is VALID [2022-02-20 17:57:58,160 INFO L290 TraceCheckUtils]: 117: Hoare triple {388#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {388#false} is VALID [2022-02-20 17:57:58,160 INFO L290 TraceCheckUtils]: 118: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,160 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {388#false} {388#false} #1153#return; {388#false} is VALID [2022-02-20 17:57:58,161 INFO L290 TraceCheckUtils]: 120: Hoare triple {388#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {388#false} is VALID [2022-02-20 17:57:58,161 INFO L272 TraceCheckUtils]: 121: Hoare triple {388#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {388#false} is VALID [2022-02-20 17:57:58,161 INFO L290 TraceCheckUtils]: 122: Hoare triple {388#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {388#false} is VALID [2022-02-20 17:57:58,161 INFO L290 TraceCheckUtils]: 123: Hoare triple {388#false} assume 1 == ~handle; {388#false} is VALID [2022-02-20 17:57:58,161 INFO L290 TraceCheckUtils]: 124: Hoare triple {388#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {388#false} is VALID [2022-02-20 17:57:58,161 INFO L290 TraceCheckUtils]: 125: Hoare triple {388#false} assume true; {388#false} is VALID [2022-02-20 17:57:58,161 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {388#false} {388#false} #1155#return; {388#false} is VALID [2022-02-20 17:57:58,162 INFO L290 TraceCheckUtils]: 127: Hoare triple {388#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {388#false} is VALID [2022-02-20 17:57:58,162 INFO L290 TraceCheckUtils]: 128: Hoare triple {388#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {388#false} is VALID [2022-02-20 17:57:58,162 INFO L272 TraceCheckUtils]: 129: Hoare triple {388#false} call __automaton_fail(); {388#false} is VALID [2022-02-20 17:57:58,162 INFO L290 TraceCheckUtils]: 130: Hoare triple {388#false} assume !false; {388#false} is VALID [2022-02-20 17:57:58,162 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 17:57:58,163 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:57:58,163 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1447936295] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:57:58,163 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:57:58,163 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:57:58,165 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1919793110] [2022-02-20 17:57:58,165 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:57:58,169 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 36.0) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 131 [2022-02-20 17:57:58,171 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:57:58,174 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 36.0) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:57:58,258 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 110 edges. 110 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:58,258 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:57:58,259 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:57:58,272 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:57:58,272 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:57:58,276 INFO L87 Difference]: Start difference. First operand has 384 states, 300 states have (on average 1.5666666666666667) internal successors, (470), 305 states have internal predecessors, (470), 58 states have call successors, (58), 24 states have call predecessors, (58), 24 states have return successors, (58), 56 states have call predecessors, (58), 58 states have call successors, (58) Second operand has 2 states, 2 states have (on average 36.0) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:57:58,598 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:58,598 INFO L93 Difference]: Finished difference Result 574 states and 862 transitions. [2022-02-20 17:57:58,598 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:57:58,599 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 36.0) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 131 [2022-02-20 17:57:58,599 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:57:58,600 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 36.0) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:57:58,616 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 862 transitions. [2022-02-20 17:57:58,617 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 36.0) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:57:58,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 862 transitions. [2022-02-20 17:57:58,628 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 862 transitions. [2022-02-20 17:57:59,133 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 862 edges. 862 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:57:59,153 INFO L225 Difference]: With dead ends: 574 [2022-02-20 17:57:59,165 INFO L226 Difference]: Without dead ends: 376 [2022-02-20 17:57:59,171 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 168 GetRequests, 161 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:57:59,175 INFO L933 BasicCegarLoop]: 580 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 580 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:57:59,176 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 580 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:57:59,188 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 376 states. [2022-02-20 17:57:59,228 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 376 to 376. [2022-02-20 17:57:59,228 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:57:59,234 INFO L82 GeneralOperation]: Start isEquivalent. First operand 376 states. Second operand has 376 states, 294 states have (on average 1.5612244897959184) internal successors, (459), 297 states have internal predecessors, (459), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:57:59,235 INFO L74 IsIncluded]: Start isIncluded. First operand 376 states. Second operand has 376 states, 294 states have (on average 1.5612244897959184) internal successors, (459), 297 states have internal predecessors, (459), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:57:59,238 INFO L87 Difference]: Start difference. First operand 376 states. Second operand has 376 states, 294 states have (on average 1.5612244897959184) internal successors, (459), 297 states have internal predecessors, (459), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:57:59,253 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:59,254 INFO L93 Difference]: Finished difference Result 376 states and 572 transitions. [2022-02-20 17:57:59,254 INFO L276 IsEmpty]: Start isEmpty. Operand 376 states and 572 transitions. [2022-02-20 17:57:59,261 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:59,262 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:59,262 INFO L74 IsIncluded]: Start isIncluded. First operand has 376 states, 294 states have (on average 1.5612244897959184) internal successors, (459), 297 states have internal predecessors, (459), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) Second operand 376 states. [2022-02-20 17:57:59,266 INFO L87 Difference]: Start difference. First operand has 376 states, 294 states have (on average 1.5612244897959184) internal successors, (459), 297 states have internal predecessors, (459), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) Second operand 376 states. [2022-02-20 17:57:59,281 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:57:59,281 INFO L93 Difference]: Finished difference Result 376 states and 572 transitions. [2022-02-20 17:57:59,281 INFO L276 IsEmpty]: Start isEmpty. Operand 376 states and 572 transitions. [2022-02-20 17:57:59,283 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:57:59,283 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:57:59,283 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:57:59,283 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:57:59,284 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 376 states, 294 states have (on average 1.5612244897959184) internal successors, (459), 297 states have internal predecessors, (459), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:57:59,298 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 376 states to 376 states and 572 transitions. [2022-02-20 17:57:59,299 INFO L78 Accepts]: Start accepts. Automaton has 376 states and 572 transitions. Word has length 131 [2022-02-20 17:57:59,300 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:57:59,300 INFO L470 AbstractCegarLoop]: Abstraction has 376 states and 572 transitions. [2022-02-20 17:57:59,301 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 36.0) internal successors, (72), 2 states have internal predecessors, (72), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:57:59,301 INFO L276 IsEmpty]: Start isEmpty. Operand 376 states and 572 transitions. [2022-02-20 17:57:59,308 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 133 [2022-02-20 17:57:59,308 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:57:59,308 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:57:59,326 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 17:57:59,526 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:57:59,527 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:57:59,527 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:57:59,527 INFO L85 PathProgramCache]: Analyzing trace with hash 935095137, now seen corresponding path program 1 times [2022-02-20 17:57:59,527 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:57:59,527 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1994807220] [2022-02-20 17:57:59,528 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:59,528 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:57:59,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,643 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:57:59,645 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,647 INFO L290 TraceCheckUtils]: 0: Hoare triple {2989#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,647 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,647 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,647 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2916#true} #1181#return; {2916#true} is VALID [2022-02-20 17:57:59,651 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:57:59,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,654 INFO L290 TraceCheckUtils]: 0: Hoare triple {2990#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,654 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,654 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,654 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2916#true} #1183#return; {2916#true} is VALID [2022-02-20 17:57:59,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:57:59,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,687 INFO L290 TraceCheckUtils]: 0: Hoare triple {2989#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2991#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:59,688 INFO L290 TraceCheckUtils]: 1: Hoare triple {2991#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2992#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:59,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {2992#(= |setClientId_#in~handle| 1)} assume true; {2992#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:59,689 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2992#(= |setClientId_#in~handle| 1)} {2926#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1185#return; {2917#false} is VALID [2022-02-20 17:57:59,689 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:57:59,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {2990#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,692 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1187#return; {2917#false} is VALID [2022-02-20 17:57:59,693 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:57:59,694 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,696 INFO L290 TraceCheckUtils]: 0: Hoare triple {2989#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,696 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,696 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,696 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1189#return; {2917#false} is VALID [2022-02-20 17:57:59,696 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:57:59,697 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {2990#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,700 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1191#return; {2917#false} is VALID [2022-02-20 17:57:59,716 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:57:59,717 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,719 INFO L290 TraceCheckUtils]: 0: Hoare triple {2993#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,719 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,719 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,719 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1133#return; {2917#false} is VALID [2022-02-20 17:57:59,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:57:59,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {2994#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,727 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,728 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1135#return; {2917#false} is VALID [2022-02-20 17:57:59,728 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:57:59,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,730 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~29; {2916#true} is VALID [2022-02-20 17:57:59,730 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {2916#true} is VALID [2022-02-20 17:57:59,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,730 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1115#return; {2917#false} is VALID [2022-02-20 17:57:59,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:57:59,731 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,732 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2916#true} is VALID [2022-02-20 17:57:59,732 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2916#true} is VALID [2022-02-20 17:57:59,732 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,732 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1117#return; {2917#false} is VALID [2022-02-20 17:57:59,732 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:57:59,733 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,735 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {2916#true} is VALID [2022-02-20 17:57:59,735 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle; {2916#true} is VALID [2022-02-20 17:57:59,735 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {2916#true} is VALID [2022-02-20 17:57:59,735 INFO L290 TraceCheckUtils]: 3: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,735 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2916#true} {2917#false} #1119#return; {2917#false} is VALID [2022-02-20 17:57:59,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:57:59,736 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,737 INFO L290 TraceCheckUtils]: 0: Hoare triple {2994#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,738 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,738 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,738 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1121#return; {2917#false} is VALID [2022-02-20 17:57:59,738 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:57:59,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {2993#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,742 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,743 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1147#return; {2917#false} is VALID [2022-02-20 17:57:59,743 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:57:59,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,760 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~12; {2916#true} is VALID [2022-02-20 17:57:59,760 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {2916#true} is VALID [2022-02-20 17:57:59,760 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,760 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1149#return; {2917#false} is VALID [2022-02-20 17:57:59,760 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:57:59,761 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,763 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2916#true} is VALID [2022-02-20 17:57:59,763 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2916#true} is VALID [2022-02-20 17:57:59,763 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,763 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1151#return; {2917#false} is VALID [2022-02-20 17:57:59,763 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 17:57:59,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~6; {2916#true} is VALID [2022-02-20 17:57:59,766 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {2916#true} is VALID [2022-02-20 17:57:59,766 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,766 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2916#true} {2917#false} #1153#return; {2917#false} is VALID [2022-02-20 17:57:59,766 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 17:57:59,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:57:59,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {2916#true} is VALID [2022-02-20 17:57:59,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume 1 == ~handle; {2916#true} is VALID [2022-02-20 17:57:59,769 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {2916#true} is VALID [2022-02-20 17:57:59,769 INFO L290 TraceCheckUtils]: 3: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,769 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2916#true} {2917#false} #1155#return; {2917#false} is VALID [2022-02-20 17:57:59,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2916#true} is VALID [2022-02-20 17:57:59,769 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2916#true} is VALID [2022-02-20 17:57:59,770 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2916#true} is VALID [2022-02-20 17:57:59,770 INFO L290 TraceCheckUtils]: 3: Hoare triple {2916#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {2916#true} is VALID [2022-02-20 17:57:59,770 INFO L290 TraceCheckUtils]: 4: Hoare triple {2916#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2916#true} is VALID [2022-02-20 17:57:59,770 INFO L290 TraceCheckUtils]: 5: Hoare triple {2916#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2916#true} is VALID [2022-02-20 17:57:59,771 INFO L272 TraceCheckUtils]: 6: Hoare triple {2916#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2989#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,771 INFO L290 TraceCheckUtils]: 7: Hoare triple {2989#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,771 INFO L290 TraceCheckUtils]: 8: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,771 INFO L290 TraceCheckUtils]: 9: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,771 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2916#true} {2916#true} #1181#return; {2916#true} is VALID [2022-02-20 17:57:59,771 INFO L290 TraceCheckUtils]: 11: Hoare triple {2916#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2916#true} is VALID [2022-02-20 17:57:59,772 INFO L272 TraceCheckUtils]: 12: Hoare triple {2916#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2990#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:59,772 INFO L290 TraceCheckUtils]: 13: Hoare triple {2990#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,772 INFO L290 TraceCheckUtils]: 14: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,773 INFO L290 TraceCheckUtils]: 15: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,773 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2916#true} {2916#true} #1183#return; {2916#true} is VALID [2022-02-20 17:57:59,773 INFO L290 TraceCheckUtils]: 17: Hoare triple {2916#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2926#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:57:59,774 INFO L272 TraceCheckUtils]: 18: Hoare triple {2926#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2989#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,774 INFO L290 TraceCheckUtils]: 19: Hoare triple {2989#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2991#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:57:59,774 INFO L290 TraceCheckUtils]: 20: Hoare triple {2991#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2992#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:59,775 INFO L290 TraceCheckUtils]: 21: Hoare triple {2992#(= |setClientId_#in~handle| 1)} assume true; {2992#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:57:59,775 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2992#(= |setClientId_#in~handle| 1)} {2926#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1185#return; {2917#false} is VALID [2022-02-20 17:57:59,775 INFO L290 TraceCheckUtils]: 23: Hoare triple {2917#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2917#false} is VALID [2022-02-20 17:57:59,776 INFO L272 TraceCheckUtils]: 24: Hoare triple {2917#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2990#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:59,776 INFO L290 TraceCheckUtils]: 25: Hoare triple {2990#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,776 INFO L290 TraceCheckUtils]: 26: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,776 INFO L290 TraceCheckUtils]: 27: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,776 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2916#true} {2917#false} #1187#return; {2917#false} is VALID [2022-02-20 17:57:59,776 INFO L290 TraceCheckUtils]: 29: Hoare triple {2917#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2917#false} is VALID [2022-02-20 17:57:59,776 INFO L272 TraceCheckUtils]: 30: Hoare triple {2917#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2989#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:57:59,776 INFO L290 TraceCheckUtils]: 31: Hoare triple {2989#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,777 INFO L290 TraceCheckUtils]: 32: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,777 INFO L290 TraceCheckUtils]: 33: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,777 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2916#true} {2917#false} #1189#return; {2917#false} is VALID [2022-02-20 17:57:59,777 INFO L290 TraceCheckUtils]: 35: Hoare triple {2917#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2917#false} is VALID [2022-02-20 17:57:59,777 INFO L272 TraceCheckUtils]: 36: Hoare triple {2917#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2990#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:57:59,777 INFO L290 TraceCheckUtils]: 37: Hoare triple {2990#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,777 INFO L290 TraceCheckUtils]: 38: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,778 INFO L290 TraceCheckUtils]: 39: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,778 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2916#true} {2917#false} #1191#return; {2917#false} is VALID [2022-02-20 17:57:59,778 INFO L290 TraceCheckUtils]: 41: Hoare triple {2917#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2917#false} is VALID [2022-02-20 17:57:59,778 INFO L290 TraceCheckUtils]: 42: Hoare triple {2917#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2917#false} is VALID [2022-02-20 17:57:59,778 INFO L290 TraceCheckUtils]: 43: Hoare triple {2917#false} assume !false; {2917#false} is VALID [2022-02-20 17:57:59,778 INFO L290 TraceCheckUtils]: 44: Hoare triple {2917#false} assume !(test_~splverifierCounter~0#1 < 4); {2917#false} is VALID [2022-02-20 17:57:59,778 INFO L290 TraceCheckUtils]: 45: Hoare triple {2917#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2917#false} is VALID [2022-02-20 17:57:59,779 INFO L272 TraceCheckUtils]: 46: Hoare triple {2917#false} call sendEmail(~bob~0, ~rjh~0); {2917#false} is VALID [2022-02-20 17:57:59,779 INFO L290 TraceCheckUtils]: 47: Hoare triple {2917#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2917#false} is VALID [2022-02-20 17:57:59,779 INFO L272 TraceCheckUtils]: 48: Hoare triple {2917#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2993#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:59,779 INFO L290 TraceCheckUtils]: 49: Hoare triple {2993#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,779 INFO L290 TraceCheckUtils]: 50: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,779 INFO L290 TraceCheckUtils]: 51: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,779 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2916#true} {2917#false} #1133#return; {2917#false} is VALID [2022-02-20 17:57:59,779 INFO L272 TraceCheckUtils]: 53: Hoare triple {2917#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2994#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:59,780 INFO L290 TraceCheckUtils]: 54: Hoare triple {2994#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,780 INFO L290 TraceCheckUtils]: 55: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,780 INFO L290 TraceCheckUtils]: 56: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,780 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2916#true} {2917#false} #1135#return; {2917#false} is VALID [2022-02-20 17:57:59,780 INFO L290 TraceCheckUtils]: 58: Hoare triple {2917#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {2917#false} is VALID [2022-02-20 17:57:59,780 INFO L290 TraceCheckUtils]: 59: Hoare triple {2917#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {2917#false} is VALID [2022-02-20 17:57:59,780 INFO L272 TraceCheckUtils]: 60: Hoare triple {2917#false} call outgoing(~sender#1, ~email~0#1); {2917#false} is VALID [2022-02-20 17:57:59,781 INFO L290 TraceCheckUtils]: 61: Hoare triple {2917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {2917#false} is VALID [2022-02-20 17:57:59,781 INFO L290 TraceCheckUtils]: 62: Hoare triple {2917#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {2917#false} is VALID [2022-02-20 17:57:59,781 INFO L290 TraceCheckUtils]: 63: Hoare triple {2917#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {2917#false} is VALID [2022-02-20 17:57:59,781 INFO L290 TraceCheckUtils]: 64: Hoare triple {2917#false} assume 0 == sign_~privkey~0#1; {2917#false} is VALID [2022-02-20 17:57:59,781 INFO L290 TraceCheckUtils]: 65: Hoare triple {2917#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {2917#false} is VALID [2022-02-20 17:57:59,781 INFO L272 TraceCheckUtils]: 66: Hoare triple {2917#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2916#true} is VALID [2022-02-20 17:57:59,781 INFO L290 TraceCheckUtils]: 67: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~29; {2916#true} is VALID [2022-02-20 17:57:59,781 INFO L290 TraceCheckUtils]: 68: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {2916#true} is VALID [2022-02-20 17:57:59,782 INFO L290 TraceCheckUtils]: 69: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,782 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {2916#true} {2917#false} #1115#return; {2917#false} is VALID [2022-02-20 17:57:59,782 INFO L290 TraceCheckUtils]: 71: Hoare triple {2917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {2917#false} is VALID [2022-02-20 17:57:59,782 INFO L290 TraceCheckUtils]: 72: Hoare triple {2917#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {2917#false} is VALID [2022-02-20 17:57:59,782 INFO L290 TraceCheckUtils]: 73: Hoare triple {2917#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret87#1 := puts(37, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret87#1; {2917#false} is VALID [2022-02-20 17:57:59,782 INFO L272 TraceCheckUtils]: 74: Hoare triple {2917#false} call outgoing__wrappee__AddressBook_#t~ret88#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {2916#true} is VALID [2022-02-20 17:57:59,782 INFO L290 TraceCheckUtils]: 75: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2916#true} is VALID [2022-02-20 17:57:59,783 INFO L290 TraceCheckUtils]: 76: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2916#true} is VALID [2022-02-20 17:57:59,783 INFO L290 TraceCheckUtils]: 77: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,792 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {2916#true} {2917#false} #1117#return; {2917#false} is VALID [2022-02-20 17:57:59,792 INFO L290 TraceCheckUtils]: 79: Hoare triple {2917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret88#1;havoc outgoing__wrappee__AddressBook_#t~ret88#1;outgoing__wrappee__AddressBook_~receiver~0#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret89#1 := puts(38, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret89#1; {2917#false} is VALID [2022-02-20 17:57:59,792 INFO L272 TraceCheckUtils]: 80: Hoare triple {2917#false} call outgoing__wrappee__AddressBook_#t~ret90#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {2916#true} is VALID [2022-02-20 17:57:59,792 INFO L290 TraceCheckUtils]: 81: Hoare triple {2916#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {2916#true} is VALID [2022-02-20 17:57:59,792 INFO L290 TraceCheckUtils]: 82: Hoare triple {2916#true} assume 1 == ~handle; {2916#true} is VALID [2022-02-20 17:57:59,792 INFO L290 TraceCheckUtils]: 83: Hoare triple {2916#true} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {2916#true} is VALID [2022-02-20 17:57:59,792 INFO L290 TraceCheckUtils]: 84: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,793 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {2916#true} {2917#false} #1119#return; {2917#false} is VALID [2022-02-20 17:57:59,793 INFO L290 TraceCheckUtils]: 86: Hoare triple {2917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~4#1 := outgoing__wrappee__AddressBook_#t~ret90#1;havoc outgoing__wrappee__AddressBook_#t~ret90#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~4#1; {2917#false} is VALID [2022-02-20 17:57:59,793 INFO L272 TraceCheckUtils]: 87: Hoare triple {2917#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {2994#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:57:59,793 INFO L290 TraceCheckUtils]: 88: Hoare triple {2994#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,793 INFO L290 TraceCheckUtils]: 89: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,793 INFO L290 TraceCheckUtils]: 90: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,793 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2916#true} {2917#false} #1121#return; {2917#false} is VALID [2022-02-20 17:57:59,793 INFO L272 TraceCheckUtils]: 92: Hoare triple {2917#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2917#false} is VALID [2022-02-20 17:57:59,794 INFO L290 TraceCheckUtils]: 93: Hoare triple {2917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {2917#false} is VALID [2022-02-20 17:57:59,794 INFO L290 TraceCheckUtils]: 94: Hoare triple {2917#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {2917#false} is VALID [2022-02-20 17:57:59,794 INFO L290 TraceCheckUtils]: 95: Hoare triple {2917#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {2917#false} is VALID [2022-02-20 17:57:59,794 INFO L272 TraceCheckUtils]: 96: Hoare triple {2917#false} call setEmailFrom(~msg#1, ~tmp~12#1); {2993#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:57:59,794 INFO L290 TraceCheckUtils]: 97: Hoare triple {2993#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:57:59,794 INFO L290 TraceCheckUtils]: 98: Hoare triple {2916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2916#true} is VALID [2022-02-20 17:57:59,794 INFO L290 TraceCheckUtils]: 99: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,795 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {2916#true} {2917#false} #1147#return; {2917#false} is VALID [2022-02-20 17:57:59,795 INFO L290 TraceCheckUtils]: 101: Hoare triple {2917#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {2917#false} is VALID [2022-02-20 17:57:59,795 INFO L272 TraceCheckUtils]: 102: Hoare triple {2917#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {2916#true} is VALID [2022-02-20 17:57:59,795 INFO L290 TraceCheckUtils]: 103: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~12; {2916#true} is VALID [2022-02-20 17:57:59,795 INFO L290 TraceCheckUtils]: 104: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {2916#true} is VALID [2022-02-20 17:57:59,795 INFO L290 TraceCheckUtils]: 105: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,795 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {2916#true} {2917#false} #1149#return; {2917#false} is VALID [2022-02-20 17:57:59,795 INFO L290 TraceCheckUtils]: 107: Hoare triple {2917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {2917#false} is VALID [2022-02-20 17:57:59,796 INFO L290 TraceCheckUtils]: 108: Hoare triple {2917#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {2917#false} is VALID [2022-02-20 17:57:59,796 INFO L272 TraceCheckUtils]: 109: Hoare triple {2917#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {2916#true} is VALID [2022-02-20 17:57:59,796 INFO L290 TraceCheckUtils]: 110: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2916#true} is VALID [2022-02-20 17:57:59,796 INFO L290 TraceCheckUtils]: 111: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2916#true} is VALID [2022-02-20 17:57:59,796 INFO L290 TraceCheckUtils]: 112: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,796 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {2916#true} {2917#false} #1151#return; {2917#false} is VALID [2022-02-20 17:57:59,796 INFO L290 TraceCheckUtils]: 114: Hoare triple {2917#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {2917#false} is VALID [2022-02-20 17:57:59,797 INFO L290 TraceCheckUtils]: 115: Hoare triple {2917#false} assume 1 == ~sent_signed~0; {2917#false} is VALID [2022-02-20 17:57:59,797 INFO L272 TraceCheckUtils]: 116: Hoare triple {2917#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {2916#true} is VALID [2022-02-20 17:57:59,797 INFO L290 TraceCheckUtils]: 117: Hoare triple {2916#true} ~handle := #in~handle;havoc ~retValue_acc~6; {2916#true} is VALID [2022-02-20 17:57:59,797 INFO L290 TraceCheckUtils]: 118: Hoare triple {2916#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {2916#true} is VALID [2022-02-20 17:57:59,797 INFO L290 TraceCheckUtils]: 119: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,797 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {2916#true} {2917#false} #1153#return; {2917#false} is VALID [2022-02-20 17:57:59,798 INFO L290 TraceCheckUtils]: 121: Hoare triple {2917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {2917#false} is VALID [2022-02-20 17:57:59,798 INFO L272 TraceCheckUtils]: 122: Hoare triple {2917#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {2916#true} is VALID [2022-02-20 17:57:59,798 INFO L290 TraceCheckUtils]: 123: Hoare triple {2916#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {2916#true} is VALID [2022-02-20 17:57:59,798 INFO L290 TraceCheckUtils]: 124: Hoare triple {2916#true} assume 1 == ~handle; {2916#true} is VALID [2022-02-20 17:57:59,798 INFO L290 TraceCheckUtils]: 125: Hoare triple {2916#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {2916#true} is VALID [2022-02-20 17:57:59,798 INFO L290 TraceCheckUtils]: 126: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:57:59,798 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {2916#true} {2917#false} #1155#return; {2917#false} is VALID [2022-02-20 17:57:59,798 INFO L290 TraceCheckUtils]: 128: Hoare triple {2917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {2917#false} is VALID [2022-02-20 17:57:59,799 INFO L290 TraceCheckUtils]: 129: Hoare triple {2917#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {2917#false} is VALID [2022-02-20 17:57:59,799 INFO L272 TraceCheckUtils]: 130: Hoare triple {2917#false} call __automaton_fail(); {2917#false} is VALID [2022-02-20 17:57:59,799 INFO L290 TraceCheckUtils]: 131: Hoare triple {2917#false} assume !false; {2917#false} is VALID [2022-02-20 17:57:59,808 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:57:59,809 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:57:59,809 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1994807220] [2022-02-20 17:57:59,809 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1994807220] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:57:59,809 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [951940090] [2022-02-20 17:57:59,809 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:57:59,810 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:57:59,810 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:57:59,811 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:57:59,850 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:58:00,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:00,062 INFO L263 TraceCheckSpWp]: Trace formula consists of 1225 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:58:00,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:00,115 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:00,362 INFO L290 TraceCheckUtils]: 0: Hoare triple {2916#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2916#true} is VALID [2022-02-20 17:58:00,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {2916#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2916#true} is VALID [2022-02-20 17:58:00,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {2916#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2916#true} is VALID [2022-02-20 17:58:00,363 INFO L290 TraceCheckUtils]: 3: Hoare triple {2916#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {2916#true} is VALID [2022-02-20 17:58:00,363 INFO L290 TraceCheckUtils]: 4: Hoare triple {2916#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2916#true} is VALID [2022-02-20 17:58:00,363 INFO L290 TraceCheckUtils]: 5: Hoare triple {2916#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2916#true} is VALID [2022-02-20 17:58:00,363 INFO L272 TraceCheckUtils]: 6: Hoare triple {2916#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2916#true} is VALID [2022-02-20 17:58:00,363 INFO L290 TraceCheckUtils]: 7: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:58:00,364 INFO L290 TraceCheckUtils]: 8: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 17:58:00,364 INFO L290 TraceCheckUtils]: 9: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:58:00,364 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2916#true} {2916#true} #1181#return; {2916#true} is VALID [2022-02-20 17:58:00,364 INFO L290 TraceCheckUtils]: 11: Hoare triple {2916#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2916#true} is VALID [2022-02-20 17:58:00,364 INFO L272 TraceCheckUtils]: 12: Hoare triple {2916#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2916#true} is VALID [2022-02-20 17:58:00,364 INFO L290 TraceCheckUtils]: 13: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:58:00,364 INFO L290 TraceCheckUtils]: 14: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 17:58:00,364 INFO L290 TraceCheckUtils]: 15: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:58:00,365 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2916#true} {2916#true} #1183#return; {2916#true} is VALID [2022-02-20 17:58:00,365 INFO L290 TraceCheckUtils]: 17: Hoare triple {2916#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2916#true} is VALID [2022-02-20 17:58:00,365 INFO L272 TraceCheckUtils]: 18: Hoare triple {2916#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2916#true} is VALID [2022-02-20 17:58:00,365 INFO L290 TraceCheckUtils]: 19: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:58:00,365 INFO L290 TraceCheckUtils]: 20: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 17:58:00,365 INFO L290 TraceCheckUtils]: 21: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:58:00,365 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2916#true} {2916#true} #1185#return; {2916#true} is VALID [2022-02-20 17:58:00,366 INFO L290 TraceCheckUtils]: 23: Hoare triple {2916#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2916#true} is VALID [2022-02-20 17:58:00,366 INFO L272 TraceCheckUtils]: 24: Hoare triple {2916#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2916#true} is VALID [2022-02-20 17:58:00,366 INFO L290 TraceCheckUtils]: 25: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:58:00,366 INFO L290 TraceCheckUtils]: 26: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 17:58:00,366 INFO L290 TraceCheckUtils]: 27: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:58:00,366 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2916#true} {2916#true} #1187#return; {2916#true} is VALID [2022-02-20 17:58:00,366 INFO L290 TraceCheckUtils]: 29: Hoare triple {2916#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2916#true} is VALID [2022-02-20 17:58:00,366 INFO L272 TraceCheckUtils]: 30: Hoare triple {2916#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2916#true} is VALID [2022-02-20 17:58:00,367 INFO L290 TraceCheckUtils]: 31: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:58:00,367 INFO L290 TraceCheckUtils]: 32: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2916#true} is VALID [2022-02-20 17:58:00,367 INFO L290 TraceCheckUtils]: 33: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:58:00,367 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2916#true} {2916#true} #1189#return; {2916#true} is VALID [2022-02-20 17:58:00,367 INFO L290 TraceCheckUtils]: 35: Hoare triple {2916#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2916#true} is VALID [2022-02-20 17:58:00,367 INFO L272 TraceCheckUtils]: 36: Hoare triple {2916#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2916#true} is VALID [2022-02-20 17:58:00,367 INFO L290 TraceCheckUtils]: 37: Hoare triple {2916#true} ~handle := #in~handle;~value := #in~value; {2916#true} is VALID [2022-02-20 17:58:00,368 INFO L290 TraceCheckUtils]: 38: Hoare triple {2916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2916#true} is VALID [2022-02-20 17:58:00,368 INFO L290 TraceCheckUtils]: 39: Hoare triple {2916#true} assume true; {2916#true} is VALID [2022-02-20 17:58:00,368 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2916#true} {2916#true} #1191#return; {2916#true} is VALID [2022-02-20 17:58:00,368 INFO L290 TraceCheckUtils]: 41: Hoare triple {2916#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {2916#true} is VALID [2022-02-20 17:58:00,368 INFO L290 TraceCheckUtils]: 42: Hoare triple {2916#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3124#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:00,369 INFO L290 TraceCheckUtils]: 43: Hoare triple {3124#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3124#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:00,369 INFO L290 TraceCheckUtils]: 44: Hoare triple {3124#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2917#false} is VALID [2022-02-20 17:58:00,369 INFO L290 TraceCheckUtils]: 45: Hoare triple {2917#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {2917#false} is VALID [2022-02-20 17:58:00,369 INFO L272 TraceCheckUtils]: 46: Hoare triple {2917#false} call sendEmail(~bob~0, ~rjh~0); {2917#false} is VALID [2022-02-20 17:58:00,370 INFO L290 TraceCheckUtils]: 47: Hoare triple {2917#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2917#false} is VALID [2022-02-20 17:58:00,370 INFO L272 TraceCheckUtils]: 48: Hoare triple {2917#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2917#false} is VALID [2022-02-20 17:58:00,370 INFO L290 TraceCheckUtils]: 49: Hoare triple {2917#false} ~handle := #in~handle;~value := #in~value; {2917#false} is VALID [2022-02-20 17:58:00,370 INFO L290 TraceCheckUtils]: 50: Hoare triple {2917#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2917#false} is VALID [2022-02-20 17:58:00,370 INFO L290 TraceCheckUtils]: 51: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,371 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2917#false} {2917#false} #1133#return; {2917#false} is VALID [2022-02-20 17:58:00,373 INFO L272 TraceCheckUtils]: 53: Hoare triple {2917#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2917#false} is VALID [2022-02-20 17:58:00,373 INFO L290 TraceCheckUtils]: 54: Hoare triple {2917#false} ~handle := #in~handle;~value := #in~value; {2917#false} is VALID [2022-02-20 17:58:00,373 INFO L290 TraceCheckUtils]: 55: Hoare triple {2917#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2917#false} is VALID [2022-02-20 17:58:00,373 INFO L290 TraceCheckUtils]: 56: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,373 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2917#false} {2917#false} #1135#return; {2917#false} is VALID [2022-02-20 17:58:00,373 INFO L290 TraceCheckUtils]: 58: Hoare triple {2917#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {2917#false} is VALID [2022-02-20 17:58:00,374 INFO L290 TraceCheckUtils]: 59: Hoare triple {2917#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {2917#false} is VALID [2022-02-20 17:58:00,374 INFO L272 TraceCheckUtils]: 60: Hoare triple {2917#false} call outgoing(~sender#1, ~email~0#1); {2917#false} is VALID [2022-02-20 17:58:00,374 INFO L290 TraceCheckUtils]: 61: Hoare triple {2917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {2917#false} is VALID [2022-02-20 17:58:00,374 INFO L290 TraceCheckUtils]: 62: Hoare triple {2917#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {2917#false} is VALID [2022-02-20 17:58:00,375 INFO L290 TraceCheckUtils]: 63: Hoare triple {2917#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {2917#false} is VALID [2022-02-20 17:58:00,375 INFO L290 TraceCheckUtils]: 64: Hoare triple {2917#false} assume 0 == sign_~privkey~0#1; {2917#false} is VALID [2022-02-20 17:58:00,375 INFO L290 TraceCheckUtils]: 65: Hoare triple {2917#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {2917#false} is VALID [2022-02-20 17:58:00,375 INFO L272 TraceCheckUtils]: 66: Hoare triple {2917#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {2917#false} is VALID [2022-02-20 17:58:00,375 INFO L290 TraceCheckUtils]: 67: Hoare triple {2917#false} ~handle := #in~handle;havoc ~retValue_acc~29; {2917#false} is VALID [2022-02-20 17:58:00,375 INFO L290 TraceCheckUtils]: 68: Hoare triple {2917#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {2917#false} is VALID [2022-02-20 17:58:00,375 INFO L290 TraceCheckUtils]: 69: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,376 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {2917#false} {2917#false} #1115#return; {2917#false} is VALID [2022-02-20 17:58:00,376 INFO L290 TraceCheckUtils]: 71: Hoare triple {2917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {2917#false} is VALID [2022-02-20 17:58:00,376 INFO L290 TraceCheckUtils]: 72: Hoare triple {2917#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {2917#false} is VALID [2022-02-20 17:58:00,376 INFO L290 TraceCheckUtils]: 73: Hoare triple {2917#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret87#1 := puts(37, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret87#1; {2917#false} is VALID [2022-02-20 17:58:00,376 INFO L272 TraceCheckUtils]: 74: Hoare triple {2917#false} call outgoing__wrappee__AddressBook_#t~ret88#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {2917#false} is VALID [2022-02-20 17:58:00,376 INFO L290 TraceCheckUtils]: 75: Hoare triple {2917#false} ~handle := #in~handle;havoc ~retValue_acc~7; {2917#false} is VALID [2022-02-20 17:58:00,376 INFO L290 TraceCheckUtils]: 76: Hoare triple {2917#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2917#false} is VALID [2022-02-20 17:58:00,376 INFO L290 TraceCheckUtils]: 77: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,377 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {2917#false} {2917#false} #1117#return; {2917#false} is VALID [2022-02-20 17:58:00,377 INFO L290 TraceCheckUtils]: 79: Hoare triple {2917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret88#1;havoc outgoing__wrappee__AddressBook_#t~ret88#1;outgoing__wrappee__AddressBook_~receiver~0#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret89#1 := puts(38, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret89#1; {2917#false} is VALID [2022-02-20 17:58:00,377 INFO L272 TraceCheckUtils]: 80: Hoare triple {2917#false} call outgoing__wrappee__AddressBook_#t~ret90#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {2917#false} is VALID [2022-02-20 17:58:00,377 INFO L290 TraceCheckUtils]: 81: Hoare triple {2917#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {2917#false} is VALID [2022-02-20 17:58:00,377 INFO L290 TraceCheckUtils]: 82: Hoare triple {2917#false} assume 1 == ~handle; {2917#false} is VALID [2022-02-20 17:58:00,377 INFO L290 TraceCheckUtils]: 83: Hoare triple {2917#false} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {2917#false} is VALID [2022-02-20 17:58:00,377 INFO L290 TraceCheckUtils]: 84: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,377 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {2917#false} {2917#false} #1119#return; {2917#false} is VALID [2022-02-20 17:58:00,378 INFO L290 TraceCheckUtils]: 86: Hoare triple {2917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~4#1 := outgoing__wrappee__AddressBook_#t~ret90#1;havoc outgoing__wrappee__AddressBook_#t~ret90#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~4#1; {2917#false} is VALID [2022-02-20 17:58:00,378 INFO L272 TraceCheckUtils]: 87: Hoare triple {2917#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {2917#false} is VALID [2022-02-20 17:58:00,378 INFO L290 TraceCheckUtils]: 88: Hoare triple {2917#false} ~handle := #in~handle;~value := #in~value; {2917#false} is VALID [2022-02-20 17:58:00,378 INFO L290 TraceCheckUtils]: 89: Hoare triple {2917#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2917#false} is VALID [2022-02-20 17:58:00,378 INFO L290 TraceCheckUtils]: 90: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,378 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2917#false} {2917#false} #1121#return; {2917#false} is VALID [2022-02-20 17:58:00,379 INFO L272 TraceCheckUtils]: 92: Hoare triple {2917#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {2917#false} is VALID [2022-02-20 17:58:00,381 INFO L290 TraceCheckUtils]: 93: Hoare triple {2917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {2917#false} is VALID [2022-02-20 17:58:00,381 INFO L290 TraceCheckUtils]: 94: Hoare triple {2917#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {2917#false} is VALID [2022-02-20 17:58:00,381 INFO L290 TraceCheckUtils]: 95: Hoare triple {2917#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {2917#false} is VALID [2022-02-20 17:58:00,382 INFO L272 TraceCheckUtils]: 96: Hoare triple {2917#false} call setEmailFrom(~msg#1, ~tmp~12#1); {2917#false} is VALID [2022-02-20 17:58:00,382 INFO L290 TraceCheckUtils]: 97: Hoare triple {2917#false} ~handle := #in~handle;~value := #in~value; {2917#false} is VALID [2022-02-20 17:58:00,382 INFO L290 TraceCheckUtils]: 98: Hoare triple {2917#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2917#false} is VALID [2022-02-20 17:58:00,382 INFO L290 TraceCheckUtils]: 99: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,383 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {2917#false} {2917#false} #1147#return; {2917#false} is VALID [2022-02-20 17:58:00,383 INFO L290 TraceCheckUtils]: 101: Hoare triple {2917#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {2917#false} is VALID [2022-02-20 17:58:00,383 INFO L272 TraceCheckUtils]: 102: Hoare triple {2917#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {2917#false} is VALID [2022-02-20 17:58:00,383 INFO L290 TraceCheckUtils]: 103: Hoare triple {2917#false} ~handle := #in~handle;havoc ~retValue_acc~12; {2917#false} is VALID [2022-02-20 17:58:00,383 INFO L290 TraceCheckUtils]: 104: Hoare triple {2917#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {2917#false} is VALID [2022-02-20 17:58:00,383 INFO L290 TraceCheckUtils]: 105: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,383 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {2917#false} {2917#false} #1149#return; {2917#false} is VALID [2022-02-20 17:58:00,383 INFO L290 TraceCheckUtils]: 107: Hoare triple {2917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {2917#false} is VALID [2022-02-20 17:58:00,384 INFO L290 TraceCheckUtils]: 108: Hoare triple {2917#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {2917#false} is VALID [2022-02-20 17:58:00,384 INFO L272 TraceCheckUtils]: 109: Hoare triple {2917#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {2917#false} is VALID [2022-02-20 17:58:00,384 INFO L290 TraceCheckUtils]: 110: Hoare triple {2917#false} ~handle := #in~handle;havoc ~retValue_acc~7; {2917#false} is VALID [2022-02-20 17:58:00,384 INFO L290 TraceCheckUtils]: 111: Hoare triple {2917#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2917#false} is VALID [2022-02-20 17:58:00,384 INFO L290 TraceCheckUtils]: 112: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,384 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {2917#false} {2917#false} #1151#return; {2917#false} is VALID [2022-02-20 17:58:00,384 INFO L290 TraceCheckUtils]: 114: Hoare triple {2917#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {2917#false} is VALID [2022-02-20 17:58:00,385 INFO L290 TraceCheckUtils]: 115: Hoare triple {2917#false} assume 1 == ~sent_signed~0; {2917#false} is VALID [2022-02-20 17:58:00,385 INFO L272 TraceCheckUtils]: 116: Hoare triple {2917#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {2917#false} is VALID [2022-02-20 17:58:00,385 INFO L290 TraceCheckUtils]: 117: Hoare triple {2917#false} ~handle := #in~handle;havoc ~retValue_acc~6; {2917#false} is VALID [2022-02-20 17:58:00,385 INFO L290 TraceCheckUtils]: 118: Hoare triple {2917#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {2917#false} is VALID [2022-02-20 17:58:00,385 INFO L290 TraceCheckUtils]: 119: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,385 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {2917#false} {2917#false} #1153#return; {2917#false} is VALID [2022-02-20 17:58:00,385 INFO L290 TraceCheckUtils]: 121: Hoare triple {2917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {2917#false} is VALID [2022-02-20 17:58:00,385 INFO L272 TraceCheckUtils]: 122: Hoare triple {2917#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {2917#false} is VALID [2022-02-20 17:58:00,385 INFO L290 TraceCheckUtils]: 123: Hoare triple {2917#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {2917#false} is VALID [2022-02-20 17:58:00,386 INFO L290 TraceCheckUtils]: 124: Hoare triple {2917#false} assume 1 == ~handle; {2917#false} is VALID [2022-02-20 17:58:00,386 INFO L290 TraceCheckUtils]: 125: Hoare triple {2917#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {2917#false} is VALID [2022-02-20 17:58:00,386 INFO L290 TraceCheckUtils]: 126: Hoare triple {2917#false} assume true; {2917#false} is VALID [2022-02-20 17:58:00,388 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {2917#false} {2917#false} #1155#return; {2917#false} is VALID [2022-02-20 17:58:00,388 INFO L290 TraceCheckUtils]: 128: Hoare triple {2917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {2917#false} is VALID [2022-02-20 17:58:00,388 INFO L290 TraceCheckUtils]: 129: Hoare triple {2917#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {2917#false} is VALID [2022-02-20 17:58:00,388 INFO L272 TraceCheckUtils]: 130: Hoare triple {2917#false} call __automaton_fail(); {2917#false} is VALID [2022-02-20 17:58:00,388 INFO L290 TraceCheckUtils]: 131: Hoare triple {2917#false} assume !false; {2917#false} is VALID [2022-02-20 17:58:00,390 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 17:58:00,390 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:00,390 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [951940090] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:00,390 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:00,391 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:00,391 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [902363485] [2022-02-20 17:58:00,391 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:00,393 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 132 [2022-02-20 17:58:00,393 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:00,393 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:00,494 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 111 edges. 111 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:00,495 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:00,495 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:00,495 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:00,496 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:00,496 INFO L87 Difference]: Start difference. First operand 376 states and 572 transitions. Second operand has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:00,882 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:00,883 INFO L93 Difference]: Finished difference Result 563 states and 836 transitions. [2022-02-20 17:58:00,883 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:00,883 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 132 [2022-02-20 17:58:00,883 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:00,883 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:00,892 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 836 transitions. [2022-02-20 17:58:00,892 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:00,901 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 836 transitions. [2022-02-20 17:58:00,901 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 836 transitions. [2022-02-20 17:58:01,381 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 836 edges. 836 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:01,393 INFO L225 Difference]: With dead ends: 563 [2022-02-20 17:58:01,393 INFO L226 Difference]: Without dead ends: 379 [2022-02-20 17:58:01,394 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 169 GetRequests, 161 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:01,396 INFO L933 BasicCegarLoop]: 570 mSDtfsCounter, 1 mSDsluCounter, 568 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1138 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:01,397 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1138 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:01,399 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 379 states. [2022-02-20 17:58:01,421 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 379 to 378. [2022-02-20 17:58:01,421 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:01,422 INFO L82 GeneralOperation]: Start isEquivalent. First operand 379 states. Second operand has 378 states, 296 states have (on average 1.5574324324324325) internal successors, (461), 299 states have internal predecessors, (461), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:01,436 INFO L74 IsIncluded]: Start isIncluded. First operand 379 states. Second operand has 378 states, 296 states have (on average 1.5574324324324325) internal successors, (461), 299 states have internal predecessors, (461), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:01,437 INFO L87 Difference]: Start difference. First operand 379 states. Second operand has 378 states, 296 states have (on average 1.5574324324324325) internal successors, (461), 299 states have internal predecessors, (461), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:01,459 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:01,461 INFO L93 Difference]: Finished difference Result 379 states and 575 transitions. [2022-02-20 17:58:01,461 INFO L276 IsEmpty]: Start isEmpty. Operand 379 states and 575 transitions. [2022-02-20 17:58:01,463 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:01,463 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:01,464 INFO L74 IsIncluded]: Start isIncluded. First operand has 378 states, 296 states have (on average 1.5574324324324325) internal successors, (461), 299 states have internal predecessors, (461), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) Second operand 379 states. [2022-02-20 17:58:01,465 INFO L87 Difference]: Start difference. First operand has 378 states, 296 states have (on average 1.5574324324324325) internal successors, (461), 299 states have internal predecessors, (461), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) Second operand 379 states. [2022-02-20 17:58:01,474 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:01,474 INFO L93 Difference]: Finished difference Result 379 states and 575 transitions. [2022-02-20 17:58:01,474 INFO L276 IsEmpty]: Start isEmpty. Operand 379 states and 575 transitions. [2022-02-20 17:58:01,475 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:01,475 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:01,476 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:01,476 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:01,476 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 378 states, 296 states have (on average 1.5574324324324325) internal successors, (461), 299 states have internal predecessors, (461), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 54 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:01,486 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 378 states to 378 states and 574 transitions. [2022-02-20 17:58:01,487 INFO L78 Accepts]: Start accepts. Automaton has 378 states and 574 transitions. Word has length 132 [2022-02-20 17:58:01,487 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:01,487 INFO L470 AbstractCegarLoop]: Abstraction has 378 states and 574 transitions. [2022-02-20 17:58:01,487 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 2 states have call successors, (21), 2 states have call predecessors, (21), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:01,487 INFO L276 IsEmpty]: Start isEmpty. Operand 378 states and 574 transitions. [2022-02-20 17:58:01,489 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 123 [2022-02-20 17:58:01,489 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:01,489 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:01,516 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:01,699 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:58:01,699 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:01,700 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:01,700 INFO L85 PathProgramCache]: Analyzing trace with hash 719647433, now seen corresponding path program 1 times [2022-02-20 17:58:01,700 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:01,700 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1861400232] [2022-02-20 17:58:01,700 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:01,700 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:01,727 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,748 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:01,749 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,751 INFO L290 TraceCheckUtils]: 0: Hoare triple {5502#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,751 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,751 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,751 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5442#true} #1181#return; {5442#true} is VALID [2022-02-20 17:58:01,756 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:01,757 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,758 INFO L290 TraceCheckUtils]: 0: Hoare triple {5503#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,758 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,758 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,759 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5442#true} #1183#return; {5442#true} is VALID [2022-02-20 17:58:01,759 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:01,760 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,769 INFO L290 TraceCheckUtils]: 0: Hoare triple {5502#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5504#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:01,770 INFO L290 TraceCheckUtils]: 1: Hoare triple {5504#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5505#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:01,770 INFO L290 TraceCheckUtils]: 2: Hoare triple {5505#(= |setClientId_#in~handle| 1)} assume true; {5505#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:01,771 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5505#(= |setClientId_#in~handle| 1)} {5452#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1185#return; {5443#false} is VALID [2022-02-20 17:58:01,771 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:01,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,774 INFO L290 TraceCheckUtils]: 0: Hoare triple {5503#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,774 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,774 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,774 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1187#return; {5443#false} is VALID [2022-02-20 17:58:01,774 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:01,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,777 INFO L290 TraceCheckUtils]: 0: Hoare triple {5502#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,777 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,777 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,777 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1189#return; {5443#false} is VALID [2022-02-20 17:58:01,777 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:01,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,780 INFO L290 TraceCheckUtils]: 0: Hoare triple {5503#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,781 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,781 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,781 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1191#return; {5443#false} is VALID [2022-02-20 17:58:01,786 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:58:01,787 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,789 INFO L290 TraceCheckUtils]: 0: Hoare triple {5506#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,789 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,789 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,790 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1133#return; {5443#false} is VALID [2022-02-20 17:58:01,795 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:01,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {5507#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,798 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,798 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,798 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1135#return; {5443#false} is VALID [2022-02-20 17:58:01,798 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:58:01,799 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {5442#true} ~handle := #in~handle;havoc ~retValue_acc~29; {5442#true} is VALID [2022-02-20 17:58:01,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {5442#true} is VALID [2022-02-20 17:58:01,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,800 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1115#return; {5443#false} is VALID [2022-02-20 17:58:01,800 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:58:01,801 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {5506#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,803 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,803 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,803 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1147#return; {5443#false} is VALID [2022-02-20 17:58:01,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:58:01,804 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,805 INFO L290 TraceCheckUtils]: 0: Hoare triple {5442#true} ~handle := #in~handle;havoc ~retValue_acc~12; {5442#true} is VALID [2022-02-20 17:58:01,805 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {5442#true} is VALID [2022-02-20 17:58:01,805 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,805 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1149#return; {5443#false} is VALID [2022-02-20 17:58:01,805 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:58:01,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,808 INFO L290 TraceCheckUtils]: 0: Hoare triple {5442#true} ~handle := #in~handle;havoc ~retValue_acc~7; {5442#true} is VALID [2022-02-20 17:58:01,809 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {5442#true} is VALID [2022-02-20 17:58:01,809 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,809 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1151#return; {5443#false} is VALID [2022-02-20 17:58:01,809 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:58:01,809 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,811 INFO L290 TraceCheckUtils]: 0: Hoare triple {5442#true} ~handle := #in~handle;havoc ~retValue_acc~6; {5442#true} is VALID [2022-02-20 17:58:01,811 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {5442#true} is VALID [2022-02-20 17:58:01,811 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,811 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5442#true} {5443#false} #1153#return; {5443#false} is VALID [2022-02-20 17:58:01,811 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:58:01,812 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:01,818 INFO L290 TraceCheckUtils]: 0: Hoare triple {5442#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {5442#true} is VALID [2022-02-20 17:58:01,818 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume 1 == ~handle; {5442#true} is VALID [2022-02-20 17:58:01,819 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {5442#true} is VALID [2022-02-20 17:58:01,819 INFO L290 TraceCheckUtils]: 3: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,819 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5442#true} {5443#false} #1155#return; {5443#false} is VALID [2022-02-20 17:58:01,819 INFO L290 TraceCheckUtils]: 0: Hoare triple {5442#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5442#true} is VALID [2022-02-20 17:58:01,819 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5442#true} is VALID [2022-02-20 17:58:01,819 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5442#true} is VALID [2022-02-20 17:58:01,819 INFO L290 TraceCheckUtils]: 3: Hoare triple {5442#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {5442#true} is VALID [2022-02-20 17:58:01,820 INFO L290 TraceCheckUtils]: 4: Hoare triple {5442#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5442#true} is VALID [2022-02-20 17:58:01,820 INFO L290 TraceCheckUtils]: 5: Hoare triple {5442#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5442#true} is VALID [2022-02-20 17:58:01,820 INFO L272 TraceCheckUtils]: 6: Hoare triple {5442#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5502#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:01,820 INFO L290 TraceCheckUtils]: 7: Hoare triple {5502#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,821 INFO L290 TraceCheckUtils]: 8: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,821 INFO L290 TraceCheckUtils]: 9: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,821 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5442#true} {5442#true} #1181#return; {5442#true} is VALID [2022-02-20 17:58:01,821 INFO L290 TraceCheckUtils]: 11: Hoare triple {5442#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5442#true} is VALID [2022-02-20 17:58:01,827 INFO L272 TraceCheckUtils]: 12: Hoare triple {5442#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5503#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:01,827 INFO L290 TraceCheckUtils]: 13: Hoare triple {5503#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,828 INFO L290 TraceCheckUtils]: 14: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,828 INFO L290 TraceCheckUtils]: 15: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,828 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5442#true} {5442#true} #1183#return; {5442#true} is VALID [2022-02-20 17:58:01,828 INFO L290 TraceCheckUtils]: 17: Hoare triple {5442#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5452#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:01,829 INFO L272 TraceCheckUtils]: 18: Hoare triple {5452#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5502#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:01,829 INFO L290 TraceCheckUtils]: 19: Hoare triple {5502#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5504#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:01,829 INFO L290 TraceCheckUtils]: 20: Hoare triple {5504#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5505#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:01,830 INFO L290 TraceCheckUtils]: 21: Hoare triple {5505#(= |setClientId_#in~handle| 1)} assume true; {5505#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:01,830 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5505#(= |setClientId_#in~handle| 1)} {5452#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1185#return; {5443#false} is VALID [2022-02-20 17:58:01,830 INFO L290 TraceCheckUtils]: 23: Hoare triple {5443#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5443#false} is VALID [2022-02-20 17:58:01,830 INFO L272 TraceCheckUtils]: 24: Hoare triple {5443#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5503#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:01,830 INFO L290 TraceCheckUtils]: 25: Hoare triple {5503#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,831 INFO L290 TraceCheckUtils]: 26: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,831 INFO L290 TraceCheckUtils]: 27: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,831 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5442#true} {5443#false} #1187#return; {5443#false} is VALID [2022-02-20 17:58:01,831 INFO L290 TraceCheckUtils]: 29: Hoare triple {5443#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5443#false} is VALID [2022-02-20 17:58:01,831 INFO L272 TraceCheckUtils]: 30: Hoare triple {5443#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5502#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:01,831 INFO L290 TraceCheckUtils]: 31: Hoare triple {5502#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,831 INFO L290 TraceCheckUtils]: 32: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,831 INFO L290 TraceCheckUtils]: 33: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,832 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5442#true} {5443#false} #1189#return; {5443#false} is VALID [2022-02-20 17:58:01,832 INFO L290 TraceCheckUtils]: 35: Hoare triple {5443#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5443#false} is VALID [2022-02-20 17:58:01,832 INFO L272 TraceCheckUtils]: 36: Hoare triple {5443#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5503#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:01,832 INFO L290 TraceCheckUtils]: 37: Hoare triple {5503#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,832 INFO L290 TraceCheckUtils]: 38: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,832 INFO L290 TraceCheckUtils]: 39: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,832 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5442#true} {5443#false} #1191#return; {5443#false} is VALID [2022-02-20 17:58:01,832 INFO L290 TraceCheckUtils]: 41: Hoare triple {5443#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5443#false} is VALID [2022-02-20 17:58:01,833 INFO L290 TraceCheckUtils]: 42: Hoare triple {5443#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5443#false} is VALID [2022-02-20 17:58:01,833 INFO L290 TraceCheckUtils]: 43: Hoare triple {5443#false} assume !false; {5443#false} is VALID [2022-02-20 17:58:01,833 INFO L290 TraceCheckUtils]: 44: Hoare triple {5443#false} assume test_~splverifierCounter~0#1 < 4; {5443#false} is VALID [2022-02-20 17:58:01,833 INFO L290 TraceCheckUtils]: 45: Hoare triple {5443#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5443#false} is VALID [2022-02-20 17:58:01,833 INFO L290 TraceCheckUtils]: 46: Hoare triple {5443#false} assume !(0 == test_~op1~0#1); {5443#false} is VALID [2022-02-20 17:58:01,833 INFO L290 TraceCheckUtils]: 47: Hoare triple {5443#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {5443#false} is VALID [2022-02-20 17:58:01,833 INFO L290 TraceCheckUtils]: 48: Hoare triple {5443#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5443#false} is VALID [2022-02-20 17:58:01,834 INFO L290 TraceCheckUtils]: 49: Hoare triple {5443#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5443#false} is VALID [2022-02-20 17:58:01,834 INFO L290 TraceCheckUtils]: 50: Hoare triple {5443#false} assume { :end_inline_setClientAutoResponse } true; {5443#false} is VALID [2022-02-20 17:58:01,834 INFO L290 TraceCheckUtils]: 51: Hoare triple {5443#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5443#false} is VALID [2022-02-20 17:58:01,834 INFO L290 TraceCheckUtils]: 52: Hoare triple {5443#false} assume !false; {5443#false} is VALID [2022-02-20 17:58:01,834 INFO L290 TraceCheckUtils]: 53: Hoare triple {5443#false} assume !(test_~splverifierCounter~0#1 < 4); {5443#false} is VALID [2022-02-20 17:58:01,834 INFO L290 TraceCheckUtils]: 54: Hoare triple {5443#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5443#false} is VALID [2022-02-20 17:58:01,834 INFO L272 TraceCheckUtils]: 55: Hoare triple {5443#false} call sendEmail(~bob~0, ~rjh~0); {5443#false} is VALID [2022-02-20 17:58:01,834 INFO L290 TraceCheckUtils]: 56: Hoare triple {5443#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5443#false} is VALID [2022-02-20 17:58:01,835 INFO L272 TraceCheckUtils]: 57: Hoare triple {5443#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5506#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:01,835 INFO L290 TraceCheckUtils]: 58: Hoare triple {5506#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,835 INFO L290 TraceCheckUtils]: 59: Hoare triple {5442#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,835 INFO L290 TraceCheckUtils]: 60: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,835 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5442#true} {5443#false} #1133#return; {5443#false} is VALID [2022-02-20 17:58:01,835 INFO L272 TraceCheckUtils]: 62: Hoare triple {5443#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5507#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:01,835 INFO L290 TraceCheckUtils]: 63: Hoare triple {5507#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,835 INFO L290 TraceCheckUtils]: 64: Hoare triple {5442#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,836 INFO L290 TraceCheckUtils]: 65: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,836 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5442#true} {5443#false} #1135#return; {5443#false} is VALID [2022-02-20 17:58:01,836 INFO L290 TraceCheckUtils]: 67: Hoare triple {5443#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {5443#false} is VALID [2022-02-20 17:58:01,836 INFO L290 TraceCheckUtils]: 68: Hoare triple {5443#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {5443#false} is VALID [2022-02-20 17:58:01,836 INFO L272 TraceCheckUtils]: 69: Hoare triple {5443#false} call outgoing(~sender#1, ~email~0#1); {5443#false} is VALID [2022-02-20 17:58:01,836 INFO L290 TraceCheckUtils]: 70: Hoare triple {5443#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {5443#false} is VALID [2022-02-20 17:58:01,836 INFO L290 TraceCheckUtils]: 71: Hoare triple {5443#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {5443#false} is VALID [2022-02-20 17:58:01,836 INFO L290 TraceCheckUtils]: 72: Hoare triple {5443#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {5443#false} is VALID [2022-02-20 17:58:01,837 INFO L290 TraceCheckUtils]: 73: Hoare triple {5443#false} assume 0 == sign_~privkey~0#1; {5443#false} is VALID [2022-02-20 17:58:01,837 INFO L290 TraceCheckUtils]: 74: Hoare triple {5443#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {5443#false} is VALID [2022-02-20 17:58:01,837 INFO L272 TraceCheckUtils]: 75: Hoare triple {5443#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5442#true} is VALID [2022-02-20 17:58:01,837 INFO L290 TraceCheckUtils]: 76: Hoare triple {5442#true} ~handle := #in~handle;havoc ~retValue_acc~29; {5442#true} is VALID [2022-02-20 17:58:01,837 INFO L290 TraceCheckUtils]: 77: Hoare triple {5442#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {5442#true} is VALID [2022-02-20 17:58:01,837 INFO L290 TraceCheckUtils]: 78: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,837 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {5442#true} {5443#false} #1115#return; {5443#false} is VALID [2022-02-20 17:58:01,837 INFO L290 TraceCheckUtils]: 80: Hoare triple {5443#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {5443#false} is VALID [2022-02-20 17:58:01,837 INFO L290 TraceCheckUtils]: 81: Hoare triple {5443#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5443#false} is VALID [2022-02-20 17:58:01,838 INFO L272 TraceCheckUtils]: 82: Hoare triple {5443#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5443#false} is VALID [2022-02-20 17:58:01,838 INFO L290 TraceCheckUtils]: 83: Hoare triple {5443#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {5443#false} is VALID [2022-02-20 17:58:01,838 INFO L290 TraceCheckUtils]: 84: Hoare triple {5443#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {5443#false} is VALID [2022-02-20 17:58:01,838 INFO L290 TraceCheckUtils]: 85: Hoare triple {5443#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {5443#false} is VALID [2022-02-20 17:58:01,838 INFO L272 TraceCheckUtils]: 86: Hoare triple {5443#false} call setEmailFrom(~msg#1, ~tmp~12#1); {5506#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:01,838 INFO L290 TraceCheckUtils]: 87: Hoare triple {5506#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:01,838 INFO L290 TraceCheckUtils]: 88: Hoare triple {5442#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:01,838 INFO L290 TraceCheckUtils]: 89: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,839 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5442#true} {5443#false} #1147#return; {5443#false} is VALID [2022-02-20 17:58:01,839 INFO L290 TraceCheckUtils]: 91: Hoare triple {5443#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {5443#false} is VALID [2022-02-20 17:58:01,839 INFO L272 TraceCheckUtils]: 92: Hoare triple {5443#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {5442#true} is VALID [2022-02-20 17:58:01,839 INFO L290 TraceCheckUtils]: 93: Hoare triple {5442#true} ~handle := #in~handle;havoc ~retValue_acc~12; {5442#true} is VALID [2022-02-20 17:58:01,839 INFO L290 TraceCheckUtils]: 94: Hoare triple {5442#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {5442#true} is VALID [2022-02-20 17:58:01,839 INFO L290 TraceCheckUtils]: 95: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,839 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {5442#true} {5443#false} #1149#return; {5443#false} is VALID [2022-02-20 17:58:01,839 INFO L290 TraceCheckUtils]: 97: Hoare triple {5443#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {5443#false} is VALID [2022-02-20 17:58:01,840 INFO L290 TraceCheckUtils]: 98: Hoare triple {5443#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {5443#false} is VALID [2022-02-20 17:58:01,840 INFO L272 TraceCheckUtils]: 99: Hoare triple {5443#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {5442#true} is VALID [2022-02-20 17:58:01,840 INFO L290 TraceCheckUtils]: 100: Hoare triple {5442#true} ~handle := #in~handle;havoc ~retValue_acc~7; {5442#true} is VALID [2022-02-20 17:58:01,840 INFO L290 TraceCheckUtils]: 101: Hoare triple {5442#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {5442#true} is VALID [2022-02-20 17:58:01,840 INFO L290 TraceCheckUtils]: 102: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,840 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {5442#true} {5443#false} #1151#return; {5443#false} is VALID [2022-02-20 17:58:01,840 INFO L290 TraceCheckUtils]: 104: Hoare triple {5443#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {5443#false} is VALID [2022-02-20 17:58:01,840 INFO L290 TraceCheckUtils]: 105: Hoare triple {5443#false} assume 1 == ~sent_signed~0; {5443#false} is VALID [2022-02-20 17:58:01,841 INFO L272 TraceCheckUtils]: 106: Hoare triple {5443#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {5442#true} is VALID [2022-02-20 17:58:01,841 INFO L290 TraceCheckUtils]: 107: Hoare triple {5442#true} ~handle := #in~handle;havoc ~retValue_acc~6; {5442#true} is VALID [2022-02-20 17:58:01,841 INFO L290 TraceCheckUtils]: 108: Hoare triple {5442#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {5442#true} is VALID [2022-02-20 17:58:01,841 INFO L290 TraceCheckUtils]: 109: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,841 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {5442#true} {5443#false} #1153#return; {5443#false} is VALID [2022-02-20 17:58:01,841 INFO L290 TraceCheckUtils]: 111: Hoare triple {5443#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {5443#false} is VALID [2022-02-20 17:58:01,841 INFO L272 TraceCheckUtils]: 112: Hoare triple {5443#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {5442#true} is VALID [2022-02-20 17:58:01,841 INFO L290 TraceCheckUtils]: 113: Hoare triple {5442#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {5442#true} is VALID [2022-02-20 17:58:01,841 INFO L290 TraceCheckUtils]: 114: Hoare triple {5442#true} assume 1 == ~handle; {5442#true} is VALID [2022-02-20 17:58:01,842 INFO L290 TraceCheckUtils]: 115: Hoare triple {5442#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {5442#true} is VALID [2022-02-20 17:58:01,842 INFO L290 TraceCheckUtils]: 116: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:01,842 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {5442#true} {5443#false} #1155#return; {5443#false} is VALID [2022-02-20 17:58:01,842 INFO L290 TraceCheckUtils]: 118: Hoare triple {5443#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {5443#false} is VALID [2022-02-20 17:58:01,842 INFO L290 TraceCheckUtils]: 119: Hoare triple {5443#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {5443#false} is VALID [2022-02-20 17:58:01,842 INFO L272 TraceCheckUtils]: 120: Hoare triple {5443#false} call __automaton_fail(); {5443#false} is VALID [2022-02-20 17:58:01,842 INFO L290 TraceCheckUtils]: 121: Hoare triple {5443#false} assume !false; {5443#false} is VALID [2022-02-20 17:58:01,843 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:58:01,843 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:01,843 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1861400232] [2022-02-20 17:58:01,843 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1861400232] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:01,843 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1656322757] [2022-02-20 17:58:01,843 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:01,844 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:01,844 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:01,845 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:01,863 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:58:02,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:02,078 INFO L263 TraceCheckSpWp]: Trace formula consists of 1171 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:58:02,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:02,131 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:02,309 INFO L290 TraceCheckUtils]: 0: Hoare triple {5442#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5442#true} is VALID [2022-02-20 17:58:02,310 INFO L290 TraceCheckUtils]: 1: Hoare triple {5442#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {5442#true} is VALID [2022-02-20 17:58:02,310 INFO L290 TraceCheckUtils]: 2: Hoare triple {5442#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5442#true} is VALID [2022-02-20 17:58:02,310 INFO L290 TraceCheckUtils]: 3: Hoare triple {5442#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {5442#true} is VALID [2022-02-20 17:58:02,310 INFO L290 TraceCheckUtils]: 4: Hoare triple {5442#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {5442#true} is VALID [2022-02-20 17:58:02,310 INFO L290 TraceCheckUtils]: 5: Hoare triple {5442#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5442#true} is VALID [2022-02-20 17:58:02,310 INFO L272 TraceCheckUtils]: 6: Hoare triple {5442#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5442#true} is VALID [2022-02-20 17:58:02,311 INFO L290 TraceCheckUtils]: 7: Hoare triple {5442#true} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:02,311 INFO L290 TraceCheckUtils]: 8: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:02,311 INFO L290 TraceCheckUtils]: 9: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:02,311 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5442#true} {5442#true} #1181#return; {5442#true} is VALID [2022-02-20 17:58:02,311 INFO L290 TraceCheckUtils]: 11: Hoare triple {5442#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5442#true} is VALID [2022-02-20 17:58:02,311 INFO L272 TraceCheckUtils]: 12: Hoare triple {5442#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5442#true} is VALID [2022-02-20 17:58:02,311 INFO L290 TraceCheckUtils]: 13: Hoare triple {5442#true} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:02,312 INFO L290 TraceCheckUtils]: 14: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:02,312 INFO L290 TraceCheckUtils]: 15: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:02,312 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5442#true} {5442#true} #1183#return; {5442#true} is VALID [2022-02-20 17:58:02,312 INFO L290 TraceCheckUtils]: 17: Hoare triple {5442#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5442#true} is VALID [2022-02-20 17:58:02,312 INFO L272 TraceCheckUtils]: 18: Hoare triple {5442#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5442#true} is VALID [2022-02-20 17:58:02,312 INFO L290 TraceCheckUtils]: 19: Hoare triple {5442#true} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:02,312 INFO L290 TraceCheckUtils]: 20: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:02,313 INFO L290 TraceCheckUtils]: 21: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:02,313 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5442#true} {5442#true} #1185#return; {5442#true} is VALID [2022-02-20 17:58:02,313 INFO L290 TraceCheckUtils]: 23: Hoare triple {5442#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5442#true} is VALID [2022-02-20 17:58:02,313 INFO L272 TraceCheckUtils]: 24: Hoare triple {5442#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5442#true} is VALID [2022-02-20 17:58:02,313 INFO L290 TraceCheckUtils]: 25: Hoare triple {5442#true} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:02,313 INFO L290 TraceCheckUtils]: 26: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:02,313 INFO L290 TraceCheckUtils]: 27: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:02,314 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5442#true} {5442#true} #1187#return; {5442#true} is VALID [2022-02-20 17:58:02,314 INFO L290 TraceCheckUtils]: 29: Hoare triple {5442#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5442#true} is VALID [2022-02-20 17:58:02,314 INFO L272 TraceCheckUtils]: 30: Hoare triple {5442#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5442#true} is VALID [2022-02-20 17:58:02,314 INFO L290 TraceCheckUtils]: 31: Hoare triple {5442#true} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:02,314 INFO L290 TraceCheckUtils]: 32: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:02,314 INFO L290 TraceCheckUtils]: 33: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:02,314 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5442#true} {5442#true} #1189#return; {5442#true} is VALID [2022-02-20 17:58:02,315 INFO L290 TraceCheckUtils]: 35: Hoare triple {5442#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5442#true} is VALID [2022-02-20 17:58:02,315 INFO L272 TraceCheckUtils]: 36: Hoare triple {5442#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5442#true} is VALID [2022-02-20 17:58:02,315 INFO L290 TraceCheckUtils]: 37: Hoare triple {5442#true} ~handle := #in~handle;~value := #in~value; {5442#true} is VALID [2022-02-20 17:58:02,315 INFO L290 TraceCheckUtils]: 38: Hoare triple {5442#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5442#true} is VALID [2022-02-20 17:58:02,315 INFO L290 TraceCheckUtils]: 39: Hoare triple {5442#true} assume true; {5442#true} is VALID [2022-02-20 17:58:02,315 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5442#true} {5442#true} #1191#return; {5442#true} is VALID [2022-02-20 17:58:02,315 INFO L290 TraceCheckUtils]: 41: Hoare triple {5442#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {5442#true} is VALID [2022-02-20 17:58:02,316 INFO L290 TraceCheckUtils]: 42: Hoare triple {5442#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5637#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:02,316 INFO L290 TraceCheckUtils]: 43: Hoare triple {5637#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5637#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:02,316 INFO L290 TraceCheckUtils]: 44: Hoare triple {5637#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5637#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:02,317 INFO L290 TraceCheckUtils]: 45: Hoare triple {5637#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5637#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:02,317 INFO L290 TraceCheckUtils]: 46: Hoare triple {5637#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5443#false} is VALID [2022-02-20 17:58:02,317 INFO L290 TraceCheckUtils]: 47: Hoare triple {5443#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {5443#false} is VALID [2022-02-20 17:58:02,317 INFO L290 TraceCheckUtils]: 48: Hoare triple {5443#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5443#false} is VALID [2022-02-20 17:58:02,317 INFO L290 TraceCheckUtils]: 49: Hoare triple {5443#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5443#false} is VALID [2022-02-20 17:58:02,318 INFO L290 TraceCheckUtils]: 50: Hoare triple {5443#false} assume { :end_inline_setClientAutoResponse } true; {5443#false} is VALID [2022-02-20 17:58:02,318 INFO L290 TraceCheckUtils]: 51: Hoare triple {5443#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5443#false} is VALID [2022-02-20 17:58:02,318 INFO L290 TraceCheckUtils]: 52: Hoare triple {5443#false} assume !false; {5443#false} is VALID [2022-02-20 17:58:02,318 INFO L290 TraceCheckUtils]: 53: Hoare triple {5443#false} assume !(test_~splverifierCounter~0#1 < 4); {5443#false} is VALID [2022-02-20 17:58:02,318 INFO L290 TraceCheckUtils]: 54: Hoare triple {5443#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {5443#false} is VALID [2022-02-20 17:58:02,318 INFO L272 TraceCheckUtils]: 55: Hoare triple {5443#false} call sendEmail(~bob~0, ~rjh~0); {5443#false} is VALID [2022-02-20 17:58:02,318 INFO L290 TraceCheckUtils]: 56: Hoare triple {5443#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5443#false} is VALID [2022-02-20 17:58:02,319 INFO L272 TraceCheckUtils]: 57: Hoare triple {5443#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5443#false} is VALID [2022-02-20 17:58:02,319 INFO L290 TraceCheckUtils]: 58: Hoare triple {5443#false} ~handle := #in~handle;~value := #in~value; {5443#false} is VALID [2022-02-20 17:58:02,319 INFO L290 TraceCheckUtils]: 59: Hoare triple {5443#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5443#false} is VALID [2022-02-20 17:58:02,319 INFO L290 TraceCheckUtils]: 60: Hoare triple {5443#false} assume true; {5443#false} is VALID [2022-02-20 17:58:02,319 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5443#false} {5443#false} #1133#return; {5443#false} is VALID [2022-02-20 17:58:02,319 INFO L272 TraceCheckUtils]: 62: Hoare triple {5443#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5443#false} is VALID [2022-02-20 17:58:02,319 INFO L290 TraceCheckUtils]: 63: Hoare triple {5443#false} ~handle := #in~handle;~value := #in~value; {5443#false} is VALID [2022-02-20 17:58:02,320 INFO L290 TraceCheckUtils]: 64: Hoare triple {5443#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5443#false} is VALID [2022-02-20 17:58:02,320 INFO L290 TraceCheckUtils]: 65: Hoare triple {5443#false} assume true; {5443#false} is VALID [2022-02-20 17:58:02,320 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5443#false} {5443#false} #1135#return; {5443#false} is VALID [2022-02-20 17:58:02,320 INFO L290 TraceCheckUtils]: 67: Hoare triple {5443#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {5443#false} is VALID [2022-02-20 17:58:02,320 INFO L290 TraceCheckUtils]: 68: Hoare triple {5443#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {5443#false} is VALID [2022-02-20 17:58:02,320 INFO L272 TraceCheckUtils]: 69: Hoare triple {5443#false} call outgoing(~sender#1, ~email~0#1); {5443#false} is VALID [2022-02-20 17:58:02,320 INFO L290 TraceCheckUtils]: 70: Hoare triple {5443#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {5443#false} is VALID [2022-02-20 17:58:02,321 INFO L290 TraceCheckUtils]: 71: Hoare triple {5443#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {5443#false} is VALID [2022-02-20 17:58:02,321 INFO L290 TraceCheckUtils]: 72: Hoare triple {5443#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {5443#false} is VALID [2022-02-20 17:58:02,321 INFO L290 TraceCheckUtils]: 73: Hoare triple {5443#false} assume 0 == sign_~privkey~0#1; {5443#false} is VALID [2022-02-20 17:58:02,321 INFO L290 TraceCheckUtils]: 74: Hoare triple {5443#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {5443#false} is VALID [2022-02-20 17:58:02,321 INFO L272 TraceCheckUtils]: 75: Hoare triple {5443#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {5443#false} is VALID [2022-02-20 17:58:02,321 INFO L290 TraceCheckUtils]: 76: Hoare triple {5443#false} ~handle := #in~handle;havoc ~retValue_acc~29; {5443#false} is VALID [2022-02-20 17:58:02,321 INFO L290 TraceCheckUtils]: 77: Hoare triple {5443#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {5443#false} is VALID [2022-02-20 17:58:02,322 INFO L290 TraceCheckUtils]: 78: Hoare triple {5443#false} assume true; {5443#false} is VALID [2022-02-20 17:58:02,322 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {5443#false} {5443#false} #1115#return; {5443#false} is VALID [2022-02-20 17:58:02,322 INFO L290 TraceCheckUtils]: 80: Hoare triple {5443#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {5443#false} is VALID [2022-02-20 17:58:02,322 INFO L290 TraceCheckUtils]: 81: Hoare triple {5443#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {5443#false} is VALID [2022-02-20 17:58:02,322 INFO L272 TraceCheckUtils]: 82: Hoare triple {5443#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {5443#false} is VALID [2022-02-20 17:58:02,322 INFO L290 TraceCheckUtils]: 83: Hoare triple {5443#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {5443#false} is VALID [2022-02-20 17:58:02,322 INFO L290 TraceCheckUtils]: 84: Hoare triple {5443#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {5443#false} is VALID [2022-02-20 17:58:02,323 INFO L290 TraceCheckUtils]: 85: Hoare triple {5443#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {5443#false} is VALID [2022-02-20 17:58:02,323 INFO L272 TraceCheckUtils]: 86: Hoare triple {5443#false} call setEmailFrom(~msg#1, ~tmp~12#1); {5443#false} is VALID [2022-02-20 17:58:02,323 INFO L290 TraceCheckUtils]: 87: Hoare triple {5443#false} ~handle := #in~handle;~value := #in~value; {5443#false} is VALID [2022-02-20 17:58:02,323 INFO L290 TraceCheckUtils]: 88: Hoare triple {5443#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5443#false} is VALID [2022-02-20 17:58:02,323 INFO L290 TraceCheckUtils]: 89: Hoare triple {5443#false} assume true; {5443#false} is VALID [2022-02-20 17:58:02,323 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5443#false} {5443#false} #1147#return; {5443#false} is VALID [2022-02-20 17:58:02,323 INFO L290 TraceCheckUtils]: 91: Hoare triple {5443#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {5443#false} is VALID [2022-02-20 17:58:02,324 INFO L272 TraceCheckUtils]: 92: Hoare triple {5443#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {5443#false} is VALID [2022-02-20 17:58:02,324 INFO L290 TraceCheckUtils]: 93: Hoare triple {5443#false} ~handle := #in~handle;havoc ~retValue_acc~12; {5443#false} is VALID [2022-02-20 17:58:02,324 INFO L290 TraceCheckUtils]: 94: Hoare triple {5443#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {5443#false} is VALID [2022-02-20 17:58:02,324 INFO L290 TraceCheckUtils]: 95: Hoare triple {5443#false} assume true; {5443#false} is VALID [2022-02-20 17:58:02,324 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {5443#false} {5443#false} #1149#return; {5443#false} is VALID [2022-02-20 17:58:02,324 INFO L290 TraceCheckUtils]: 97: Hoare triple {5443#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {5443#false} is VALID [2022-02-20 17:58:02,325 INFO L290 TraceCheckUtils]: 98: Hoare triple {5443#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {5443#false} is VALID [2022-02-20 17:58:02,325 INFO L272 TraceCheckUtils]: 99: Hoare triple {5443#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {5443#false} is VALID [2022-02-20 17:58:02,325 INFO L290 TraceCheckUtils]: 100: Hoare triple {5443#false} ~handle := #in~handle;havoc ~retValue_acc~7; {5443#false} is VALID [2022-02-20 17:58:02,325 INFO L290 TraceCheckUtils]: 101: Hoare triple {5443#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {5443#false} is VALID [2022-02-20 17:58:02,325 INFO L290 TraceCheckUtils]: 102: Hoare triple {5443#false} assume true; {5443#false} is VALID [2022-02-20 17:58:02,325 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {5443#false} {5443#false} #1151#return; {5443#false} is VALID [2022-02-20 17:58:02,325 INFO L290 TraceCheckUtils]: 104: Hoare triple {5443#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {5443#false} is VALID [2022-02-20 17:58:02,326 INFO L290 TraceCheckUtils]: 105: Hoare triple {5443#false} assume 1 == ~sent_signed~0; {5443#false} is VALID [2022-02-20 17:58:02,326 INFO L272 TraceCheckUtils]: 106: Hoare triple {5443#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {5443#false} is VALID [2022-02-20 17:58:02,326 INFO L290 TraceCheckUtils]: 107: Hoare triple {5443#false} ~handle := #in~handle;havoc ~retValue_acc~6; {5443#false} is VALID [2022-02-20 17:58:02,326 INFO L290 TraceCheckUtils]: 108: Hoare triple {5443#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {5443#false} is VALID [2022-02-20 17:58:02,326 INFO L290 TraceCheckUtils]: 109: Hoare triple {5443#false} assume true; {5443#false} is VALID [2022-02-20 17:58:02,326 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {5443#false} {5443#false} #1153#return; {5443#false} is VALID [2022-02-20 17:58:02,326 INFO L290 TraceCheckUtils]: 111: Hoare triple {5443#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {5443#false} is VALID [2022-02-20 17:58:02,327 INFO L272 TraceCheckUtils]: 112: Hoare triple {5443#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {5443#false} is VALID [2022-02-20 17:58:02,327 INFO L290 TraceCheckUtils]: 113: Hoare triple {5443#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {5443#false} is VALID [2022-02-20 17:58:02,327 INFO L290 TraceCheckUtils]: 114: Hoare triple {5443#false} assume 1 == ~handle; {5443#false} is VALID [2022-02-20 17:58:02,327 INFO L290 TraceCheckUtils]: 115: Hoare triple {5443#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {5443#false} is VALID [2022-02-20 17:58:02,327 INFO L290 TraceCheckUtils]: 116: Hoare triple {5443#false} assume true; {5443#false} is VALID [2022-02-20 17:58:02,327 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {5443#false} {5443#false} #1155#return; {5443#false} is VALID [2022-02-20 17:58:02,327 INFO L290 TraceCheckUtils]: 118: Hoare triple {5443#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {5443#false} is VALID [2022-02-20 17:58:02,328 INFO L290 TraceCheckUtils]: 119: Hoare triple {5443#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {5443#false} is VALID [2022-02-20 17:58:02,328 INFO L272 TraceCheckUtils]: 120: Hoare triple {5443#false} call __automaton_fail(); {5443#false} is VALID [2022-02-20 17:58:02,328 INFO L290 TraceCheckUtils]: 121: Hoare triple {5443#false} assume !false; {5443#false} is VALID [2022-02-20 17:58:02,328 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 17:58:02,328 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:02,329 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1656322757] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:02,329 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:02,329 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:02,329 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1591269731] [2022-02-20 17:58:02,329 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:02,330 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 122 [2022-02-20 17:58:02,330 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:02,330 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:58:02,392 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 107 edges. 107 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:02,392 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:02,392 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:02,393 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:02,393 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:02,393 INFO L87 Difference]: Start difference. First operand 378 states and 574 transitions. Second operand has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:58:02,840 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:02,841 INFO L93 Difference]: Finished difference Result 804 states and 1240 transitions. [2022-02-20 17:58:02,841 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:02,841 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 122 [2022-02-20 17:58:02,841 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:02,841 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:58:02,850 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1238 transitions. [2022-02-20 17:58:02,851 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:58:02,860 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1238 transitions. [2022-02-20 17:58:02,860 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1238 transitions. [2022-02-20 17:58:03,490 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1238 edges. 1238 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:03,501 INFO L225 Difference]: With dead ends: 804 [2022-02-20 17:58:03,501 INFO L226 Difference]: Without dead ends: 453 [2022-02-20 17:58:03,502 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 153 GetRequests, 145 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:03,503 INFO L933 BasicCegarLoop]: 596 mSDtfsCounter, 134 mSDsluCounter, 525 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 1121 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:03,503 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 1121 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:03,504 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 453 states. [2022-02-20 17:58:03,517 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 453 to 445. [2022-02-20 17:58:03,517 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:03,518 INFO L82 GeneralOperation]: Start isEquivalent. First operand 453 states. Second operand has 445 states, 349 states have (on average 1.5759312320916905) internal successors, (550), 352 states have internal predecessors, (550), 72 states have call successors, (72), 24 states have call predecessors, (72), 23 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) [2022-02-20 17:58:03,519 INFO L74 IsIncluded]: Start isIncluded. First operand 453 states. Second operand has 445 states, 349 states have (on average 1.5759312320916905) internal successors, (550), 352 states have internal predecessors, (550), 72 states have call successors, (72), 24 states have call predecessors, (72), 23 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) [2022-02-20 17:58:03,520 INFO L87 Difference]: Start difference. First operand 453 states. Second operand has 445 states, 349 states have (on average 1.5759312320916905) internal successors, (550), 352 states have internal predecessors, (550), 72 states have call successors, (72), 24 states have call predecessors, (72), 23 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) [2022-02-20 17:58:03,531 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:03,531 INFO L93 Difference]: Finished difference Result 453 states and 700 transitions. [2022-02-20 17:58:03,532 INFO L276 IsEmpty]: Start isEmpty. Operand 453 states and 700 transitions. [2022-02-20 17:58:03,533 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:03,533 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:03,534 INFO L74 IsIncluded]: Start isIncluded. First operand has 445 states, 349 states have (on average 1.5759312320916905) internal successors, (550), 352 states have internal predecessors, (550), 72 states have call successors, (72), 24 states have call predecessors, (72), 23 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) Second operand 453 states. [2022-02-20 17:58:03,535 INFO L87 Difference]: Start difference. First operand has 445 states, 349 states have (on average 1.5759312320916905) internal successors, (550), 352 states have internal predecessors, (550), 72 states have call successors, (72), 24 states have call predecessors, (72), 23 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) Second operand 453 states. [2022-02-20 17:58:03,546 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:03,546 INFO L93 Difference]: Finished difference Result 453 states and 700 transitions. [2022-02-20 17:58:03,547 INFO L276 IsEmpty]: Start isEmpty. Operand 453 states and 700 transitions. [2022-02-20 17:58:03,548 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:03,548 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:03,548 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:03,548 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:03,549 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 445 states, 349 states have (on average 1.5759312320916905) internal successors, (550), 352 states have internal predecessors, (550), 72 states have call successors, (72), 24 states have call predecessors, (72), 23 states have return successors, (69), 68 states have call predecessors, (69), 69 states have call successors, (69) [2022-02-20 17:58:03,562 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 445 states to 445 states and 691 transitions. [2022-02-20 17:58:03,562 INFO L78 Accepts]: Start accepts. Automaton has 445 states and 691 transitions. Word has length 122 [2022-02-20 17:58:03,562 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:03,563 INFO L470 AbstractCegarLoop]: Abstraction has 445 states and 691 transitions. [2022-02-20 17:58:03,563 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (18), 2 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:58:03,563 INFO L276 IsEmpty]: Start isEmpty. Operand 445 states and 691 transitions. [2022-02-20 17:58:03,564 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 124 [2022-02-20 17:58:03,565 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:03,565 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:03,604 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:03,782 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:03,783 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:03,783 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:03,783 INFO L85 PathProgramCache]: Analyzing trace with hash 331474700, now seen corresponding path program 1 times [2022-02-20 17:58:03,784 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:03,784 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1296581203] [2022-02-20 17:58:03,784 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:03,784 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:03,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:03,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,830 INFO L290 TraceCheckUtils]: 0: Hoare triple {8568#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,830 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,830 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,831 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8508#true} #1181#return; {8508#true} is VALID [2022-02-20 17:58:03,835 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:03,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,844 INFO L290 TraceCheckUtils]: 0: Hoare triple {8569#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,844 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,844 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,844 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8508#true} #1183#return; {8508#true} is VALID [2022-02-20 17:58:03,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:03,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,855 INFO L290 TraceCheckUtils]: 0: Hoare triple {8568#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8570#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:03,855 INFO L290 TraceCheckUtils]: 1: Hoare triple {8570#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8571#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:03,855 INFO L290 TraceCheckUtils]: 2: Hoare triple {8571#(= |setClientId_#in~handle| 1)} assume true; {8571#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:03,856 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8571#(= |setClientId_#in~handle| 1)} {8518#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1185#return; {8509#false} is VALID [2022-02-20 17:58:03,856 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:03,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,859 INFO L290 TraceCheckUtils]: 0: Hoare triple {8569#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,860 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,860 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,860 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1187#return; {8509#false} is VALID [2022-02-20 17:58:03,860 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:03,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {8568#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,862 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,863 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,863 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1189#return; {8509#false} is VALID [2022-02-20 17:58:03,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:03,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,865 INFO L290 TraceCheckUtils]: 0: Hoare triple {8569#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,865 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,865 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,865 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1191#return; {8509#false} is VALID [2022-02-20 17:58:03,870 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:58:03,871 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,872 INFO L290 TraceCheckUtils]: 0: Hoare triple {8572#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,872 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,872 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,872 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1133#return; {8509#false} is VALID [2022-02-20 17:58:03,878 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:58:03,879 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,880 INFO L290 TraceCheckUtils]: 0: Hoare triple {8573#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,880 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,880 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,880 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1135#return; {8509#false} is VALID [2022-02-20 17:58:03,880 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:58:03,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,882 INFO L290 TraceCheckUtils]: 0: Hoare triple {8508#true} ~handle := #in~handle;havoc ~retValue_acc~29; {8508#true} is VALID [2022-02-20 17:58:03,882 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {8508#true} is VALID [2022-02-20 17:58:03,882 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,883 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1115#return; {8509#false} is VALID [2022-02-20 17:58:03,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:58:03,883 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,885 INFO L290 TraceCheckUtils]: 0: Hoare triple {8572#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,885 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,885 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,885 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1147#return; {8509#false} is VALID [2022-02-20 17:58:03,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:58:03,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,887 INFO L290 TraceCheckUtils]: 0: Hoare triple {8508#true} ~handle := #in~handle;havoc ~retValue_acc~12; {8508#true} is VALID [2022-02-20 17:58:03,887 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {8508#true} is VALID [2022-02-20 17:58:03,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,887 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1149#return; {8509#false} is VALID [2022-02-20 17:58:03,887 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:58:03,888 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,889 INFO L290 TraceCheckUtils]: 0: Hoare triple {8508#true} ~handle := #in~handle;havoc ~retValue_acc~7; {8508#true} is VALID [2022-02-20 17:58:03,890 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {8508#true} is VALID [2022-02-20 17:58:03,890 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,890 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1151#return; {8509#false} is VALID [2022-02-20 17:58:03,890 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 17:58:03,891 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,892 INFO L290 TraceCheckUtils]: 0: Hoare triple {8508#true} ~handle := #in~handle;havoc ~retValue_acc~6; {8508#true} is VALID [2022-02-20 17:58:03,892 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {8508#true} is VALID [2022-02-20 17:58:03,892 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,892 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8508#true} {8509#false} #1153#return; {8509#false} is VALID [2022-02-20 17:58:03,892 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:58:03,893 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:03,894 INFO L290 TraceCheckUtils]: 0: Hoare triple {8508#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {8508#true} is VALID [2022-02-20 17:58:03,894 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume 1 == ~handle; {8508#true} is VALID [2022-02-20 17:58:03,894 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {8508#true} is VALID [2022-02-20 17:58:03,895 INFO L290 TraceCheckUtils]: 3: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,895 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8508#true} {8509#false} #1155#return; {8509#false} is VALID [2022-02-20 17:58:03,895 INFO L290 TraceCheckUtils]: 0: Hoare triple {8508#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8508#true} is VALID [2022-02-20 17:58:03,895 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {8508#true} is VALID [2022-02-20 17:58:03,895 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8508#true} is VALID [2022-02-20 17:58:03,895 INFO L290 TraceCheckUtils]: 3: Hoare triple {8508#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {8508#true} is VALID [2022-02-20 17:58:03,895 INFO L290 TraceCheckUtils]: 4: Hoare triple {8508#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {8508#true} is VALID [2022-02-20 17:58:03,895 INFO L290 TraceCheckUtils]: 5: Hoare triple {8508#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8508#true} is VALID [2022-02-20 17:58:03,896 INFO L272 TraceCheckUtils]: 6: Hoare triple {8508#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8568#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:03,896 INFO L290 TraceCheckUtils]: 7: Hoare triple {8568#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,896 INFO L290 TraceCheckUtils]: 8: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,896 INFO L290 TraceCheckUtils]: 9: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,896 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8508#true} {8508#true} #1181#return; {8508#true} is VALID [2022-02-20 17:58:03,897 INFO L290 TraceCheckUtils]: 11: Hoare triple {8508#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8508#true} is VALID [2022-02-20 17:58:03,897 INFO L272 TraceCheckUtils]: 12: Hoare triple {8508#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8569#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:03,897 INFO L290 TraceCheckUtils]: 13: Hoare triple {8569#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,897 INFO L290 TraceCheckUtils]: 14: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,897 INFO L290 TraceCheckUtils]: 15: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,898 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8508#true} {8508#true} #1183#return; {8508#true} is VALID [2022-02-20 17:58:03,898 INFO L290 TraceCheckUtils]: 17: Hoare triple {8508#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8518#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:03,899 INFO L272 TraceCheckUtils]: 18: Hoare triple {8518#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8568#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:03,899 INFO L290 TraceCheckUtils]: 19: Hoare triple {8568#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8570#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:03,899 INFO L290 TraceCheckUtils]: 20: Hoare triple {8570#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8571#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:03,899 INFO L290 TraceCheckUtils]: 21: Hoare triple {8571#(= |setClientId_#in~handle| 1)} assume true; {8571#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:03,900 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8571#(= |setClientId_#in~handle| 1)} {8518#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1185#return; {8509#false} is VALID [2022-02-20 17:58:03,900 INFO L290 TraceCheckUtils]: 23: Hoare triple {8509#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8509#false} is VALID [2022-02-20 17:58:03,900 INFO L272 TraceCheckUtils]: 24: Hoare triple {8509#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8569#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:03,900 INFO L290 TraceCheckUtils]: 25: Hoare triple {8569#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,900 INFO L290 TraceCheckUtils]: 26: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,900 INFO L290 TraceCheckUtils]: 27: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,901 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8508#true} {8509#false} #1187#return; {8509#false} is VALID [2022-02-20 17:58:03,901 INFO L290 TraceCheckUtils]: 29: Hoare triple {8509#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8509#false} is VALID [2022-02-20 17:58:03,901 INFO L272 TraceCheckUtils]: 30: Hoare triple {8509#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8568#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:03,901 INFO L290 TraceCheckUtils]: 31: Hoare triple {8568#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,901 INFO L290 TraceCheckUtils]: 32: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,901 INFO L290 TraceCheckUtils]: 33: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,901 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8508#true} {8509#false} #1189#return; {8509#false} is VALID [2022-02-20 17:58:03,901 INFO L290 TraceCheckUtils]: 35: Hoare triple {8509#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8509#false} is VALID [2022-02-20 17:58:03,901 INFO L272 TraceCheckUtils]: 36: Hoare triple {8509#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8569#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:03,902 INFO L290 TraceCheckUtils]: 37: Hoare triple {8569#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,902 INFO L290 TraceCheckUtils]: 38: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,902 INFO L290 TraceCheckUtils]: 39: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,902 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8508#true} {8509#false} #1191#return; {8509#false} is VALID [2022-02-20 17:58:03,902 INFO L290 TraceCheckUtils]: 41: Hoare triple {8509#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {8509#false} is VALID [2022-02-20 17:58:03,902 INFO L290 TraceCheckUtils]: 42: Hoare triple {8509#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8509#false} is VALID [2022-02-20 17:58:03,902 INFO L290 TraceCheckUtils]: 43: Hoare triple {8509#false} assume !false; {8509#false} is VALID [2022-02-20 17:58:03,902 INFO L290 TraceCheckUtils]: 44: Hoare triple {8509#false} assume test_~splverifierCounter~0#1 < 4; {8509#false} is VALID [2022-02-20 17:58:03,903 INFO L290 TraceCheckUtils]: 45: Hoare triple {8509#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8509#false} is VALID [2022-02-20 17:58:03,903 INFO L290 TraceCheckUtils]: 46: Hoare triple {8509#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {8509#false} is VALID [2022-02-20 17:58:03,903 INFO L290 TraceCheckUtils]: 47: Hoare triple {8509#false} assume !(0 != test_~tmp___9~0#1); {8509#false} is VALID [2022-02-20 17:58:03,903 INFO L290 TraceCheckUtils]: 48: Hoare triple {8509#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {8509#false} is VALID [2022-02-20 17:58:03,913 INFO L290 TraceCheckUtils]: 49: Hoare triple {8509#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8509#false} is VALID [2022-02-20 17:58:03,913 INFO L290 TraceCheckUtils]: 50: Hoare triple {8509#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8509#false} is VALID [2022-02-20 17:58:03,913 INFO L290 TraceCheckUtils]: 51: Hoare triple {8509#false} assume { :end_inline_setClientAutoResponse } true; {8509#false} is VALID [2022-02-20 17:58:03,913 INFO L290 TraceCheckUtils]: 52: Hoare triple {8509#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8509#false} is VALID [2022-02-20 17:58:03,913 INFO L290 TraceCheckUtils]: 53: Hoare triple {8509#false} assume !false; {8509#false} is VALID [2022-02-20 17:58:03,913 INFO L290 TraceCheckUtils]: 54: Hoare triple {8509#false} assume !(test_~splverifierCounter~0#1 < 4); {8509#false} is VALID [2022-02-20 17:58:03,913 INFO L290 TraceCheckUtils]: 55: Hoare triple {8509#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {8509#false} is VALID [2022-02-20 17:58:03,914 INFO L272 TraceCheckUtils]: 56: Hoare triple {8509#false} call sendEmail(~bob~0, ~rjh~0); {8509#false} is VALID [2022-02-20 17:58:03,914 INFO L290 TraceCheckUtils]: 57: Hoare triple {8509#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8509#false} is VALID [2022-02-20 17:58:03,914 INFO L272 TraceCheckUtils]: 58: Hoare triple {8509#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8572#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:03,914 INFO L290 TraceCheckUtils]: 59: Hoare triple {8572#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,914 INFO L290 TraceCheckUtils]: 60: Hoare triple {8508#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,914 INFO L290 TraceCheckUtils]: 61: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,914 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8508#true} {8509#false} #1133#return; {8509#false} is VALID [2022-02-20 17:58:03,914 INFO L272 TraceCheckUtils]: 63: Hoare triple {8509#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8573#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:03,915 INFO L290 TraceCheckUtils]: 64: Hoare triple {8573#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,915 INFO L290 TraceCheckUtils]: 65: Hoare triple {8508#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,915 INFO L290 TraceCheckUtils]: 66: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,915 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8508#true} {8509#false} #1135#return; {8509#false} is VALID [2022-02-20 17:58:03,915 INFO L290 TraceCheckUtils]: 68: Hoare triple {8509#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {8509#false} is VALID [2022-02-20 17:58:03,915 INFO L290 TraceCheckUtils]: 69: Hoare triple {8509#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {8509#false} is VALID [2022-02-20 17:58:03,915 INFO L272 TraceCheckUtils]: 70: Hoare triple {8509#false} call outgoing(~sender#1, ~email~0#1); {8509#false} is VALID [2022-02-20 17:58:03,915 INFO L290 TraceCheckUtils]: 71: Hoare triple {8509#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {8509#false} is VALID [2022-02-20 17:58:03,916 INFO L290 TraceCheckUtils]: 72: Hoare triple {8509#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {8509#false} is VALID [2022-02-20 17:58:03,916 INFO L290 TraceCheckUtils]: 73: Hoare triple {8509#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {8509#false} is VALID [2022-02-20 17:58:03,916 INFO L290 TraceCheckUtils]: 74: Hoare triple {8509#false} assume 0 == sign_~privkey~0#1; {8509#false} is VALID [2022-02-20 17:58:03,916 INFO L290 TraceCheckUtils]: 75: Hoare triple {8509#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {8509#false} is VALID [2022-02-20 17:58:03,916 INFO L272 TraceCheckUtils]: 76: Hoare triple {8509#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {8508#true} is VALID [2022-02-20 17:58:03,916 INFO L290 TraceCheckUtils]: 77: Hoare triple {8508#true} ~handle := #in~handle;havoc ~retValue_acc~29; {8508#true} is VALID [2022-02-20 17:58:03,916 INFO L290 TraceCheckUtils]: 78: Hoare triple {8508#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {8508#true} is VALID [2022-02-20 17:58:03,916 INFO L290 TraceCheckUtils]: 79: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,916 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {8508#true} {8509#false} #1115#return; {8509#false} is VALID [2022-02-20 17:58:03,917 INFO L290 TraceCheckUtils]: 81: Hoare triple {8509#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {8509#false} is VALID [2022-02-20 17:58:03,917 INFO L290 TraceCheckUtils]: 82: Hoare triple {8509#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {8509#false} is VALID [2022-02-20 17:58:03,917 INFO L272 TraceCheckUtils]: 83: Hoare triple {8509#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {8509#false} is VALID [2022-02-20 17:58:03,917 INFO L290 TraceCheckUtils]: 84: Hoare triple {8509#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {8509#false} is VALID [2022-02-20 17:58:03,917 INFO L290 TraceCheckUtils]: 85: Hoare triple {8509#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {8509#false} is VALID [2022-02-20 17:58:03,917 INFO L290 TraceCheckUtils]: 86: Hoare triple {8509#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {8509#false} is VALID [2022-02-20 17:58:03,917 INFO L272 TraceCheckUtils]: 87: Hoare triple {8509#false} call setEmailFrom(~msg#1, ~tmp~12#1); {8572#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:03,917 INFO L290 TraceCheckUtils]: 88: Hoare triple {8572#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:03,918 INFO L290 TraceCheckUtils]: 89: Hoare triple {8508#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:03,918 INFO L290 TraceCheckUtils]: 90: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,918 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {8508#true} {8509#false} #1147#return; {8509#false} is VALID [2022-02-20 17:58:03,918 INFO L290 TraceCheckUtils]: 92: Hoare triple {8509#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {8509#false} is VALID [2022-02-20 17:58:03,918 INFO L272 TraceCheckUtils]: 93: Hoare triple {8509#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {8508#true} is VALID [2022-02-20 17:58:03,918 INFO L290 TraceCheckUtils]: 94: Hoare triple {8508#true} ~handle := #in~handle;havoc ~retValue_acc~12; {8508#true} is VALID [2022-02-20 17:58:03,918 INFO L290 TraceCheckUtils]: 95: Hoare triple {8508#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {8508#true} is VALID [2022-02-20 17:58:03,918 INFO L290 TraceCheckUtils]: 96: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,919 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8508#true} {8509#false} #1149#return; {8509#false} is VALID [2022-02-20 17:58:03,919 INFO L290 TraceCheckUtils]: 98: Hoare triple {8509#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {8509#false} is VALID [2022-02-20 17:58:03,919 INFO L290 TraceCheckUtils]: 99: Hoare triple {8509#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {8509#false} is VALID [2022-02-20 17:58:03,919 INFO L272 TraceCheckUtils]: 100: Hoare triple {8509#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {8508#true} is VALID [2022-02-20 17:58:03,919 INFO L290 TraceCheckUtils]: 101: Hoare triple {8508#true} ~handle := #in~handle;havoc ~retValue_acc~7; {8508#true} is VALID [2022-02-20 17:58:03,919 INFO L290 TraceCheckUtils]: 102: Hoare triple {8508#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {8508#true} is VALID [2022-02-20 17:58:03,919 INFO L290 TraceCheckUtils]: 103: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,919 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {8508#true} {8509#false} #1151#return; {8509#false} is VALID [2022-02-20 17:58:03,920 INFO L290 TraceCheckUtils]: 105: Hoare triple {8509#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {8509#false} is VALID [2022-02-20 17:58:03,920 INFO L290 TraceCheckUtils]: 106: Hoare triple {8509#false} assume 1 == ~sent_signed~0; {8509#false} is VALID [2022-02-20 17:58:03,920 INFO L272 TraceCheckUtils]: 107: Hoare triple {8509#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {8508#true} is VALID [2022-02-20 17:58:03,920 INFO L290 TraceCheckUtils]: 108: Hoare triple {8508#true} ~handle := #in~handle;havoc ~retValue_acc~6; {8508#true} is VALID [2022-02-20 17:58:03,920 INFO L290 TraceCheckUtils]: 109: Hoare triple {8508#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {8508#true} is VALID [2022-02-20 17:58:03,920 INFO L290 TraceCheckUtils]: 110: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,920 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {8508#true} {8509#false} #1153#return; {8509#false} is VALID [2022-02-20 17:58:03,920 INFO L290 TraceCheckUtils]: 112: Hoare triple {8509#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {8509#false} is VALID [2022-02-20 17:58:03,920 INFO L272 TraceCheckUtils]: 113: Hoare triple {8509#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {8508#true} is VALID [2022-02-20 17:58:03,921 INFO L290 TraceCheckUtils]: 114: Hoare triple {8508#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {8508#true} is VALID [2022-02-20 17:58:03,921 INFO L290 TraceCheckUtils]: 115: Hoare triple {8508#true} assume 1 == ~handle; {8508#true} is VALID [2022-02-20 17:58:03,921 INFO L290 TraceCheckUtils]: 116: Hoare triple {8508#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {8508#true} is VALID [2022-02-20 17:58:03,921 INFO L290 TraceCheckUtils]: 117: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:03,921 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {8508#true} {8509#false} #1155#return; {8509#false} is VALID [2022-02-20 17:58:03,921 INFO L290 TraceCheckUtils]: 119: Hoare triple {8509#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {8509#false} is VALID [2022-02-20 17:58:03,921 INFO L290 TraceCheckUtils]: 120: Hoare triple {8509#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {8509#false} is VALID [2022-02-20 17:58:03,921 INFO L272 TraceCheckUtils]: 121: Hoare triple {8509#false} call __automaton_fail(); {8509#false} is VALID [2022-02-20 17:58:03,922 INFO L290 TraceCheckUtils]: 122: Hoare triple {8509#false} assume !false; {8509#false} is VALID [2022-02-20 17:58:03,922 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:58:03,922 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:03,924 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1296581203] [2022-02-20 17:58:03,925 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1296581203] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:03,925 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [806949040] [2022-02-20 17:58:03,925 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:03,925 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:03,925 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:03,926 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:03,947 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:58:04,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:04,183 INFO L263 TraceCheckSpWp]: Trace formula consists of 1178 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:58:04,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:04,220 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:04,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {8508#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8508#true} is VALID [2022-02-20 17:58:04,461 INFO L290 TraceCheckUtils]: 1: Hoare triple {8508#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {8508#true} is VALID [2022-02-20 17:58:04,461 INFO L290 TraceCheckUtils]: 2: Hoare triple {8508#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8508#true} is VALID [2022-02-20 17:58:04,461 INFO L290 TraceCheckUtils]: 3: Hoare triple {8508#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {8508#true} is VALID [2022-02-20 17:58:04,462 INFO L290 TraceCheckUtils]: 4: Hoare triple {8508#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {8508#true} is VALID [2022-02-20 17:58:04,462 INFO L290 TraceCheckUtils]: 5: Hoare triple {8508#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8508#true} is VALID [2022-02-20 17:58:04,462 INFO L272 TraceCheckUtils]: 6: Hoare triple {8508#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8508#true} is VALID [2022-02-20 17:58:04,462 INFO L290 TraceCheckUtils]: 7: Hoare triple {8508#true} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:04,462 INFO L290 TraceCheckUtils]: 8: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:04,462 INFO L290 TraceCheckUtils]: 9: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:04,462 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8508#true} {8508#true} #1181#return; {8508#true} is VALID [2022-02-20 17:58:04,462 INFO L290 TraceCheckUtils]: 11: Hoare triple {8508#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8508#true} is VALID [2022-02-20 17:58:04,463 INFO L272 TraceCheckUtils]: 12: Hoare triple {8508#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8508#true} is VALID [2022-02-20 17:58:04,463 INFO L290 TraceCheckUtils]: 13: Hoare triple {8508#true} ~handle := #in~handle;~value := #in~value; {8508#true} is VALID [2022-02-20 17:58:04,463 INFO L290 TraceCheckUtils]: 14: Hoare triple {8508#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8508#true} is VALID [2022-02-20 17:58:04,463 INFO L290 TraceCheckUtils]: 15: Hoare triple {8508#true} assume true; {8508#true} is VALID [2022-02-20 17:58:04,463 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8508#true} {8508#true} #1183#return; {8508#true} is VALID [2022-02-20 17:58:04,464 INFO L290 TraceCheckUtils]: 17: Hoare triple {8508#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8628#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:04,464 INFO L272 TraceCheckUtils]: 18: Hoare triple {8628#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8508#true} is VALID [2022-02-20 17:58:04,464 INFO L290 TraceCheckUtils]: 19: Hoare triple {8508#true} ~handle := #in~handle;~value := #in~value; {8635#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:58:04,467 INFO L290 TraceCheckUtils]: 20: Hoare triple {8635#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8639#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:04,467 INFO L290 TraceCheckUtils]: 21: Hoare triple {8639#(<= |setClientId_#in~handle| 1)} assume true; {8639#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:04,467 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8639#(<= |setClientId_#in~handle| 1)} {8628#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1185#return; {8509#false} is VALID [2022-02-20 17:58:04,468 INFO L290 TraceCheckUtils]: 23: Hoare triple {8509#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8509#false} is VALID [2022-02-20 17:58:04,468 INFO L272 TraceCheckUtils]: 24: Hoare triple {8509#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8509#false} is VALID [2022-02-20 17:58:04,468 INFO L290 TraceCheckUtils]: 25: Hoare triple {8509#false} ~handle := #in~handle;~value := #in~value; {8509#false} is VALID [2022-02-20 17:58:04,468 INFO L290 TraceCheckUtils]: 26: Hoare triple {8509#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8509#false} is VALID [2022-02-20 17:58:04,468 INFO L290 TraceCheckUtils]: 27: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,468 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8509#false} {8509#false} #1187#return; {8509#false} is VALID [2022-02-20 17:58:04,468 INFO L290 TraceCheckUtils]: 29: Hoare triple {8509#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8509#false} is VALID [2022-02-20 17:58:04,468 INFO L272 TraceCheckUtils]: 30: Hoare triple {8509#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8509#false} is VALID [2022-02-20 17:58:04,469 INFO L290 TraceCheckUtils]: 31: Hoare triple {8509#false} ~handle := #in~handle;~value := #in~value; {8509#false} is VALID [2022-02-20 17:58:04,469 INFO L290 TraceCheckUtils]: 32: Hoare triple {8509#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8509#false} is VALID [2022-02-20 17:58:04,469 INFO L290 TraceCheckUtils]: 33: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,469 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8509#false} {8509#false} #1189#return; {8509#false} is VALID [2022-02-20 17:58:04,469 INFO L290 TraceCheckUtils]: 35: Hoare triple {8509#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8509#false} is VALID [2022-02-20 17:58:04,469 INFO L272 TraceCheckUtils]: 36: Hoare triple {8509#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8509#false} is VALID [2022-02-20 17:58:04,469 INFO L290 TraceCheckUtils]: 37: Hoare triple {8509#false} ~handle := #in~handle;~value := #in~value; {8509#false} is VALID [2022-02-20 17:58:04,469 INFO L290 TraceCheckUtils]: 38: Hoare triple {8509#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8509#false} is VALID [2022-02-20 17:58:04,470 INFO L290 TraceCheckUtils]: 39: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,470 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8509#false} {8509#false} #1191#return; {8509#false} is VALID [2022-02-20 17:58:04,470 INFO L290 TraceCheckUtils]: 41: Hoare triple {8509#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {8509#false} is VALID [2022-02-20 17:58:04,470 INFO L290 TraceCheckUtils]: 42: Hoare triple {8509#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8509#false} is VALID [2022-02-20 17:58:04,470 INFO L290 TraceCheckUtils]: 43: Hoare triple {8509#false} assume !false; {8509#false} is VALID [2022-02-20 17:58:04,470 INFO L290 TraceCheckUtils]: 44: Hoare triple {8509#false} assume test_~splverifierCounter~0#1 < 4; {8509#false} is VALID [2022-02-20 17:58:04,470 INFO L290 TraceCheckUtils]: 45: Hoare triple {8509#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8509#false} is VALID [2022-02-20 17:58:04,470 INFO L290 TraceCheckUtils]: 46: Hoare triple {8509#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {8509#false} is VALID [2022-02-20 17:58:04,471 INFO L290 TraceCheckUtils]: 47: Hoare triple {8509#false} assume !(0 != test_~tmp___9~0#1); {8509#false} is VALID [2022-02-20 17:58:04,471 INFO L290 TraceCheckUtils]: 48: Hoare triple {8509#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {8509#false} is VALID [2022-02-20 17:58:04,471 INFO L290 TraceCheckUtils]: 49: Hoare triple {8509#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8509#false} is VALID [2022-02-20 17:58:04,471 INFO L290 TraceCheckUtils]: 50: Hoare triple {8509#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8509#false} is VALID [2022-02-20 17:58:04,471 INFO L290 TraceCheckUtils]: 51: Hoare triple {8509#false} assume { :end_inline_setClientAutoResponse } true; {8509#false} is VALID [2022-02-20 17:58:04,471 INFO L290 TraceCheckUtils]: 52: Hoare triple {8509#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8509#false} is VALID [2022-02-20 17:58:04,471 INFO L290 TraceCheckUtils]: 53: Hoare triple {8509#false} assume !false; {8509#false} is VALID [2022-02-20 17:58:04,471 INFO L290 TraceCheckUtils]: 54: Hoare triple {8509#false} assume !(test_~splverifierCounter~0#1 < 4); {8509#false} is VALID [2022-02-20 17:58:04,472 INFO L290 TraceCheckUtils]: 55: Hoare triple {8509#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {8509#false} is VALID [2022-02-20 17:58:04,472 INFO L272 TraceCheckUtils]: 56: Hoare triple {8509#false} call sendEmail(~bob~0, ~rjh~0); {8509#false} is VALID [2022-02-20 17:58:04,472 INFO L290 TraceCheckUtils]: 57: Hoare triple {8509#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8509#false} is VALID [2022-02-20 17:58:04,472 INFO L272 TraceCheckUtils]: 58: Hoare triple {8509#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8509#false} is VALID [2022-02-20 17:58:04,472 INFO L290 TraceCheckUtils]: 59: Hoare triple {8509#false} ~handle := #in~handle;~value := #in~value; {8509#false} is VALID [2022-02-20 17:58:04,472 INFO L290 TraceCheckUtils]: 60: Hoare triple {8509#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8509#false} is VALID [2022-02-20 17:58:04,472 INFO L290 TraceCheckUtils]: 61: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,472 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8509#false} {8509#false} #1133#return; {8509#false} is VALID [2022-02-20 17:58:04,473 INFO L272 TraceCheckUtils]: 63: Hoare triple {8509#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8509#false} is VALID [2022-02-20 17:58:04,473 INFO L290 TraceCheckUtils]: 64: Hoare triple {8509#false} ~handle := #in~handle;~value := #in~value; {8509#false} is VALID [2022-02-20 17:58:04,473 INFO L290 TraceCheckUtils]: 65: Hoare triple {8509#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8509#false} is VALID [2022-02-20 17:58:04,473 INFO L290 TraceCheckUtils]: 66: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,473 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8509#false} {8509#false} #1135#return; {8509#false} is VALID [2022-02-20 17:58:04,473 INFO L290 TraceCheckUtils]: 68: Hoare triple {8509#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {8509#false} is VALID [2022-02-20 17:58:04,473 INFO L290 TraceCheckUtils]: 69: Hoare triple {8509#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {8509#false} is VALID [2022-02-20 17:58:04,473 INFO L272 TraceCheckUtils]: 70: Hoare triple {8509#false} call outgoing(~sender#1, ~email~0#1); {8509#false} is VALID [2022-02-20 17:58:04,474 INFO L290 TraceCheckUtils]: 71: Hoare triple {8509#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {8509#false} is VALID [2022-02-20 17:58:04,474 INFO L290 TraceCheckUtils]: 72: Hoare triple {8509#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {8509#false} is VALID [2022-02-20 17:58:04,474 INFO L290 TraceCheckUtils]: 73: Hoare triple {8509#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {8509#false} is VALID [2022-02-20 17:58:04,474 INFO L290 TraceCheckUtils]: 74: Hoare triple {8509#false} assume 0 == sign_~privkey~0#1; {8509#false} is VALID [2022-02-20 17:58:04,474 INFO L290 TraceCheckUtils]: 75: Hoare triple {8509#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {8509#false} is VALID [2022-02-20 17:58:04,474 INFO L272 TraceCheckUtils]: 76: Hoare triple {8509#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {8509#false} is VALID [2022-02-20 17:58:04,474 INFO L290 TraceCheckUtils]: 77: Hoare triple {8509#false} ~handle := #in~handle;havoc ~retValue_acc~29; {8509#false} is VALID [2022-02-20 17:58:04,474 INFO L290 TraceCheckUtils]: 78: Hoare triple {8509#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {8509#false} is VALID [2022-02-20 17:58:04,475 INFO L290 TraceCheckUtils]: 79: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,475 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {8509#false} {8509#false} #1115#return; {8509#false} is VALID [2022-02-20 17:58:04,475 INFO L290 TraceCheckUtils]: 81: Hoare triple {8509#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {8509#false} is VALID [2022-02-20 17:58:04,475 INFO L290 TraceCheckUtils]: 82: Hoare triple {8509#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {8509#false} is VALID [2022-02-20 17:58:04,475 INFO L272 TraceCheckUtils]: 83: Hoare triple {8509#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {8509#false} is VALID [2022-02-20 17:58:04,475 INFO L290 TraceCheckUtils]: 84: Hoare triple {8509#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {8509#false} is VALID [2022-02-20 17:58:04,475 INFO L290 TraceCheckUtils]: 85: Hoare triple {8509#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {8509#false} is VALID [2022-02-20 17:58:04,476 INFO L290 TraceCheckUtils]: 86: Hoare triple {8509#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {8509#false} is VALID [2022-02-20 17:58:04,476 INFO L272 TraceCheckUtils]: 87: Hoare triple {8509#false} call setEmailFrom(~msg#1, ~tmp~12#1); {8509#false} is VALID [2022-02-20 17:58:04,476 INFO L290 TraceCheckUtils]: 88: Hoare triple {8509#false} ~handle := #in~handle;~value := #in~value; {8509#false} is VALID [2022-02-20 17:58:04,476 INFO L290 TraceCheckUtils]: 89: Hoare triple {8509#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8509#false} is VALID [2022-02-20 17:58:04,476 INFO L290 TraceCheckUtils]: 90: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,476 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {8509#false} {8509#false} #1147#return; {8509#false} is VALID [2022-02-20 17:58:04,476 INFO L290 TraceCheckUtils]: 92: Hoare triple {8509#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {8509#false} is VALID [2022-02-20 17:58:04,476 INFO L272 TraceCheckUtils]: 93: Hoare triple {8509#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {8509#false} is VALID [2022-02-20 17:58:04,477 INFO L290 TraceCheckUtils]: 94: Hoare triple {8509#false} ~handle := #in~handle;havoc ~retValue_acc~12; {8509#false} is VALID [2022-02-20 17:58:04,477 INFO L290 TraceCheckUtils]: 95: Hoare triple {8509#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {8509#false} is VALID [2022-02-20 17:58:04,477 INFO L290 TraceCheckUtils]: 96: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,477 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {8509#false} {8509#false} #1149#return; {8509#false} is VALID [2022-02-20 17:58:04,477 INFO L290 TraceCheckUtils]: 98: Hoare triple {8509#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {8509#false} is VALID [2022-02-20 17:58:04,477 INFO L290 TraceCheckUtils]: 99: Hoare triple {8509#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {8509#false} is VALID [2022-02-20 17:58:04,477 INFO L272 TraceCheckUtils]: 100: Hoare triple {8509#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {8509#false} is VALID [2022-02-20 17:58:04,477 INFO L290 TraceCheckUtils]: 101: Hoare triple {8509#false} ~handle := #in~handle;havoc ~retValue_acc~7; {8509#false} is VALID [2022-02-20 17:58:04,478 INFO L290 TraceCheckUtils]: 102: Hoare triple {8509#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {8509#false} is VALID [2022-02-20 17:58:04,478 INFO L290 TraceCheckUtils]: 103: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,478 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {8509#false} {8509#false} #1151#return; {8509#false} is VALID [2022-02-20 17:58:04,478 INFO L290 TraceCheckUtils]: 105: Hoare triple {8509#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {8509#false} is VALID [2022-02-20 17:58:04,478 INFO L290 TraceCheckUtils]: 106: Hoare triple {8509#false} assume 1 == ~sent_signed~0; {8509#false} is VALID [2022-02-20 17:58:04,478 INFO L272 TraceCheckUtils]: 107: Hoare triple {8509#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {8509#false} is VALID [2022-02-20 17:58:04,478 INFO L290 TraceCheckUtils]: 108: Hoare triple {8509#false} ~handle := #in~handle;havoc ~retValue_acc~6; {8509#false} is VALID [2022-02-20 17:58:04,478 INFO L290 TraceCheckUtils]: 109: Hoare triple {8509#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {8509#false} is VALID [2022-02-20 17:58:04,479 INFO L290 TraceCheckUtils]: 110: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,479 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {8509#false} {8509#false} #1153#return; {8509#false} is VALID [2022-02-20 17:58:04,479 INFO L290 TraceCheckUtils]: 112: Hoare triple {8509#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {8509#false} is VALID [2022-02-20 17:58:04,479 INFO L272 TraceCheckUtils]: 113: Hoare triple {8509#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {8509#false} is VALID [2022-02-20 17:58:04,479 INFO L290 TraceCheckUtils]: 114: Hoare triple {8509#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {8509#false} is VALID [2022-02-20 17:58:04,479 INFO L290 TraceCheckUtils]: 115: Hoare triple {8509#false} assume 1 == ~handle; {8509#false} is VALID [2022-02-20 17:58:04,479 INFO L290 TraceCheckUtils]: 116: Hoare triple {8509#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {8509#false} is VALID [2022-02-20 17:58:04,479 INFO L290 TraceCheckUtils]: 117: Hoare triple {8509#false} assume true; {8509#false} is VALID [2022-02-20 17:58:04,480 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {8509#false} {8509#false} #1155#return; {8509#false} is VALID [2022-02-20 17:58:04,480 INFO L290 TraceCheckUtils]: 119: Hoare triple {8509#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {8509#false} is VALID [2022-02-20 17:58:04,480 INFO L290 TraceCheckUtils]: 120: Hoare triple {8509#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {8509#false} is VALID [2022-02-20 17:58:04,480 INFO L272 TraceCheckUtils]: 121: Hoare triple {8509#false} call __automaton_fail(); {8509#false} is VALID [2022-02-20 17:58:04,480 INFO L290 TraceCheckUtils]: 122: Hoare triple {8509#false} assume !false; {8509#false} is VALID [2022-02-20 17:58:04,480 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:58:04,480 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:04,481 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [806949040] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:04,481 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:04,481 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:58:04,481 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2006931270] [2022-02-20 17:58:04,481 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:04,482 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 123 [2022-02-20 17:58:04,482 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:04,482 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:04,553 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 116 edges. 116 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:04,553 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:04,553 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:04,553 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:04,553 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:04,554 INFO L87 Difference]: Start difference. First operand 445 states and 691 transitions. Second operand has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:05,501 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:05,501 INFO L93 Difference]: Finished difference Result 881 states and 1372 transitions. [2022-02-20 17:58:05,501 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:58:05,502 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 123 [2022-02-20 17:58:05,502 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:05,502 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:05,509 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1134 transitions. [2022-02-20 17:58:05,510 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:05,517 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1134 transitions. [2022-02-20 17:58:05,517 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1134 transitions. [2022-02-20 17:58:06,185 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1134 edges. 1134 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:06,196 INFO L225 Difference]: With dead ends: 881 [2022-02-20 17:58:06,197 INFO L226 Difference]: Without dead ends: 447 [2022-02-20 17:58:06,198 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 155 GetRequests, 144 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:58:06,198 INFO L933 BasicCegarLoop]: 563 mSDtfsCounter, 152 mSDsluCounter, 1515 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 175 SdHoareTripleChecker+Valid, 2078 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:06,198 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [175 Valid, 2078 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:06,199 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 447 states. [2022-02-20 17:58:06,244 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 447 to 447. [2022-02-20 17:58:06,244 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:06,245 INFO L82 GeneralOperation]: Start isEquivalent. First operand 447 states. Second operand has 447 states, 350 states have (on average 1.5742857142857143) internal successors, (551), 354 states have internal predecessors, (551), 72 states have call successors, (72), 24 states have call predecessors, (72), 24 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) [2022-02-20 17:58:06,246 INFO L74 IsIncluded]: Start isIncluded. First operand 447 states. Second operand has 447 states, 350 states have (on average 1.5742857142857143) internal successors, (551), 354 states have internal predecessors, (551), 72 states have call successors, (72), 24 states have call predecessors, (72), 24 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) [2022-02-20 17:58:06,247 INFO L87 Difference]: Start difference. First operand 447 states. Second operand has 447 states, 350 states have (on average 1.5742857142857143) internal successors, (551), 354 states have internal predecessors, (551), 72 states have call successors, (72), 24 states have call predecessors, (72), 24 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) [2022-02-20 17:58:06,257 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:06,257 INFO L93 Difference]: Finished difference Result 447 states and 694 transitions. [2022-02-20 17:58:06,258 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 694 transitions. [2022-02-20 17:58:06,259 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:06,259 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:06,260 INFO L74 IsIncluded]: Start isIncluded. First operand has 447 states, 350 states have (on average 1.5742857142857143) internal successors, (551), 354 states have internal predecessors, (551), 72 states have call successors, (72), 24 states have call predecessors, (72), 24 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) Second operand 447 states. [2022-02-20 17:58:06,260 INFO L87 Difference]: Start difference. First operand has 447 states, 350 states have (on average 1.5742857142857143) internal successors, (551), 354 states have internal predecessors, (551), 72 states have call successors, (72), 24 states have call predecessors, (72), 24 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) Second operand 447 states. [2022-02-20 17:58:06,272 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:06,272 INFO L93 Difference]: Finished difference Result 447 states and 694 transitions. [2022-02-20 17:58:06,272 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 694 transitions. [2022-02-20 17:58:06,273 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:06,273 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:06,274 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:06,274 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:06,275 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 447 states, 350 states have (on average 1.5742857142857143) internal successors, (551), 354 states have internal predecessors, (551), 72 states have call successors, (72), 24 states have call predecessors, (72), 24 states have return successors, (71), 68 states have call predecessors, (71), 69 states have call successors, (71) [2022-02-20 17:58:06,289 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 447 states to 447 states and 694 transitions. [2022-02-20 17:58:06,289 INFO L78 Accepts]: Start accepts. Automaton has 447 states and 694 transitions. Word has length 123 [2022-02-20 17:58:06,289 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:06,290 INFO L470 AbstractCegarLoop]: Abstraction has 447 states and 694 transitions. [2022-02-20 17:58:06,290 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:06,290 INFO L276 IsEmpty]: Start isEmpty. Operand 447 states and 694 transitions. [2022-02-20 17:58:06,292 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 125 [2022-02-20 17:58:06,292 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:06,293 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:06,335 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2022-02-20 17:58:06,503 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:06,503 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:06,504 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:06,504 INFO L85 PathProgramCache]: Analyzing trace with hash -351120382, now seen corresponding path program 1 times [2022-02-20 17:58:06,504 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:06,504 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1867534770] [2022-02-20 17:58:06,504 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:06,504 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:06,535 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,572 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:06,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,575 INFO L290 TraceCheckUtils]: 0: Hoare triple {11748#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,575 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,575 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,575 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11686#true} #1181#return; {11686#true} is VALID [2022-02-20 17:58:06,581 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:06,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,584 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,584 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,584 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,585 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11686#true} #1183#return; {11686#true} is VALID [2022-02-20 17:58:06,585 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:06,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,599 INFO L290 TraceCheckUtils]: 0: Hoare triple {11748#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11750#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:06,599 INFO L290 TraceCheckUtils]: 1: Hoare triple {11750#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11750#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:06,599 INFO L290 TraceCheckUtils]: 2: Hoare triple {11750#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11751#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:06,600 INFO L290 TraceCheckUtils]: 3: Hoare triple {11751#(= 2 |setClientId_#in~handle|)} assume true; {11751#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:06,600 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11751#(= 2 |setClientId_#in~handle|)} {11696#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1185#return; {11702#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:06,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:06,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11752#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:06,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {11752#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11753#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:06,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {11753#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11753#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:06,617 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11753#(= |setClientPrivateKey_#in~handle| 1)} {11702#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1187#return; {11687#false} is VALID [2022-02-20 17:58:06,618 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:58:06,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,621 INFO L290 TraceCheckUtils]: 0: Hoare triple {11748#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,621 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,621 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,621 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11687#false} #1189#return; {11687#false} is VALID [2022-02-20 17:58:06,622 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:58:06,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,625 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,625 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,625 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,625 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11687#false} #1191#return; {11687#false} is VALID [2022-02-20 17:58:06,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:58:06,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,635 INFO L290 TraceCheckUtils]: 0: Hoare triple {11754#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,636 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11687#false} #1133#return; {11687#false} is VALID [2022-02-20 17:58:06,643 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:58:06,644 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,646 INFO L290 TraceCheckUtils]: 0: Hoare triple {11755#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,647 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,647 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,647 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11687#false} #1135#return; {11687#false} is VALID [2022-02-20 17:58:06,647 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:58:06,648 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,650 INFO L290 TraceCheckUtils]: 0: Hoare triple {11686#true} ~handle := #in~handle;havoc ~retValue_acc~29; {11686#true} is VALID [2022-02-20 17:58:06,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {11686#true} is VALID [2022-02-20 17:58:06,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,650 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11687#false} #1115#return; {11687#false} is VALID [2022-02-20 17:58:06,650 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:58:06,651 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,653 INFO L290 TraceCheckUtils]: 0: Hoare triple {11754#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,653 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,653 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,654 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11687#false} #1147#return; {11687#false} is VALID [2022-02-20 17:58:06,654 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:58:06,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {11686#true} ~handle := #in~handle;havoc ~retValue_acc~12; {11686#true} is VALID [2022-02-20 17:58:06,656 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {11686#true} is VALID [2022-02-20 17:58:06,656 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,656 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11687#false} #1149#return; {11687#false} is VALID [2022-02-20 17:58:06,657 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:58:06,657 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,658 INFO L290 TraceCheckUtils]: 0: Hoare triple {11686#true} ~handle := #in~handle;havoc ~retValue_acc~7; {11686#true} is VALID [2022-02-20 17:58:06,658 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {11686#true} is VALID [2022-02-20 17:58:06,659 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,659 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11687#false} #1151#return; {11687#false} is VALID [2022-02-20 17:58:06,659 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:58:06,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {11686#true} ~handle := #in~handle;havoc ~retValue_acc~6; {11686#true} is VALID [2022-02-20 17:58:06,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {11686#true} is VALID [2022-02-20 17:58:06,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,661 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11686#true} {11687#false} #1153#return; {11687#false} is VALID [2022-02-20 17:58:06,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:58:06,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,665 INFO L290 TraceCheckUtils]: 0: Hoare triple {11686#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {11686#true} is VALID [2022-02-20 17:58:06,665 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume 1 == ~handle; {11686#true} is VALID [2022-02-20 17:58:06,666 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {11686#true} is VALID [2022-02-20 17:58:06,666 INFO L290 TraceCheckUtils]: 3: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,666 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11686#true} {11687#false} #1155#return; {11687#false} is VALID [2022-02-20 17:58:06,666 INFO L290 TraceCheckUtils]: 0: Hoare triple {11686#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11686#true} is VALID [2022-02-20 17:58:06,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {11686#true} is VALID [2022-02-20 17:58:06,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11686#true} is VALID [2022-02-20 17:58:06,667 INFO L290 TraceCheckUtils]: 3: Hoare triple {11686#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {11686#true} is VALID [2022-02-20 17:58:06,667 INFO L290 TraceCheckUtils]: 4: Hoare triple {11686#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {11686#true} is VALID [2022-02-20 17:58:06,667 INFO L290 TraceCheckUtils]: 5: Hoare triple {11686#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11686#true} is VALID [2022-02-20 17:58:06,668 INFO L272 TraceCheckUtils]: 6: Hoare triple {11686#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11748#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,668 INFO L290 TraceCheckUtils]: 7: Hoare triple {11748#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,668 INFO L290 TraceCheckUtils]: 8: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,668 INFO L290 TraceCheckUtils]: 9: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,668 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11686#true} {11686#true} #1181#return; {11686#true} is VALID [2022-02-20 17:58:06,668 INFO L290 TraceCheckUtils]: 11: Hoare triple {11686#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11686#true} is VALID [2022-02-20 17:58:06,669 INFO L272 TraceCheckUtils]: 12: Hoare triple {11686#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11749#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:06,669 INFO L290 TraceCheckUtils]: 13: Hoare triple {11749#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,669 INFO L290 TraceCheckUtils]: 14: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,669 INFO L290 TraceCheckUtils]: 15: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,669 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11686#true} {11686#true} #1183#return; {11686#true} is VALID [2022-02-20 17:58:06,670 INFO L290 TraceCheckUtils]: 17: Hoare triple {11686#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11696#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:06,670 INFO L272 TraceCheckUtils]: 18: Hoare triple {11696#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11748#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,671 INFO L290 TraceCheckUtils]: 19: Hoare triple {11748#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11750#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:06,671 INFO L290 TraceCheckUtils]: 20: Hoare triple {11750#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11750#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:06,671 INFO L290 TraceCheckUtils]: 21: Hoare triple {11750#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11751#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:06,672 INFO L290 TraceCheckUtils]: 22: Hoare triple {11751#(= 2 |setClientId_#in~handle|)} assume true; {11751#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:06,672 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11751#(= 2 |setClientId_#in~handle|)} {11696#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1185#return; {11702#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:06,672 INFO L290 TraceCheckUtils]: 24: Hoare triple {11702#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {11702#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:06,673 INFO L272 TraceCheckUtils]: 25: Hoare triple {11702#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11749#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:06,673 INFO L290 TraceCheckUtils]: 26: Hoare triple {11749#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11752#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:06,674 INFO L290 TraceCheckUtils]: 27: Hoare triple {11752#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11753#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:06,674 INFO L290 TraceCheckUtils]: 28: Hoare triple {11753#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11753#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:06,674 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11753#(= |setClientPrivateKey_#in~handle| 1)} {11702#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1187#return; {11687#false} is VALID [2022-02-20 17:58:06,675 INFO L290 TraceCheckUtils]: 30: Hoare triple {11687#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11687#false} is VALID [2022-02-20 17:58:06,675 INFO L272 TraceCheckUtils]: 31: Hoare triple {11687#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11748#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:06,675 INFO L290 TraceCheckUtils]: 32: Hoare triple {11748#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,675 INFO L290 TraceCheckUtils]: 33: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,675 INFO L290 TraceCheckUtils]: 34: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,675 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11686#true} {11687#false} #1189#return; {11687#false} is VALID [2022-02-20 17:58:06,675 INFO L290 TraceCheckUtils]: 36: Hoare triple {11687#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11687#false} is VALID [2022-02-20 17:58:06,676 INFO L272 TraceCheckUtils]: 37: Hoare triple {11687#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11749#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:06,676 INFO L290 TraceCheckUtils]: 38: Hoare triple {11749#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,676 INFO L290 TraceCheckUtils]: 39: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,676 INFO L290 TraceCheckUtils]: 40: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,676 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11686#true} {11687#false} #1191#return; {11687#false} is VALID [2022-02-20 17:58:06,676 INFO L290 TraceCheckUtils]: 42: Hoare triple {11687#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {11687#false} is VALID [2022-02-20 17:58:06,676 INFO L290 TraceCheckUtils]: 43: Hoare triple {11687#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11687#false} is VALID [2022-02-20 17:58:06,676 INFO L290 TraceCheckUtils]: 44: Hoare triple {11687#false} assume !false; {11687#false} is VALID [2022-02-20 17:58:06,677 INFO L290 TraceCheckUtils]: 45: Hoare triple {11687#false} assume test_~splverifierCounter~0#1 < 4; {11687#false} is VALID [2022-02-20 17:58:06,677 INFO L290 TraceCheckUtils]: 46: Hoare triple {11687#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11687#false} is VALID [2022-02-20 17:58:06,677 INFO L290 TraceCheckUtils]: 47: Hoare triple {11687#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {11687#false} is VALID [2022-02-20 17:58:06,677 INFO L290 TraceCheckUtils]: 48: Hoare triple {11687#false} assume !(0 != test_~tmp___9~0#1); {11687#false} is VALID [2022-02-20 17:58:06,677 INFO L290 TraceCheckUtils]: 49: Hoare triple {11687#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {11687#false} is VALID [2022-02-20 17:58:06,677 INFO L290 TraceCheckUtils]: 50: Hoare triple {11687#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11687#false} is VALID [2022-02-20 17:58:06,677 INFO L290 TraceCheckUtils]: 51: Hoare triple {11687#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11687#false} is VALID [2022-02-20 17:58:06,677 INFO L290 TraceCheckUtils]: 52: Hoare triple {11687#false} assume { :end_inline_setClientAutoResponse } true; {11687#false} is VALID [2022-02-20 17:58:06,678 INFO L290 TraceCheckUtils]: 53: Hoare triple {11687#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11687#false} is VALID [2022-02-20 17:58:06,678 INFO L290 TraceCheckUtils]: 54: Hoare triple {11687#false} assume !false; {11687#false} is VALID [2022-02-20 17:58:06,678 INFO L290 TraceCheckUtils]: 55: Hoare triple {11687#false} assume !(test_~splverifierCounter~0#1 < 4); {11687#false} is VALID [2022-02-20 17:58:06,678 INFO L290 TraceCheckUtils]: 56: Hoare triple {11687#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {11687#false} is VALID [2022-02-20 17:58:06,678 INFO L272 TraceCheckUtils]: 57: Hoare triple {11687#false} call sendEmail(~bob~0, ~rjh~0); {11687#false} is VALID [2022-02-20 17:58:06,678 INFO L290 TraceCheckUtils]: 58: Hoare triple {11687#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11687#false} is VALID [2022-02-20 17:58:06,678 INFO L272 TraceCheckUtils]: 59: Hoare triple {11687#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11754#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:06,678 INFO L290 TraceCheckUtils]: 60: Hoare triple {11754#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,679 INFO L290 TraceCheckUtils]: 61: Hoare triple {11686#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,679 INFO L290 TraceCheckUtils]: 62: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,679 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11686#true} {11687#false} #1133#return; {11687#false} is VALID [2022-02-20 17:58:06,679 INFO L272 TraceCheckUtils]: 64: Hoare triple {11687#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11755#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:06,679 INFO L290 TraceCheckUtils]: 65: Hoare triple {11755#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,679 INFO L290 TraceCheckUtils]: 66: Hoare triple {11686#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,679 INFO L290 TraceCheckUtils]: 67: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,679 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11686#true} {11687#false} #1135#return; {11687#false} is VALID [2022-02-20 17:58:06,680 INFO L290 TraceCheckUtils]: 69: Hoare triple {11687#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {11687#false} is VALID [2022-02-20 17:58:06,680 INFO L290 TraceCheckUtils]: 70: Hoare triple {11687#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {11687#false} is VALID [2022-02-20 17:58:06,680 INFO L272 TraceCheckUtils]: 71: Hoare triple {11687#false} call outgoing(~sender#1, ~email~0#1); {11687#false} is VALID [2022-02-20 17:58:06,680 INFO L290 TraceCheckUtils]: 72: Hoare triple {11687#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {11687#false} is VALID [2022-02-20 17:58:06,680 INFO L290 TraceCheckUtils]: 73: Hoare triple {11687#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {11687#false} is VALID [2022-02-20 17:58:06,680 INFO L290 TraceCheckUtils]: 74: Hoare triple {11687#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {11687#false} is VALID [2022-02-20 17:58:06,680 INFO L290 TraceCheckUtils]: 75: Hoare triple {11687#false} assume 0 == sign_~privkey~0#1; {11687#false} is VALID [2022-02-20 17:58:06,681 INFO L290 TraceCheckUtils]: 76: Hoare triple {11687#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {11687#false} is VALID [2022-02-20 17:58:06,681 INFO L272 TraceCheckUtils]: 77: Hoare triple {11687#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {11686#true} is VALID [2022-02-20 17:58:06,681 INFO L290 TraceCheckUtils]: 78: Hoare triple {11686#true} ~handle := #in~handle;havoc ~retValue_acc~29; {11686#true} is VALID [2022-02-20 17:58:06,681 INFO L290 TraceCheckUtils]: 79: Hoare triple {11686#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {11686#true} is VALID [2022-02-20 17:58:06,681 INFO L290 TraceCheckUtils]: 80: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,681 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {11686#true} {11687#false} #1115#return; {11687#false} is VALID [2022-02-20 17:58:06,681 INFO L290 TraceCheckUtils]: 82: Hoare triple {11687#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {11687#false} is VALID [2022-02-20 17:58:06,681 INFO L290 TraceCheckUtils]: 83: Hoare triple {11687#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {11687#false} is VALID [2022-02-20 17:58:06,682 INFO L272 TraceCheckUtils]: 84: Hoare triple {11687#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {11687#false} is VALID [2022-02-20 17:58:06,682 INFO L290 TraceCheckUtils]: 85: Hoare triple {11687#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {11687#false} is VALID [2022-02-20 17:58:06,682 INFO L290 TraceCheckUtils]: 86: Hoare triple {11687#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {11687#false} is VALID [2022-02-20 17:58:06,682 INFO L290 TraceCheckUtils]: 87: Hoare triple {11687#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {11687#false} is VALID [2022-02-20 17:58:06,682 INFO L272 TraceCheckUtils]: 88: Hoare triple {11687#false} call setEmailFrom(~msg#1, ~tmp~12#1); {11754#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:06,682 INFO L290 TraceCheckUtils]: 89: Hoare triple {11754#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:06,682 INFO L290 TraceCheckUtils]: 90: Hoare triple {11686#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:06,682 INFO L290 TraceCheckUtils]: 91: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,683 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {11686#true} {11687#false} #1147#return; {11687#false} is VALID [2022-02-20 17:58:06,683 INFO L290 TraceCheckUtils]: 93: Hoare triple {11687#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {11687#false} is VALID [2022-02-20 17:58:06,683 INFO L272 TraceCheckUtils]: 94: Hoare triple {11687#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {11686#true} is VALID [2022-02-20 17:58:06,683 INFO L290 TraceCheckUtils]: 95: Hoare triple {11686#true} ~handle := #in~handle;havoc ~retValue_acc~12; {11686#true} is VALID [2022-02-20 17:58:06,683 INFO L290 TraceCheckUtils]: 96: Hoare triple {11686#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {11686#true} is VALID [2022-02-20 17:58:06,683 INFO L290 TraceCheckUtils]: 97: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,683 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {11686#true} {11687#false} #1149#return; {11687#false} is VALID [2022-02-20 17:58:06,683 INFO L290 TraceCheckUtils]: 99: Hoare triple {11687#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {11687#false} is VALID [2022-02-20 17:58:06,684 INFO L290 TraceCheckUtils]: 100: Hoare triple {11687#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {11687#false} is VALID [2022-02-20 17:58:06,684 INFO L272 TraceCheckUtils]: 101: Hoare triple {11687#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {11686#true} is VALID [2022-02-20 17:58:06,684 INFO L290 TraceCheckUtils]: 102: Hoare triple {11686#true} ~handle := #in~handle;havoc ~retValue_acc~7; {11686#true} is VALID [2022-02-20 17:58:06,684 INFO L290 TraceCheckUtils]: 103: Hoare triple {11686#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {11686#true} is VALID [2022-02-20 17:58:06,684 INFO L290 TraceCheckUtils]: 104: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,684 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {11686#true} {11687#false} #1151#return; {11687#false} is VALID [2022-02-20 17:58:06,684 INFO L290 TraceCheckUtils]: 106: Hoare triple {11687#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {11687#false} is VALID [2022-02-20 17:58:06,684 INFO L290 TraceCheckUtils]: 107: Hoare triple {11687#false} assume 1 == ~sent_signed~0; {11687#false} is VALID [2022-02-20 17:58:06,685 INFO L272 TraceCheckUtils]: 108: Hoare triple {11687#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {11686#true} is VALID [2022-02-20 17:58:06,685 INFO L290 TraceCheckUtils]: 109: Hoare triple {11686#true} ~handle := #in~handle;havoc ~retValue_acc~6; {11686#true} is VALID [2022-02-20 17:58:06,685 INFO L290 TraceCheckUtils]: 110: Hoare triple {11686#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {11686#true} is VALID [2022-02-20 17:58:06,685 INFO L290 TraceCheckUtils]: 111: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,685 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {11686#true} {11687#false} #1153#return; {11687#false} is VALID [2022-02-20 17:58:06,685 INFO L290 TraceCheckUtils]: 113: Hoare triple {11687#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {11687#false} is VALID [2022-02-20 17:58:06,685 INFO L272 TraceCheckUtils]: 114: Hoare triple {11687#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {11686#true} is VALID [2022-02-20 17:58:06,685 INFO L290 TraceCheckUtils]: 115: Hoare triple {11686#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {11686#true} is VALID [2022-02-20 17:58:06,695 INFO L290 TraceCheckUtils]: 116: Hoare triple {11686#true} assume 1 == ~handle; {11686#true} is VALID [2022-02-20 17:58:06,695 INFO L290 TraceCheckUtils]: 117: Hoare triple {11686#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {11686#true} is VALID [2022-02-20 17:58:06,696 INFO L290 TraceCheckUtils]: 118: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:06,696 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {11686#true} {11687#false} #1155#return; {11687#false} is VALID [2022-02-20 17:58:06,696 INFO L290 TraceCheckUtils]: 120: Hoare triple {11687#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {11687#false} is VALID [2022-02-20 17:58:06,696 INFO L290 TraceCheckUtils]: 121: Hoare triple {11687#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {11687#false} is VALID [2022-02-20 17:58:06,696 INFO L272 TraceCheckUtils]: 122: Hoare triple {11687#false} call __automaton_fail(); {11687#false} is VALID [2022-02-20 17:58:06,696 INFO L290 TraceCheckUtils]: 123: Hoare triple {11687#false} assume !false; {11687#false} is VALID [2022-02-20 17:58:06,697 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:58:06,697 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:06,697 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1867534770] [2022-02-20 17:58:06,697 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1867534770] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:06,697 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1851128907] [2022-02-20 17:58:06,697 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:06,698 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:06,698 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:06,699 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:06,716 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:58:06,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:06,948 INFO L263 TraceCheckSpWp]: Trace formula consists of 1179 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:58:07,002 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:07,004 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:07,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {11686#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11686#true} is VALID [2022-02-20 17:58:07,283 INFO L290 TraceCheckUtils]: 1: Hoare triple {11686#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {11686#true} is VALID [2022-02-20 17:58:07,283 INFO L290 TraceCheckUtils]: 2: Hoare triple {11686#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11686#true} is VALID [2022-02-20 17:58:07,283 INFO L290 TraceCheckUtils]: 3: Hoare triple {11686#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {11686#true} is VALID [2022-02-20 17:58:07,283 INFO L290 TraceCheckUtils]: 4: Hoare triple {11686#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {11686#true} is VALID [2022-02-20 17:58:07,283 INFO L290 TraceCheckUtils]: 5: Hoare triple {11686#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11686#true} is VALID [2022-02-20 17:58:07,283 INFO L272 TraceCheckUtils]: 6: Hoare triple {11686#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11686#true} is VALID [2022-02-20 17:58:07,284 INFO L290 TraceCheckUtils]: 7: Hoare triple {11686#true} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:07,284 INFO L290 TraceCheckUtils]: 8: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:07,284 INFO L290 TraceCheckUtils]: 9: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:07,284 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11686#true} {11686#true} #1181#return; {11686#true} is VALID [2022-02-20 17:58:07,284 INFO L290 TraceCheckUtils]: 11: Hoare triple {11686#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11686#true} is VALID [2022-02-20 17:58:07,284 INFO L272 TraceCheckUtils]: 12: Hoare triple {11686#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11686#true} is VALID [2022-02-20 17:58:07,284 INFO L290 TraceCheckUtils]: 13: Hoare triple {11686#true} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:07,285 INFO L290 TraceCheckUtils]: 14: Hoare triple {11686#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:07,285 INFO L290 TraceCheckUtils]: 15: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:07,285 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11686#true} {11686#true} #1183#return; {11686#true} is VALID [2022-02-20 17:58:07,299 INFO L290 TraceCheckUtils]: 17: Hoare triple {11686#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11810#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:07,299 INFO L272 TraceCheckUtils]: 18: Hoare triple {11810#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11686#true} is VALID [2022-02-20 17:58:07,300 INFO L290 TraceCheckUtils]: 19: Hoare triple {11686#true} ~handle := #in~handle;~value := #in~value; {11686#true} is VALID [2022-02-20 17:58:07,300 INFO L290 TraceCheckUtils]: 20: Hoare triple {11686#true} assume !(1 == ~handle); {11686#true} is VALID [2022-02-20 17:58:07,300 INFO L290 TraceCheckUtils]: 21: Hoare triple {11686#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11686#true} is VALID [2022-02-20 17:58:07,301 INFO L290 TraceCheckUtils]: 22: Hoare triple {11686#true} assume true; {11686#true} is VALID [2022-02-20 17:58:07,302 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11686#true} {11810#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1185#return; {11810#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:07,302 INFO L290 TraceCheckUtils]: 24: Hoare triple {11810#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {11810#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:07,302 INFO L272 TraceCheckUtils]: 25: Hoare triple {11810#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11686#true} is VALID [2022-02-20 17:58:07,303 INFO L290 TraceCheckUtils]: 26: Hoare triple {11686#true} ~handle := #in~handle;~value := #in~value; {11838#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:58:07,303 INFO L290 TraceCheckUtils]: 27: Hoare triple {11838#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11842#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:07,303 INFO L290 TraceCheckUtils]: 28: Hoare triple {11842#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {11842#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:07,305 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11842#(<= |setClientPrivateKey_#in~handle| 1)} {11810#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1187#return; {11687#false} is VALID [2022-02-20 17:58:07,305 INFO L290 TraceCheckUtils]: 30: Hoare triple {11687#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11687#false} is VALID [2022-02-20 17:58:07,305 INFO L272 TraceCheckUtils]: 31: Hoare triple {11687#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11687#false} is VALID [2022-02-20 17:58:07,307 INFO L290 TraceCheckUtils]: 32: Hoare triple {11687#false} ~handle := #in~handle;~value := #in~value; {11687#false} is VALID [2022-02-20 17:58:07,307 INFO L290 TraceCheckUtils]: 33: Hoare triple {11687#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11687#false} is VALID [2022-02-20 17:58:07,307 INFO L290 TraceCheckUtils]: 34: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,307 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11687#false} {11687#false} #1189#return; {11687#false} is VALID [2022-02-20 17:58:07,307 INFO L290 TraceCheckUtils]: 36: Hoare triple {11687#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11687#false} is VALID [2022-02-20 17:58:07,307 INFO L272 TraceCheckUtils]: 37: Hoare triple {11687#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11687#false} is VALID [2022-02-20 17:58:07,308 INFO L290 TraceCheckUtils]: 38: Hoare triple {11687#false} ~handle := #in~handle;~value := #in~value; {11687#false} is VALID [2022-02-20 17:58:07,308 INFO L290 TraceCheckUtils]: 39: Hoare triple {11687#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11687#false} is VALID [2022-02-20 17:58:07,308 INFO L290 TraceCheckUtils]: 40: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,308 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11687#false} {11687#false} #1191#return; {11687#false} is VALID [2022-02-20 17:58:07,308 INFO L290 TraceCheckUtils]: 42: Hoare triple {11687#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {11687#false} is VALID [2022-02-20 17:58:07,308 INFO L290 TraceCheckUtils]: 43: Hoare triple {11687#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11687#false} is VALID [2022-02-20 17:58:07,308 INFO L290 TraceCheckUtils]: 44: Hoare triple {11687#false} assume !false; {11687#false} is VALID [2022-02-20 17:58:07,309 INFO L290 TraceCheckUtils]: 45: Hoare triple {11687#false} assume test_~splverifierCounter~0#1 < 4; {11687#false} is VALID [2022-02-20 17:58:07,309 INFO L290 TraceCheckUtils]: 46: Hoare triple {11687#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11687#false} is VALID [2022-02-20 17:58:07,309 INFO L290 TraceCheckUtils]: 47: Hoare triple {11687#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {11687#false} is VALID [2022-02-20 17:58:07,309 INFO L290 TraceCheckUtils]: 48: Hoare triple {11687#false} assume !(0 != test_~tmp___9~0#1); {11687#false} is VALID [2022-02-20 17:58:07,309 INFO L290 TraceCheckUtils]: 49: Hoare triple {11687#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {11687#false} is VALID [2022-02-20 17:58:07,309 INFO L290 TraceCheckUtils]: 50: Hoare triple {11687#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11687#false} is VALID [2022-02-20 17:58:07,309 INFO L290 TraceCheckUtils]: 51: Hoare triple {11687#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11687#false} is VALID [2022-02-20 17:58:07,310 INFO L290 TraceCheckUtils]: 52: Hoare triple {11687#false} assume { :end_inline_setClientAutoResponse } true; {11687#false} is VALID [2022-02-20 17:58:07,310 INFO L290 TraceCheckUtils]: 53: Hoare triple {11687#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11687#false} is VALID [2022-02-20 17:58:07,310 INFO L290 TraceCheckUtils]: 54: Hoare triple {11687#false} assume !false; {11687#false} is VALID [2022-02-20 17:58:07,310 INFO L290 TraceCheckUtils]: 55: Hoare triple {11687#false} assume !(test_~splverifierCounter~0#1 < 4); {11687#false} is VALID [2022-02-20 17:58:07,310 INFO L290 TraceCheckUtils]: 56: Hoare triple {11687#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {11687#false} is VALID [2022-02-20 17:58:07,310 INFO L272 TraceCheckUtils]: 57: Hoare triple {11687#false} call sendEmail(~bob~0, ~rjh~0); {11687#false} is VALID [2022-02-20 17:58:07,310 INFO L290 TraceCheckUtils]: 58: Hoare triple {11687#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11687#false} is VALID [2022-02-20 17:58:07,311 INFO L272 TraceCheckUtils]: 59: Hoare triple {11687#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11687#false} is VALID [2022-02-20 17:58:07,311 INFO L290 TraceCheckUtils]: 60: Hoare triple {11687#false} ~handle := #in~handle;~value := #in~value; {11687#false} is VALID [2022-02-20 17:58:07,311 INFO L290 TraceCheckUtils]: 61: Hoare triple {11687#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11687#false} is VALID [2022-02-20 17:58:07,311 INFO L290 TraceCheckUtils]: 62: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,311 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11687#false} {11687#false} #1133#return; {11687#false} is VALID [2022-02-20 17:58:07,311 INFO L272 TraceCheckUtils]: 64: Hoare triple {11687#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11687#false} is VALID [2022-02-20 17:58:07,311 INFO L290 TraceCheckUtils]: 65: Hoare triple {11687#false} ~handle := #in~handle;~value := #in~value; {11687#false} is VALID [2022-02-20 17:58:07,312 INFO L290 TraceCheckUtils]: 66: Hoare triple {11687#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11687#false} is VALID [2022-02-20 17:58:07,312 INFO L290 TraceCheckUtils]: 67: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,312 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11687#false} {11687#false} #1135#return; {11687#false} is VALID [2022-02-20 17:58:07,312 INFO L290 TraceCheckUtils]: 69: Hoare triple {11687#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {11687#false} is VALID [2022-02-20 17:58:07,312 INFO L290 TraceCheckUtils]: 70: Hoare triple {11687#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {11687#false} is VALID [2022-02-20 17:58:07,312 INFO L272 TraceCheckUtils]: 71: Hoare triple {11687#false} call outgoing(~sender#1, ~email~0#1); {11687#false} is VALID [2022-02-20 17:58:07,312 INFO L290 TraceCheckUtils]: 72: Hoare triple {11687#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {11687#false} is VALID [2022-02-20 17:58:07,314 INFO L290 TraceCheckUtils]: 73: Hoare triple {11687#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {11687#false} is VALID [2022-02-20 17:58:07,315 INFO L290 TraceCheckUtils]: 74: Hoare triple {11687#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {11687#false} is VALID [2022-02-20 17:58:07,315 INFO L290 TraceCheckUtils]: 75: Hoare triple {11687#false} assume 0 == sign_~privkey~0#1; {11687#false} is VALID [2022-02-20 17:58:07,315 INFO L290 TraceCheckUtils]: 76: Hoare triple {11687#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {11687#false} is VALID [2022-02-20 17:58:07,315 INFO L272 TraceCheckUtils]: 77: Hoare triple {11687#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {11687#false} is VALID [2022-02-20 17:58:07,315 INFO L290 TraceCheckUtils]: 78: Hoare triple {11687#false} ~handle := #in~handle;havoc ~retValue_acc~29; {11687#false} is VALID [2022-02-20 17:58:07,315 INFO L290 TraceCheckUtils]: 79: Hoare triple {11687#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {11687#false} is VALID [2022-02-20 17:58:07,316 INFO L290 TraceCheckUtils]: 80: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,316 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {11687#false} {11687#false} #1115#return; {11687#false} is VALID [2022-02-20 17:58:07,316 INFO L290 TraceCheckUtils]: 82: Hoare triple {11687#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {11687#false} is VALID [2022-02-20 17:58:07,316 INFO L290 TraceCheckUtils]: 83: Hoare triple {11687#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {11687#false} is VALID [2022-02-20 17:58:07,316 INFO L272 TraceCheckUtils]: 84: Hoare triple {11687#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {11687#false} is VALID [2022-02-20 17:58:07,316 INFO L290 TraceCheckUtils]: 85: Hoare triple {11687#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {11687#false} is VALID [2022-02-20 17:58:07,316 INFO L290 TraceCheckUtils]: 86: Hoare triple {11687#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {11687#false} is VALID [2022-02-20 17:58:07,317 INFO L290 TraceCheckUtils]: 87: Hoare triple {11687#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {11687#false} is VALID [2022-02-20 17:58:07,317 INFO L272 TraceCheckUtils]: 88: Hoare triple {11687#false} call setEmailFrom(~msg#1, ~tmp~12#1); {11687#false} is VALID [2022-02-20 17:58:07,317 INFO L290 TraceCheckUtils]: 89: Hoare triple {11687#false} ~handle := #in~handle;~value := #in~value; {11687#false} is VALID [2022-02-20 17:58:07,317 INFO L290 TraceCheckUtils]: 90: Hoare triple {11687#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11687#false} is VALID [2022-02-20 17:58:07,317 INFO L290 TraceCheckUtils]: 91: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,317 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {11687#false} {11687#false} #1147#return; {11687#false} is VALID [2022-02-20 17:58:07,317 INFO L290 TraceCheckUtils]: 93: Hoare triple {11687#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {11687#false} is VALID [2022-02-20 17:58:07,318 INFO L272 TraceCheckUtils]: 94: Hoare triple {11687#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {11687#false} is VALID [2022-02-20 17:58:07,318 INFO L290 TraceCheckUtils]: 95: Hoare triple {11687#false} ~handle := #in~handle;havoc ~retValue_acc~12; {11687#false} is VALID [2022-02-20 17:58:07,318 INFO L290 TraceCheckUtils]: 96: Hoare triple {11687#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {11687#false} is VALID [2022-02-20 17:58:07,318 INFO L290 TraceCheckUtils]: 97: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,318 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {11687#false} {11687#false} #1149#return; {11687#false} is VALID [2022-02-20 17:58:07,318 INFO L290 TraceCheckUtils]: 99: Hoare triple {11687#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {11687#false} is VALID [2022-02-20 17:58:07,318 INFO L290 TraceCheckUtils]: 100: Hoare triple {11687#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {11687#false} is VALID [2022-02-20 17:58:07,319 INFO L272 TraceCheckUtils]: 101: Hoare triple {11687#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {11687#false} is VALID [2022-02-20 17:58:07,319 INFO L290 TraceCheckUtils]: 102: Hoare triple {11687#false} ~handle := #in~handle;havoc ~retValue_acc~7; {11687#false} is VALID [2022-02-20 17:58:07,319 INFO L290 TraceCheckUtils]: 103: Hoare triple {11687#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {11687#false} is VALID [2022-02-20 17:58:07,319 INFO L290 TraceCheckUtils]: 104: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,319 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {11687#false} {11687#false} #1151#return; {11687#false} is VALID [2022-02-20 17:58:07,319 INFO L290 TraceCheckUtils]: 106: Hoare triple {11687#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {11687#false} is VALID [2022-02-20 17:58:07,319 INFO L290 TraceCheckUtils]: 107: Hoare triple {11687#false} assume 1 == ~sent_signed~0; {11687#false} is VALID [2022-02-20 17:58:07,320 INFO L272 TraceCheckUtils]: 108: Hoare triple {11687#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {11687#false} is VALID [2022-02-20 17:58:07,320 INFO L290 TraceCheckUtils]: 109: Hoare triple {11687#false} ~handle := #in~handle;havoc ~retValue_acc~6; {11687#false} is VALID [2022-02-20 17:58:07,320 INFO L290 TraceCheckUtils]: 110: Hoare triple {11687#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {11687#false} is VALID [2022-02-20 17:58:07,320 INFO L290 TraceCheckUtils]: 111: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,320 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {11687#false} {11687#false} #1153#return; {11687#false} is VALID [2022-02-20 17:58:07,320 INFO L290 TraceCheckUtils]: 113: Hoare triple {11687#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {11687#false} is VALID [2022-02-20 17:58:07,320 INFO L272 TraceCheckUtils]: 114: Hoare triple {11687#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {11687#false} is VALID [2022-02-20 17:58:07,321 INFO L290 TraceCheckUtils]: 115: Hoare triple {11687#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {11687#false} is VALID [2022-02-20 17:58:07,321 INFO L290 TraceCheckUtils]: 116: Hoare triple {11687#false} assume 1 == ~handle; {11687#false} is VALID [2022-02-20 17:58:07,321 INFO L290 TraceCheckUtils]: 117: Hoare triple {11687#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {11687#false} is VALID [2022-02-20 17:58:07,321 INFO L290 TraceCheckUtils]: 118: Hoare triple {11687#false} assume true; {11687#false} is VALID [2022-02-20 17:58:07,321 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {11687#false} {11687#false} #1155#return; {11687#false} is VALID [2022-02-20 17:58:07,321 INFO L290 TraceCheckUtils]: 120: Hoare triple {11687#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {11687#false} is VALID [2022-02-20 17:58:07,321 INFO L290 TraceCheckUtils]: 121: Hoare triple {11687#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {11687#false} is VALID [2022-02-20 17:58:07,322 INFO L272 TraceCheckUtils]: 122: Hoare triple {11687#false} call __automaton_fail(); {11687#false} is VALID [2022-02-20 17:58:07,322 INFO L290 TraceCheckUtils]: 123: Hoare triple {11687#false} assume !false; {11687#false} is VALID [2022-02-20 17:58:07,322 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 17:58:07,322 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:07,322 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1851128907] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:07,323 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:07,323 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:58:07,323 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2082599671] [2022-02-20 17:58:07,323 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:07,324 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) Word has length 124 [2022-02-20 17:58:07,324 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:07,324 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:07,389 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 118 edges. 118 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:07,389 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:07,390 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:07,390 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:07,390 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:58:07,391 INFO L87 Difference]: Start difference. First operand 447 states and 694 transitions. Second operand has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:08,368 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:08,369 INFO L93 Difference]: Finished difference Result 883 states and 1377 transitions. [2022-02-20 17:58:08,369 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:58:08,369 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) Word has length 124 [2022-02-20 17:58:08,369 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:08,369 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:08,389 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1133 transitions. [2022-02-20 17:58:08,389 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:08,396 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1133 transitions. [2022-02-20 17:58:08,397 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1133 transitions. [2022-02-20 17:58:09,025 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1133 edges. 1133 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:09,038 INFO L225 Difference]: With dead ends: 883 [2022-02-20 17:58:09,039 INFO L226 Difference]: Without dead ends: 449 [2022-02-20 17:58:09,040 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 158 GetRequests, 144 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:58:09,041 INFO L933 BasicCegarLoop]: 561 mSDtfsCounter, 151 mSDsluCounter, 1506 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 174 SdHoareTripleChecker+Valid, 2067 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:09,041 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [174 Valid, 2067 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:09,043 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 449 states. [2022-02-20 17:58:09,125 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 449 to 449. [2022-02-20 17:58:09,126 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:09,127 INFO L82 GeneralOperation]: Start isEquivalent. First operand 449 states. Second operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:58:09,127 INFO L74 IsIncluded]: Start isIncluded. First operand 449 states. Second operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:58:09,128 INFO L87 Difference]: Start difference. First operand 449 states. Second operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:58:09,140 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:09,141 INFO L93 Difference]: Finished difference Result 449 states and 700 transitions. [2022-02-20 17:58:09,141 INFO L276 IsEmpty]: Start isEmpty. Operand 449 states and 700 transitions. [2022-02-20 17:58:09,142 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:09,142 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:09,143 INFO L74 IsIncluded]: Start isIncluded. First operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) Second operand 449 states. [2022-02-20 17:58:09,144 INFO L87 Difference]: Start difference. First operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) Second operand 449 states. [2022-02-20 17:58:09,154 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:09,154 INFO L93 Difference]: Finished difference Result 449 states and 700 transitions. [2022-02-20 17:58:09,154 INFO L276 IsEmpty]: Start isEmpty. Operand 449 states and 700 transitions. [2022-02-20 17:58:09,156 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:09,156 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:09,156 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:09,156 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:09,157 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:58:09,169 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 449 states to 449 states and 700 transitions. [2022-02-20 17:58:09,169 INFO L78 Accepts]: Start accepts. Automaton has 449 states and 700 transitions. Word has length 124 [2022-02-20 17:58:09,170 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:09,171 INFO L470 AbstractCegarLoop]: Abstraction has 449 states and 700 transitions. [2022-02-20 17:58:09,171 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (18), 2 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:09,171 INFO L276 IsEmpty]: Start isEmpty. Operand 449 states and 700 transitions. [2022-02-20 17:58:09,173 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 126 [2022-02-20 17:58:09,173 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:09,173 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:09,211 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:09,394 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:09,395 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:09,395 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:09,395 INFO L85 PathProgramCache]: Analyzing trace with hash -1552124652, now seen corresponding path program 1 times [2022-02-20 17:58:09,395 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:09,395 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1337639986] [2022-02-20 17:58:09,396 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:09,396 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:09,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,451 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:09,452 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,454 INFO L290 TraceCheckUtils]: 0: Hoare triple {14939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,454 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,454 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,454 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14877#true} #1181#return; {14877#true} is VALID [2022-02-20 17:58:09,459 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:09,459 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {14940#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,461 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,461 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,461 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14877#true} #1183#return; {14877#true} is VALID [2022-02-20 17:58:09,461 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:09,463 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,465 INFO L290 TraceCheckUtils]: 0: Hoare triple {14939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,465 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume !(1 == ~handle); {14877#true} is VALID [2022-02-20 17:58:09,465 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,465 INFO L290 TraceCheckUtils]: 3: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,465 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14877#true} {14877#true} #1185#return; {14877#true} is VALID [2022-02-20 17:58:09,465 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:09,467 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,468 INFO L290 TraceCheckUtils]: 0: Hoare triple {14940#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,468 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume !(1 == ~handle); {14877#true} is VALID [2022-02-20 17:58:09,468 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,468 INFO L290 TraceCheckUtils]: 3: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,468 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14877#true} {14877#true} #1187#return; {14877#true} is VALID [2022-02-20 17:58:09,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:09,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,483 INFO L290 TraceCheckUtils]: 0: Hoare triple {14939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14941#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:09,484 INFO L290 TraceCheckUtils]: 1: Hoare triple {14941#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14942#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:09,484 INFO L290 TraceCheckUtils]: 2: Hoare triple {14942#(= |setClientId_#in~handle| 1)} assume true; {14942#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:09,484 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14942#(= |setClientId_#in~handle| 1)} {14897#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1189#return; {14878#false} is VALID [2022-02-20 17:58:09,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:09,489 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {14940#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,491 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,491 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14878#false} #1191#return; {14878#false} is VALID [2022-02-20 17:58:09,496 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:58:09,497 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,498 INFO L290 TraceCheckUtils]: 0: Hoare triple {14943#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,498 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,498 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,498 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14878#false} #1133#return; {14878#false} is VALID [2022-02-20 17:58:09,505 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:58:09,506 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,507 INFO L290 TraceCheckUtils]: 0: Hoare triple {14944#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,508 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14878#false} #1135#return; {14878#false} is VALID [2022-02-20 17:58:09,508 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:58:09,508 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,510 INFO L290 TraceCheckUtils]: 0: Hoare triple {14877#true} ~handle := #in~handle;havoc ~retValue_acc~29; {14877#true} is VALID [2022-02-20 17:58:09,510 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {14877#true} is VALID [2022-02-20 17:58:09,510 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,510 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14878#false} #1115#return; {14878#false} is VALID [2022-02-20 17:58:09,510 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:58:09,511 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,513 INFO L290 TraceCheckUtils]: 0: Hoare triple {14943#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,513 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,513 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,513 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14878#false} #1147#return; {14878#false} is VALID [2022-02-20 17:58:09,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:58:09,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,515 INFO L290 TraceCheckUtils]: 0: Hoare triple {14877#true} ~handle := #in~handle;havoc ~retValue_acc~12; {14877#true} is VALID [2022-02-20 17:58:09,515 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {14877#true} is VALID [2022-02-20 17:58:09,515 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,515 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14878#false} #1149#return; {14878#false} is VALID [2022-02-20 17:58:09,515 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:58:09,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,517 INFO L290 TraceCheckUtils]: 0: Hoare triple {14877#true} ~handle := #in~handle;havoc ~retValue_acc~7; {14877#true} is VALID [2022-02-20 17:58:09,518 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {14877#true} is VALID [2022-02-20 17:58:09,518 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,518 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14878#false} #1151#return; {14878#false} is VALID [2022-02-20 17:58:09,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:58:09,519 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,520 INFO L290 TraceCheckUtils]: 0: Hoare triple {14877#true} ~handle := #in~handle;havoc ~retValue_acc~6; {14877#true} is VALID [2022-02-20 17:58:09,520 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {14877#true} is VALID [2022-02-20 17:58:09,520 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,520 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14877#true} {14878#false} #1153#return; {14878#false} is VALID [2022-02-20 17:58:09,521 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:09,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:09,523 INFO L290 TraceCheckUtils]: 0: Hoare triple {14877#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {14877#true} is VALID [2022-02-20 17:58:09,524 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume 1 == ~handle; {14877#true} is VALID [2022-02-20 17:58:09,524 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {14877#true} is VALID [2022-02-20 17:58:09,524 INFO L290 TraceCheckUtils]: 3: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,524 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14877#true} {14878#false} #1155#return; {14878#false} is VALID [2022-02-20 17:58:09,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {14877#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {14877#true} is VALID [2022-02-20 17:58:09,524 INFO L290 TraceCheckUtils]: 1: Hoare triple {14877#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {14877#true} is VALID [2022-02-20 17:58:09,524 INFO L290 TraceCheckUtils]: 2: Hoare triple {14877#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14877#true} is VALID [2022-02-20 17:58:09,524 INFO L290 TraceCheckUtils]: 3: Hoare triple {14877#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {14877#true} is VALID [2022-02-20 17:58:09,525 INFO L290 TraceCheckUtils]: 4: Hoare triple {14877#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {14877#true} is VALID [2022-02-20 17:58:09,525 INFO L290 TraceCheckUtils]: 5: Hoare triple {14877#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14877#true} is VALID [2022-02-20 17:58:09,525 INFO L272 TraceCheckUtils]: 6: Hoare triple {14877#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:09,525 INFO L290 TraceCheckUtils]: 7: Hoare triple {14939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,526 INFO L290 TraceCheckUtils]: 8: Hoare triple {14877#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,526 INFO L290 TraceCheckUtils]: 9: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,526 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14877#true} {14877#true} #1181#return; {14877#true} is VALID [2022-02-20 17:58:09,526 INFO L290 TraceCheckUtils]: 11: Hoare triple {14877#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14877#true} is VALID [2022-02-20 17:58:09,526 INFO L272 TraceCheckUtils]: 12: Hoare triple {14877#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14940#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:09,527 INFO L290 TraceCheckUtils]: 13: Hoare triple {14940#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,527 INFO L290 TraceCheckUtils]: 14: Hoare triple {14877#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,527 INFO L290 TraceCheckUtils]: 15: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,527 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14877#true} {14877#true} #1183#return; {14877#true} is VALID [2022-02-20 17:58:09,527 INFO L290 TraceCheckUtils]: 17: Hoare triple {14877#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14877#true} is VALID [2022-02-20 17:58:09,528 INFO L272 TraceCheckUtils]: 18: Hoare triple {14877#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:09,528 INFO L290 TraceCheckUtils]: 19: Hoare triple {14939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,528 INFO L290 TraceCheckUtils]: 20: Hoare triple {14877#true} assume !(1 == ~handle); {14877#true} is VALID [2022-02-20 17:58:09,528 INFO L290 TraceCheckUtils]: 21: Hoare triple {14877#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,528 INFO L290 TraceCheckUtils]: 22: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,528 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14877#true} {14877#true} #1185#return; {14877#true} is VALID [2022-02-20 17:58:09,528 INFO L290 TraceCheckUtils]: 24: Hoare triple {14877#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14877#true} is VALID [2022-02-20 17:58:09,529 INFO L272 TraceCheckUtils]: 25: Hoare triple {14877#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14940#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:09,529 INFO L290 TraceCheckUtils]: 26: Hoare triple {14940#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,529 INFO L290 TraceCheckUtils]: 27: Hoare triple {14877#true} assume !(1 == ~handle); {14877#true} is VALID [2022-02-20 17:58:09,529 INFO L290 TraceCheckUtils]: 28: Hoare triple {14877#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,529 INFO L290 TraceCheckUtils]: 29: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,529 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14877#true} {14877#true} #1187#return; {14877#true} is VALID [2022-02-20 17:58:09,530 INFO L290 TraceCheckUtils]: 31: Hoare triple {14877#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14897#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:09,530 INFO L272 TraceCheckUtils]: 32: Hoare triple {14897#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:09,531 INFO L290 TraceCheckUtils]: 33: Hoare triple {14939#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14941#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:09,531 INFO L290 TraceCheckUtils]: 34: Hoare triple {14941#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14942#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:09,531 INFO L290 TraceCheckUtils]: 35: Hoare triple {14942#(= |setClientId_#in~handle| 1)} assume true; {14942#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:09,553 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {14942#(= |setClientId_#in~handle| 1)} {14897#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1189#return; {14878#false} is VALID [2022-02-20 17:58:09,553 INFO L290 TraceCheckUtils]: 37: Hoare triple {14878#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {14878#false} is VALID [2022-02-20 17:58:09,553 INFO L272 TraceCheckUtils]: 38: Hoare triple {14878#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14940#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:09,553 INFO L290 TraceCheckUtils]: 39: Hoare triple {14940#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,553 INFO L290 TraceCheckUtils]: 40: Hoare triple {14877#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,553 INFO L290 TraceCheckUtils]: 41: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,554 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {14877#true} {14878#false} #1191#return; {14878#false} is VALID [2022-02-20 17:58:09,554 INFO L290 TraceCheckUtils]: 43: Hoare triple {14878#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {14878#false} is VALID [2022-02-20 17:58:09,554 INFO L290 TraceCheckUtils]: 44: Hoare triple {14878#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14878#false} is VALID [2022-02-20 17:58:09,554 INFO L290 TraceCheckUtils]: 45: Hoare triple {14878#false} assume !false; {14878#false} is VALID [2022-02-20 17:58:09,554 INFO L290 TraceCheckUtils]: 46: Hoare triple {14878#false} assume test_~splverifierCounter~0#1 < 4; {14878#false} is VALID [2022-02-20 17:58:09,554 INFO L290 TraceCheckUtils]: 47: Hoare triple {14878#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14878#false} is VALID [2022-02-20 17:58:09,554 INFO L290 TraceCheckUtils]: 48: Hoare triple {14878#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {14878#false} is VALID [2022-02-20 17:58:09,554 INFO L290 TraceCheckUtils]: 49: Hoare triple {14878#false} assume !(0 != test_~tmp___9~0#1); {14878#false} is VALID [2022-02-20 17:58:09,554 INFO L290 TraceCheckUtils]: 50: Hoare triple {14878#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {14878#false} is VALID [2022-02-20 17:58:09,555 INFO L290 TraceCheckUtils]: 51: Hoare triple {14878#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {14878#false} is VALID [2022-02-20 17:58:09,555 INFO L290 TraceCheckUtils]: 52: Hoare triple {14878#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {14878#false} is VALID [2022-02-20 17:58:09,555 INFO L290 TraceCheckUtils]: 53: Hoare triple {14878#false} assume { :end_inline_setClientAutoResponse } true; {14878#false} is VALID [2022-02-20 17:58:09,555 INFO L290 TraceCheckUtils]: 54: Hoare triple {14878#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {14878#false} is VALID [2022-02-20 17:58:09,555 INFO L290 TraceCheckUtils]: 55: Hoare triple {14878#false} assume !false; {14878#false} is VALID [2022-02-20 17:58:09,555 INFO L290 TraceCheckUtils]: 56: Hoare triple {14878#false} assume !(test_~splverifierCounter~0#1 < 4); {14878#false} is VALID [2022-02-20 17:58:09,555 INFO L290 TraceCheckUtils]: 57: Hoare triple {14878#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {14878#false} is VALID [2022-02-20 17:58:09,555 INFO L272 TraceCheckUtils]: 58: Hoare triple {14878#false} call sendEmail(~bob~0, ~rjh~0); {14878#false} is VALID [2022-02-20 17:58:09,556 INFO L290 TraceCheckUtils]: 59: Hoare triple {14878#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14878#false} is VALID [2022-02-20 17:58:09,556 INFO L272 TraceCheckUtils]: 60: Hoare triple {14878#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14943#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:09,556 INFO L290 TraceCheckUtils]: 61: Hoare triple {14943#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,556 INFO L290 TraceCheckUtils]: 62: Hoare triple {14877#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,556 INFO L290 TraceCheckUtils]: 63: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,556 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {14877#true} {14878#false} #1133#return; {14878#false} is VALID [2022-02-20 17:58:09,556 INFO L272 TraceCheckUtils]: 65: Hoare triple {14878#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {14944#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:09,556 INFO L290 TraceCheckUtils]: 66: Hoare triple {14944#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,557 INFO L290 TraceCheckUtils]: 67: Hoare triple {14877#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,557 INFO L290 TraceCheckUtils]: 68: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,557 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {14877#true} {14878#false} #1135#return; {14878#false} is VALID [2022-02-20 17:58:09,557 INFO L290 TraceCheckUtils]: 70: Hoare triple {14878#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {14878#false} is VALID [2022-02-20 17:58:09,557 INFO L290 TraceCheckUtils]: 71: Hoare triple {14878#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {14878#false} is VALID [2022-02-20 17:58:09,557 INFO L272 TraceCheckUtils]: 72: Hoare triple {14878#false} call outgoing(~sender#1, ~email~0#1); {14878#false} is VALID [2022-02-20 17:58:09,557 INFO L290 TraceCheckUtils]: 73: Hoare triple {14878#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {14878#false} is VALID [2022-02-20 17:58:09,557 INFO L290 TraceCheckUtils]: 74: Hoare triple {14878#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {14878#false} is VALID [2022-02-20 17:58:09,557 INFO L290 TraceCheckUtils]: 75: Hoare triple {14878#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {14878#false} is VALID [2022-02-20 17:58:09,558 INFO L290 TraceCheckUtils]: 76: Hoare triple {14878#false} assume 0 == sign_~privkey~0#1; {14878#false} is VALID [2022-02-20 17:58:09,558 INFO L290 TraceCheckUtils]: 77: Hoare triple {14878#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {14878#false} is VALID [2022-02-20 17:58:09,558 INFO L272 TraceCheckUtils]: 78: Hoare triple {14878#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {14877#true} is VALID [2022-02-20 17:58:09,558 INFO L290 TraceCheckUtils]: 79: Hoare triple {14877#true} ~handle := #in~handle;havoc ~retValue_acc~29; {14877#true} is VALID [2022-02-20 17:58:09,558 INFO L290 TraceCheckUtils]: 80: Hoare triple {14877#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {14877#true} is VALID [2022-02-20 17:58:09,558 INFO L290 TraceCheckUtils]: 81: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,558 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {14877#true} {14878#false} #1115#return; {14878#false} is VALID [2022-02-20 17:58:09,558 INFO L290 TraceCheckUtils]: 83: Hoare triple {14878#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {14878#false} is VALID [2022-02-20 17:58:09,559 INFO L290 TraceCheckUtils]: 84: Hoare triple {14878#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {14878#false} is VALID [2022-02-20 17:58:09,559 INFO L272 TraceCheckUtils]: 85: Hoare triple {14878#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {14878#false} is VALID [2022-02-20 17:58:09,559 INFO L290 TraceCheckUtils]: 86: Hoare triple {14878#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {14878#false} is VALID [2022-02-20 17:58:09,559 INFO L290 TraceCheckUtils]: 87: Hoare triple {14878#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {14878#false} is VALID [2022-02-20 17:58:09,559 INFO L290 TraceCheckUtils]: 88: Hoare triple {14878#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {14878#false} is VALID [2022-02-20 17:58:09,559 INFO L272 TraceCheckUtils]: 89: Hoare triple {14878#false} call setEmailFrom(~msg#1, ~tmp~12#1); {14943#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:09,559 INFO L290 TraceCheckUtils]: 90: Hoare triple {14943#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14877#true} is VALID [2022-02-20 17:58:09,559 INFO L290 TraceCheckUtils]: 91: Hoare triple {14877#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14877#true} is VALID [2022-02-20 17:58:09,559 INFO L290 TraceCheckUtils]: 92: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,560 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {14877#true} {14878#false} #1147#return; {14878#false} is VALID [2022-02-20 17:58:09,560 INFO L290 TraceCheckUtils]: 94: Hoare triple {14878#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {14878#false} is VALID [2022-02-20 17:58:09,560 INFO L272 TraceCheckUtils]: 95: Hoare triple {14878#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {14877#true} is VALID [2022-02-20 17:58:09,560 INFO L290 TraceCheckUtils]: 96: Hoare triple {14877#true} ~handle := #in~handle;havoc ~retValue_acc~12; {14877#true} is VALID [2022-02-20 17:58:09,560 INFO L290 TraceCheckUtils]: 97: Hoare triple {14877#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {14877#true} is VALID [2022-02-20 17:58:09,560 INFO L290 TraceCheckUtils]: 98: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,560 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {14877#true} {14878#false} #1149#return; {14878#false} is VALID [2022-02-20 17:58:09,560 INFO L290 TraceCheckUtils]: 100: Hoare triple {14878#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {14878#false} is VALID [2022-02-20 17:58:09,561 INFO L290 TraceCheckUtils]: 101: Hoare triple {14878#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {14878#false} is VALID [2022-02-20 17:58:09,561 INFO L272 TraceCheckUtils]: 102: Hoare triple {14878#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {14877#true} is VALID [2022-02-20 17:58:09,561 INFO L290 TraceCheckUtils]: 103: Hoare triple {14877#true} ~handle := #in~handle;havoc ~retValue_acc~7; {14877#true} is VALID [2022-02-20 17:58:09,561 INFO L290 TraceCheckUtils]: 104: Hoare triple {14877#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {14877#true} is VALID [2022-02-20 17:58:09,561 INFO L290 TraceCheckUtils]: 105: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,561 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {14877#true} {14878#false} #1151#return; {14878#false} is VALID [2022-02-20 17:58:09,561 INFO L290 TraceCheckUtils]: 107: Hoare triple {14878#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {14878#false} is VALID [2022-02-20 17:58:09,561 INFO L290 TraceCheckUtils]: 108: Hoare triple {14878#false} assume 1 == ~sent_signed~0; {14878#false} is VALID [2022-02-20 17:58:09,562 INFO L272 TraceCheckUtils]: 109: Hoare triple {14878#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {14877#true} is VALID [2022-02-20 17:58:09,562 INFO L290 TraceCheckUtils]: 110: Hoare triple {14877#true} ~handle := #in~handle;havoc ~retValue_acc~6; {14877#true} is VALID [2022-02-20 17:58:09,562 INFO L290 TraceCheckUtils]: 111: Hoare triple {14877#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {14877#true} is VALID [2022-02-20 17:58:09,562 INFO L290 TraceCheckUtils]: 112: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,562 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {14877#true} {14878#false} #1153#return; {14878#false} is VALID [2022-02-20 17:58:09,562 INFO L290 TraceCheckUtils]: 114: Hoare triple {14878#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {14878#false} is VALID [2022-02-20 17:58:09,562 INFO L272 TraceCheckUtils]: 115: Hoare triple {14878#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {14877#true} is VALID [2022-02-20 17:58:09,562 INFO L290 TraceCheckUtils]: 116: Hoare triple {14877#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {14877#true} is VALID [2022-02-20 17:58:09,562 INFO L290 TraceCheckUtils]: 117: Hoare triple {14877#true} assume 1 == ~handle; {14877#true} is VALID [2022-02-20 17:58:09,563 INFO L290 TraceCheckUtils]: 118: Hoare triple {14877#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {14877#true} is VALID [2022-02-20 17:58:09,563 INFO L290 TraceCheckUtils]: 119: Hoare triple {14877#true} assume true; {14877#true} is VALID [2022-02-20 17:58:09,564 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {14877#true} {14878#false} #1155#return; {14878#false} is VALID [2022-02-20 17:58:09,564 INFO L290 TraceCheckUtils]: 121: Hoare triple {14878#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {14878#false} is VALID [2022-02-20 17:58:09,564 INFO L290 TraceCheckUtils]: 122: Hoare triple {14878#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {14878#false} is VALID [2022-02-20 17:58:09,564 INFO L272 TraceCheckUtils]: 123: Hoare triple {14878#false} call __automaton_fail(); {14878#false} is VALID [2022-02-20 17:58:09,564 INFO L290 TraceCheckUtils]: 124: Hoare triple {14878#false} assume !false; {14878#false} is VALID [2022-02-20 17:58:09,564 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:58:09,564 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:09,565 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1337639986] [2022-02-20 17:58:09,565 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1337639986] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:09,565 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:09,565 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:58:09,565 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1172587556] [2022-02-20 17:58:09,565 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:09,566 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 125 [2022-02-20 17:58:09,566 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:09,566 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:09,627 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 114 edges. 114 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:09,628 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:58:09,628 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:09,629 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:58:09,629 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:09,629 INFO L87 Difference]: Start difference. First operand 449 states and 700 transitions. Second operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:15,376 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:15,376 INFO L93 Difference]: Finished difference Result 997 states and 1577 transitions. [2022-02-20 17:58:15,376 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:58:15,376 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 125 [2022-02-20 17:58:15,387 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:15,388 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:15,413 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1325 transitions. [2022-02-20 17:58:15,413 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:15,438 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1325 transitions. [2022-02-20 17:58:15,438 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1325 transitions. [2022-02-20 17:58:16,701 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1325 edges. 1325 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:16,723 INFO L225 Difference]: With dead ends: 997 [2022-02-20 17:58:16,723 INFO L226 Difference]: Without dead ends: 571 [2022-02-20 17:58:16,724 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:58:16,726 INFO L933 BasicCegarLoop]: 630 mSDtfsCounter, 1383 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2053 mSolverCounterSat, 505 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1403 SdHoareTripleChecker+Valid, 1616 SdHoareTripleChecker+Invalid, 2558 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 505 IncrementalHoareTripleChecker+Valid, 2053 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.5s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:16,726 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1403 Valid, 1616 Invalid, 2558 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [505 Valid, 2053 Invalid, 0 Unknown, 0 Unchecked, 2.5s Time] [2022-02-20 17:58:16,727 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 571 states. [2022-02-20 17:58:16,822 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 571 to 449. [2022-02-20 17:58:16,823 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:16,824 INFO L82 GeneralOperation]: Start isEquivalent. First operand 571 states. Second operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) [2022-02-20 17:58:16,825 INFO L74 IsIncluded]: Start isIncluded. First operand 571 states. Second operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) [2022-02-20 17:58:16,826 INFO L87 Difference]: Start difference. First operand 571 states. Second operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) [2022-02-20 17:58:16,843 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:16,843 INFO L93 Difference]: Finished difference Result 571 states and 908 transitions. [2022-02-20 17:58:16,843 INFO L276 IsEmpty]: Start isEmpty. Operand 571 states and 908 transitions. [2022-02-20 17:58:16,846 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:16,846 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:16,847 INFO L74 IsIncluded]: Start isIncluded. First operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) Second operand 571 states. [2022-02-20 17:58:16,847 INFO L87 Difference]: Start difference. First operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) Second operand 571 states. [2022-02-20 17:58:16,864 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:16,864 INFO L93 Difference]: Finished difference Result 571 states and 908 transitions. [2022-02-20 17:58:16,865 INFO L276 IsEmpty]: Start isEmpty. Operand 571 states and 908 transitions. [2022-02-20 17:58:16,867 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:16,867 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:16,867 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:16,867 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:16,868 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 449 states, 351 states have (on average 1.5726495726495726) internal successors, (552), 356 states have internal predecessors, (552), 72 states have call successors, (72), 24 states have call predecessors, (72), 25 states have return successors, (75), 68 states have call predecessors, (75), 69 states have call successors, (75) [2022-02-20 17:58:16,880 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 449 states to 449 states and 699 transitions. [2022-02-20 17:58:16,880 INFO L78 Accepts]: Start accepts. Automaton has 449 states and 699 transitions. Word has length 125 [2022-02-20 17:58:16,880 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:16,880 INFO L470 AbstractCegarLoop]: Abstraction has 449 states and 699 transitions. [2022-02-20 17:58:16,881 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:16,881 INFO L276 IsEmpty]: Start isEmpty. Operand 449 states and 699 transitions. [2022-02-20 17:58:16,882 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 127 [2022-02-20 17:58:16,882 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:16,882 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:16,883 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:58:16,883 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:16,883 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:16,883 INFO L85 PathProgramCache]: Analyzing trace with hash 278557672, now seen corresponding path program 2 times [2022-02-20 17:58:16,883 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:16,883 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [803604714] [2022-02-20 17:58:16,884 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:16,884 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:16,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,934 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:16,935 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,937 INFO L290 TraceCheckUtils]: 0: Hoare triple {18190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:16,937 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:16,937 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,938 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18127#true} #1181#return; {18127#true} is VALID [2022-02-20 17:58:16,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:16,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {18191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:16,945 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:16,945 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,945 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18127#true} #1183#return; {18127#true} is VALID [2022-02-20 17:58:16,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:16,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {18190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:16,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume !(1 == ~handle); {18127#true} is VALID [2022-02-20 17:58:16,948 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:16,948 INFO L290 TraceCheckUtils]: 3: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,949 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18127#true} {18127#true} #1185#return; {18127#true} is VALID [2022-02-20 17:58:16,949 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:16,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,954 INFO L290 TraceCheckUtils]: 0: Hoare triple {18191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:16,954 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume !(1 == ~handle); {18127#true} is VALID [2022-02-20 17:58:16,954 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:16,955 INFO L290 TraceCheckUtils]: 3: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,955 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18127#true} {18127#true} #1187#return; {18127#true} is VALID [2022-02-20 17:58:16,955 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:16,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {18190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18192#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:16,968 INFO L290 TraceCheckUtils]: 1: Hoare triple {18192#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18192#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:16,968 INFO L290 TraceCheckUtils]: 2: Hoare triple {18192#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18193#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:16,969 INFO L290 TraceCheckUtils]: 3: Hoare triple {18193#(= 2 |setClientId_#in~handle|)} assume true; {18193#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:16,969 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18193#(= 2 |setClientId_#in~handle|)} {18147#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1189#return; {18128#false} is VALID [2022-02-20 17:58:16,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:58:16,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {18191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:16,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:16,972 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,972 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18128#false} #1191#return; {18128#false} is VALID [2022-02-20 17:58:16,978 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:16,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,982 INFO L290 TraceCheckUtils]: 0: Hoare triple {18194#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:16,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:16,982 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,982 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18128#false} #1133#return; {18128#false} is VALID [2022-02-20 17:58:16,988 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:58:16,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {18195#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:16,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:16,991 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,992 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18128#false} #1135#return; {18128#false} is VALID [2022-02-20 17:58:16,992 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:58:16,992 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {18127#true} ~handle := #in~handle;havoc ~retValue_acc~29; {18127#true} is VALID [2022-02-20 17:58:16,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {18127#true} is VALID [2022-02-20 17:58:16,994 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,994 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18128#false} #1115#return; {18128#false} is VALID [2022-02-20 17:58:16,994 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:58:16,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,996 INFO L290 TraceCheckUtils]: 0: Hoare triple {18194#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:16,996 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:16,997 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,997 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18128#false} #1147#return; {18128#false} is VALID [2022-02-20 17:58:16,997 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:58:16,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:16,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {18127#true} ~handle := #in~handle;havoc ~retValue_acc~12; {18127#true} is VALID [2022-02-20 17:58:16,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {18127#true} is VALID [2022-02-20 17:58:16,999 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:16,999 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18128#false} #1149#return; {18128#false} is VALID [2022-02-20 17:58:16,999 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:58:17,000 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:17,002 INFO L290 TraceCheckUtils]: 0: Hoare triple {18127#true} ~handle := #in~handle;havoc ~retValue_acc~7; {18127#true} is VALID [2022-02-20 17:58:17,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {18127#true} is VALID [2022-02-20 17:58:17,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,002 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18128#false} #1151#return; {18128#false} is VALID [2022-02-20 17:58:17,002 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 17:58:17,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:17,004 INFO L290 TraceCheckUtils]: 0: Hoare triple {18127#true} ~handle := #in~handle;havoc ~retValue_acc~6; {18127#true} is VALID [2022-02-20 17:58:17,004 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {18127#true} is VALID [2022-02-20 17:58:17,005 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,005 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18127#true} {18128#false} #1153#return; {18128#false} is VALID [2022-02-20 17:58:17,005 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 17:58:17,005 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:17,007 INFO L290 TraceCheckUtils]: 0: Hoare triple {18127#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {18127#true} is VALID [2022-02-20 17:58:17,007 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume 1 == ~handle; {18127#true} is VALID [2022-02-20 17:58:17,007 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {18127#true} is VALID [2022-02-20 17:58:17,007 INFO L290 TraceCheckUtils]: 3: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,007 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18127#true} {18128#false} #1155#return; {18128#false} is VALID [2022-02-20 17:58:17,007 INFO L290 TraceCheckUtils]: 0: Hoare triple {18127#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {18127#true} is VALID [2022-02-20 17:58:17,008 INFO L290 TraceCheckUtils]: 1: Hoare triple {18127#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {18127#true} is VALID [2022-02-20 17:58:17,008 INFO L290 TraceCheckUtils]: 2: Hoare triple {18127#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18127#true} is VALID [2022-02-20 17:58:17,008 INFO L290 TraceCheckUtils]: 3: Hoare triple {18127#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {18127#true} is VALID [2022-02-20 17:58:17,008 INFO L290 TraceCheckUtils]: 4: Hoare triple {18127#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {18127#true} is VALID [2022-02-20 17:58:17,008 INFO L290 TraceCheckUtils]: 5: Hoare triple {18127#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18127#true} is VALID [2022-02-20 17:58:17,009 INFO L272 TraceCheckUtils]: 6: Hoare triple {18127#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:17,009 INFO L290 TraceCheckUtils]: 7: Hoare triple {18190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:17,009 INFO L290 TraceCheckUtils]: 8: Hoare triple {18127#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:17,009 INFO L290 TraceCheckUtils]: 9: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,009 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18127#true} {18127#true} #1181#return; {18127#true} is VALID [2022-02-20 17:58:17,009 INFO L290 TraceCheckUtils]: 11: Hoare triple {18127#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18127#true} is VALID [2022-02-20 17:58:17,010 INFO L272 TraceCheckUtils]: 12: Hoare triple {18127#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:17,010 INFO L290 TraceCheckUtils]: 13: Hoare triple {18191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:17,010 INFO L290 TraceCheckUtils]: 14: Hoare triple {18127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:17,010 INFO L290 TraceCheckUtils]: 15: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,010 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18127#true} {18127#true} #1183#return; {18127#true} is VALID [2022-02-20 17:58:17,010 INFO L290 TraceCheckUtils]: 17: Hoare triple {18127#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18127#true} is VALID [2022-02-20 17:58:17,011 INFO L272 TraceCheckUtils]: 18: Hoare triple {18127#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:17,011 INFO L290 TraceCheckUtils]: 19: Hoare triple {18190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:17,011 INFO L290 TraceCheckUtils]: 20: Hoare triple {18127#true} assume !(1 == ~handle); {18127#true} is VALID [2022-02-20 17:58:17,011 INFO L290 TraceCheckUtils]: 21: Hoare triple {18127#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:17,011 INFO L290 TraceCheckUtils]: 22: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,012 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18127#true} {18127#true} #1185#return; {18127#true} is VALID [2022-02-20 17:58:17,012 INFO L290 TraceCheckUtils]: 24: Hoare triple {18127#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18127#true} is VALID [2022-02-20 17:58:17,012 INFO L272 TraceCheckUtils]: 25: Hoare triple {18127#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:17,012 INFO L290 TraceCheckUtils]: 26: Hoare triple {18191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:17,012 INFO L290 TraceCheckUtils]: 27: Hoare triple {18127#true} assume !(1 == ~handle); {18127#true} is VALID [2022-02-20 17:58:17,013 INFO L290 TraceCheckUtils]: 28: Hoare triple {18127#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:17,013 INFO L290 TraceCheckUtils]: 29: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,013 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18127#true} {18127#true} #1187#return; {18127#true} is VALID [2022-02-20 17:58:17,013 INFO L290 TraceCheckUtils]: 31: Hoare triple {18127#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18147#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:17,014 INFO L272 TraceCheckUtils]: 32: Hoare triple {18147#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:17,014 INFO L290 TraceCheckUtils]: 33: Hoare triple {18190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18192#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:17,014 INFO L290 TraceCheckUtils]: 34: Hoare triple {18192#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18192#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:17,015 INFO L290 TraceCheckUtils]: 35: Hoare triple {18192#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18193#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:17,015 INFO L290 TraceCheckUtils]: 36: Hoare triple {18193#(= 2 |setClientId_#in~handle|)} assume true; {18193#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:17,015 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {18193#(= 2 |setClientId_#in~handle|)} {18147#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1189#return; {18128#false} is VALID [2022-02-20 17:58:17,016 INFO L290 TraceCheckUtils]: 38: Hoare triple {18128#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {18128#false} is VALID [2022-02-20 17:58:17,016 INFO L272 TraceCheckUtils]: 39: Hoare triple {18128#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:17,016 INFO L290 TraceCheckUtils]: 40: Hoare triple {18191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:17,016 INFO L290 TraceCheckUtils]: 41: Hoare triple {18127#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:17,016 INFO L290 TraceCheckUtils]: 42: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,016 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {18127#true} {18128#false} #1191#return; {18128#false} is VALID [2022-02-20 17:58:17,016 INFO L290 TraceCheckUtils]: 44: Hoare triple {18128#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {18128#false} is VALID [2022-02-20 17:58:17,016 INFO L290 TraceCheckUtils]: 45: Hoare triple {18128#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18128#false} is VALID [2022-02-20 17:58:17,016 INFO L290 TraceCheckUtils]: 46: Hoare triple {18128#false} assume !false; {18128#false} is VALID [2022-02-20 17:58:17,017 INFO L290 TraceCheckUtils]: 47: Hoare triple {18128#false} assume test_~splverifierCounter~0#1 < 4; {18128#false} is VALID [2022-02-20 17:58:17,017 INFO L290 TraceCheckUtils]: 48: Hoare triple {18128#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18128#false} is VALID [2022-02-20 17:58:17,017 INFO L290 TraceCheckUtils]: 49: Hoare triple {18128#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {18128#false} is VALID [2022-02-20 17:58:17,017 INFO L290 TraceCheckUtils]: 50: Hoare triple {18128#false} assume !(0 != test_~tmp___9~0#1); {18128#false} is VALID [2022-02-20 17:58:17,017 INFO L290 TraceCheckUtils]: 51: Hoare triple {18128#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {18128#false} is VALID [2022-02-20 17:58:17,017 INFO L290 TraceCheckUtils]: 52: Hoare triple {18128#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {18128#false} is VALID [2022-02-20 17:58:17,017 INFO L290 TraceCheckUtils]: 53: Hoare triple {18128#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {18128#false} is VALID [2022-02-20 17:58:17,017 INFO L290 TraceCheckUtils]: 54: Hoare triple {18128#false} assume { :end_inline_setClientAutoResponse } true; {18128#false} is VALID [2022-02-20 17:58:17,018 INFO L290 TraceCheckUtils]: 55: Hoare triple {18128#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {18128#false} is VALID [2022-02-20 17:58:17,018 INFO L290 TraceCheckUtils]: 56: Hoare triple {18128#false} assume !false; {18128#false} is VALID [2022-02-20 17:58:17,018 INFO L290 TraceCheckUtils]: 57: Hoare triple {18128#false} assume !(test_~splverifierCounter~0#1 < 4); {18128#false} is VALID [2022-02-20 17:58:17,018 INFO L290 TraceCheckUtils]: 58: Hoare triple {18128#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {18128#false} is VALID [2022-02-20 17:58:17,018 INFO L272 TraceCheckUtils]: 59: Hoare triple {18128#false} call sendEmail(~bob~0, ~rjh~0); {18128#false} is VALID [2022-02-20 17:58:17,018 INFO L290 TraceCheckUtils]: 60: Hoare triple {18128#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18128#false} is VALID [2022-02-20 17:58:17,018 INFO L272 TraceCheckUtils]: 61: Hoare triple {18128#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18194#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:17,018 INFO L290 TraceCheckUtils]: 62: Hoare triple {18194#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:17,018 INFO L290 TraceCheckUtils]: 63: Hoare triple {18127#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:17,019 INFO L290 TraceCheckUtils]: 64: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,019 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {18127#true} {18128#false} #1133#return; {18128#false} is VALID [2022-02-20 17:58:17,019 INFO L272 TraceCheckUtils]: 66: Hoare triple {18128#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18195#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:17,019 INFO L290 TraceCheckUtils]: 67: Hoare triple {18195#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:17,019 INFO L290 TraceCheckUtils]: 68: Hoare triple {18127#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:17,019 INFO L290 TraceCheckUtils]: 69: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,019 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {18127#true} {18128#false} #1135#return; {18128#false} is VALID [2022-02-20 17:58:17,019 INFO L290 TraceCheckUtils]: 71: Hoare triple {18128#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {18128#false} is VALID [2022-02-20 17:58:17,019 INFO L290 TraceCheckUtils]: 72: Hoare triple {18128#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {18128#false} is VALID [2022-02-20 17:58:17,020 INFO L272 TraceCheckUtils]: 73: Hoare triple {18128#false} call outgoing(~sender#1, ~email~0#1); {18128#false} is VALID [2022-02-20 17:58:17,020 INFO L290 TraceCheckUtils]: 74: Hoare triple {18128#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {18128#false} is VALID [2022-02-20 17:58:17,020 INFO L290 TraceCheckUtils]: 75: Hoare triple {18128#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {18128#false} is VALID [2022-02-20 17:58:17,020 INFO L290 TraceCheckUtils]: 76: Hoare triple {18128#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {18128#false} is VALID [2022-02-20 17:58:17,020 INFO L290 TraceCheckUtils]: 77: Hoare triple {18128#false} assume 0 == sign_~privkey~0#1; {18128#false} is VALID [2022-02-20 17:58:17,020 INFO L290 TraceCheckUtils]: 78: Hoare triple {18128#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {18128#false} is VALID [2022-02-20 17:58:17,020 INFO L272 TraceCheckUtils]: 79: Hoare triple {18128#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {18127#true} is VALID [2022-02-20 17:58:17,020 INFO L290 TraceCheckUtils]: 80: Hoare triple {18127#true} ~handle := #in~handle;havoc ~retValue_acc~29; {18127#true} is VALID [2022-02-20 17:58:17,021 INFO L290 TraceCheckUtils]: 81: Hoare triple {18127#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {18127#true} is VALID [2022-02-20 17:58:17,021 INFO L290 TraceCheckUtils]: 82: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,021 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {18127#true} {18128#false} #1115#return; {18128#false} is VALID [2022-02-20 17:58:17,021 INFO L290 TraceCheckUtils]: 84: Hoare triple {18128#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {18128#false} is VALID [2022-02-20 17:58:17,021 INFO L290 TraceCheckUtils]: 85: Hoare triple {18128#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {18128#false} is VALID [2022-02-20 17:58:17,021 INFO L272 TraceCheckUtils]: 86: Hoare triple {18128#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {18128#false} is VALID [2022-02-20 17:58:17,021 INFO L290 TraceCheckUtils]: 87: Hoare triple {18128#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {18128#false} is VALID [2022-02-20 17:58:17,021 INFO L290 TraceCheckUtils]: 88: Hoare triple {18128#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {18128#false} is VALID [2022-02-20 17:58:17,021 INFO L290 TraceCheckUtils]: 89: Hoare triple {18128#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {18128#false} is VALID [2022-02-20 17:58:17,022 INFO L272 TraceCheckUtils]: 90: Hoare triple {18128#false} call setEmailFrom(~msg#1, ~tmp~12#1); {18194#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:17,022 INFO L290 TraceCheckUtils]: 91: Hoare triple {18194#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18127#true} is VALID [2022-02-20 17:58:17,022 INFO L290 TraceCheckUtils]: 92: Hoare triple {18127#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18127#true} is VALID [2022-02-20 17:58:17,022 INFO L290 TraceCheckUtils]: 93: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,022 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {18127#true} {18128#false} #1147#return; {18128#false} is VALID [2022-02-20 17:58:17,022 INFO L290 TraceCheckUtils]: 95: Hoare triple {18128#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {18128#false} is VALID [2022-02-20 17:58:17,022 INFO L272 TraceCheckUtils]: 96: Hoare triple {18128#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {18127#true} is VALID [2022-02-20 17:58:17,022 INFO L290 TraceCheckUtils]: 97: Hoare triple {18127#true} ~handle := #in~handle;havoc ~retValue_acc~12; {18127#true} is VALID [2022-02-20 17:58:17,022 INFO L290 TraceCheckUtils]: 98: Hoare triple {18127#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {18127#true} is VALID [2022-02-20 17:58:17,023 INFO L290 TraceCheckUtils]: 99: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,023 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {18127#true} {18128#false} #1149#return; {18128#false} is VALID [2022-02-20 17:58:17,023 INFO L290 TraceCheckUtils]: 101: Hoare triple {18128#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {18128#false} is VALID [2022-02-20 17:58:17,023 INFO L290 TraceCheckUtils]: 102: Hoare triple {18128#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {18128#false} is VALID [2022-02-20 17:58:17,023 INFO L272 TraceCheckUtils]: 103: Hoare triple {18128#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {18127#true} is VALID [2022-02-20 17:58:17,023 INFO L290 TraceCheckUtils]: 104: Hoare triple {18127#true} ~handle := #in~handle;havoc ~retValue_acc~7; {18127#true} is VALID [2022-02-20 17:58:17,023 INFO L290 TraceCheckUtils]: 105: Hoare triple {18127#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {18127#true} is VALID [2022-02-20 17:58:17,023 INFO L290 TraceCheckUtils]: 106: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,023 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {18127#true} {18128#false} #1151#return; {18128#false} is VALID [2022-02-20 17:58:17,024 INFO L290 TraceCheckUtils]: 108: Hoare triple {18128#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {18128#false} is VALID [2022-02-20 17:58:17,024 INFO L290 TraceCheckUtils]: 109: Hoare triple {18128#false} assume 1 == ~sent_signed~0; {18128#false} is VALID [2022-02-20 17:58:17,024 INFO L272 TraceCheckUtils]: 110: Hoare triple {18128#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {18127#true} is VALID [2022-02-20 17:58:17,024 INFO L290 TraceCheckUtils]: 111: Hoare triple {18127#true} ~handle := #in~handle;havoc ~retValue_acc~6; {18127#true} is VALID [2022-02-20 17:58:17,024 INFO L290 TraceCheckUtils]: 112: Hoare triple {18127#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {18127#true} is VALID [2022-02-20 17:58:17,024 INFO L290 TraceCheckUtils]: 113: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,024 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {18127#true} {18128#false} #1153#return; {18128#false} is VALID [2022-02-20 17:58:17,024 INFO L290 TraceCheckUtils]: 115: Hoare triple {18128#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {18128#false} is VALID [2022-02-20 17:58:17,025 INFO L272 TraceCheckUtils]: 116: Hoare triple {18128#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {18127#true} is VALID [2022-02-20 17:58:17,025 INFO L290 TraceCheckUtils]: 117: Hoare triple {18127#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {18127#true} is VALID [2022-02-20 17:58:17,025 INFO L290 TraceCheckUtils]: 118: Hoare triple {18127#true} assume 1 == ~handle; {18127#true} is VALID [2022-02-20 17:58:17,025 INFO L290 TraceCheckUtils]: 119: Hoare triple {18127#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {18127#true} is VALID [2022-02-20 17:58:17,025 INFO L290 TraceCheckUtils]: 120: Hoare triple {18127#true} assume true; {18127#true} is VALID [2022-02-20 17:58:17,025 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {18127#true} {18128#false} #1155#return; {18128#false} is VALID [2022-02-20 17:58:17,025 INFO L290 TraceCheckUtils]: 122: Hoare triple {18128#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {18128#false} is VALID [2022-02-20 17:58:17,025 INFO L290 TraceCheckUtils]: 123: Hoare triple {18128#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {18128#false} is VALID [2022-02-20 17:58:17,025 INFO L272 TraceCheckUtils]: 124: Hoare triple {18128#false} call __automaton_fail(); {18128#false} is VALID [2022-02-20 17:58:17,026 INFO L290 TraceCheckUtils]: 125: Hoare triple {18128#false} assume !false; {18128#false} is VALID [2022-02-20 17:58:17,026 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:58:17,026 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:17,026 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [803604714] [2022-02-20 17:58:17,026 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [803604714] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:17,026 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:17,026 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:58:17,027 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [9182578] [2022-02-20 17:58:17,027 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:17,028 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 126 [2022-02-20 17:58:17,028 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:17,028 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:17,107 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 115 edges. 115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:17,107 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:58:17,107 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:17,108 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:58:17,108 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:17,108 INFO L87 Difference]: Start difference. First operand 449 states and 699 transitions. Second operand has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:23,004 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:23,004 INFO L93 Difference]: Finished difference Result 999 states and 1580 transitions. [2022-02-20 17:58:23,004 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:58:23,004 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) Word has length 126 [2022-02-20 17:58:23,005 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:23,005 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:23,017 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1326 transitions. [2022-02-20 17:58:23,017 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:23,027 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1326 transitions. [2022-02-20 17:58:23,027 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1326 transitions. [2022-02-20 17:58:23,961 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1326 edges. 1326 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:23,981 INFO L225 Difference]: With dead ends: 999 [2022-02-20 17:58:23,982 INFO L226 Difference]: Without dead ends: 573 [2022-02-20 17:58:23,984 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 46 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:58:23,986 INFO L933 BasicCegarLoop]: 633 mSDtfsCounter, 1375 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2074 mSolverCounterSat, 498 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1395 SdHoareTripleChecker+Valid, 1619 SdHoareTripleChecker+Invalid, 2572 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 498 IncrementalHoareTripleChecker+Valid, 2074 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:23,986 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1395 Valid, 1619 Invalid, 2572 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [498 Valid, 2074 Invalid, 0 Unknown, 0 Unchecked, 2.6s Time] [2022-02-20 17:58:23,987 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 573 states. [2022-02-20 17:58:24,063 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 573 to 451. [2022-02-20 17:58:24,063 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:24,064 INFO L82 GeneralOperation]: Start isEquivalent. First operand 573 states. Second operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) [2022-02-20 17:58:24,066 INFO L74 IsIncluded]: Start isIncluded. First operand 573 states. Second operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) [2022-02-20 17:58:24,079 INFO L87 Difference]: Start difference. First operand 573 states. Second operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) [2022-02-20 17:58:24,097 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:24,097 INFO L93 Difference]: Finished difference Result 573 states and 911 transitions. [2022-02-20 17:58:24,098 INFO L276 IsEmpty]: Start isEmpty. Operand 573 states and 911 transitions. [2022-02-20 17:58:24,100 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:24,100 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:24,103 INFO L74 IsIncluded]: Start isIncluded. First operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) Second operand 573 states. [2022-02-20 17:58:24,104 INFO L87 Difference]: Start difference. First operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) Second operand 573 states. [2022-02-20 17:58:24,120 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:24,120 INFO L93 Difference]: Finished difference Result 573 states and 911 transitions. [2022-02-20 17:58:24,121 INFO L276 IsEmpty]: Start isEmpty. Operand 573 states and 911 transitions. [2022-02-20 17:58:24,123 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:24,123 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:24,123 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:24,123 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:24,124 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (77), 68 states have call predecessors, (77), 69 states have call successors, (77) [2022-02-20 17:58:24,136 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 451 states to 451 states and 702 transitions. [2022-02-20 17:58:24,137 INFO L78 Accepts]: Start accepts. Automaton has 451 states and 702 transitions. Word has length 126 [2022-02-20 17:58:24,137 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:24,137 INFO L470 AbstractCegarLoop]: Abstraction has 451 states and 702 transitions. [2022-02-20 17:58:24,137 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (18), 6 states have call predecessors, (18), 2 states have return successors, (14), 2 states have call predecessors, (14), 3 states have call successors, (14) [2022-02-20 17:58:24,137 INFO L276 IsEmpty]: Start isEmpty. Operand 451 states and 702 transitions. [2022-02-20 17:58:24,140 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 128 [2022-02-20 17:58:24,140 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:24,140 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:24,140 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:58:24,140 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:24,140 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:24,141 INFO L85 PathProgramCache]: Analyzing trace with hash 638647129, now seen corresponding path program 1 times [2022-02-20 17:58:24,141 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:24,141 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1882628785] [2022-02-20 17:58:24,141 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:24,141 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:24,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,193 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:24,195 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,196 INFO L290 TraceCheckUtils]: 0: Hoare triple {21451#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,197 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,197 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,197 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21386#true} {21386#true} #1181#return; {21386#true} is VALID [2022-02-20 17:58:24,201 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:24,202 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,204 INFO L290 TraceCheckUtils]: 0: Hoare triple {21452#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,204 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,204 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,204 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21386#true} {21386#true} #1183#return; {21386#true} is VALID [2022-02-20 17:58:24,204 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:24,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,206 INFO L290 TraceCheckUtils]: 0: Hoare triple {21451#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,207 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume !(1 == ~handle); {21386#true} is VALID [2022-02-20 17:58:24,207 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,207 INFO L290 TraceCheckUtils]: 3: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,207 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21386#true} {21386#true} #1185#return; {21386#true} is VALID [2022-02-20 17:58:24,207 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:24,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,209 INFO L290 TraceCheckUtils]: 0: Hoare triple {21452#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,210 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume !(1 == ~handle); {21386#true} is VALID [2022-02-20 17:58:24,210 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,210 INFO L290 TraceCheckUtils]: 3: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,210 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21386#true} {21386#true} #1187#return; {21386#true} is VALID [2022-02-20 17:58:24,210 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:24,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,223 INFO L290 TraceCheckUtils]: 0: Hoare triple {21451#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21453#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {21453#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21453#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {21453#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21453#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,237 INFO L290 TraceCheckUtils]: 3: Hoare triple {21453#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21454#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,237 INFO L290 TraceCheckUtils]: 4: Hoare triple {21454#(= 3 |setClientId_#in~handle|)} assume true; {21454#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,237 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21454#(= 3 |setClientId_#in~handle|)} {21406#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1189#return; {21413#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:58:24,237 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:58:24,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,254 INFO L290 TraceCheckUtils]: 0: Hoare triple {21452#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21455#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:24,254 INFO L290 TraceCheckUtils]: 1: Hoare triple {21455#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21456#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:24,254 INFO L290 TraceCheckUtils]: 2: Hoare triple {21456#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21456#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:24,255 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21456#(= |setClientPrivateKey_#in~handle| 1)} {21413#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1191#return; {21387#false} is VALID [2022-02-20 17:58:24,260 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:24,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,262 INFO L290 TraceCheckUtils]: 0: Hoare triple {21457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,262 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,262 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,262 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21386#true} {21387#false} #1133#return; {21387#false} is VALID [2022-02-20 17:58:24,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:58:24,268 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,270 INFO L290 TraceCheckUtils]: 0: Hoare triple {21458#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,270 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,270 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,270 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21386#true} {21387#false} #1135#return; {21387#false} is VALID [2022-02-20 17:58:24,270 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:58:24,271 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,272 INFO L290 TraceCheckUtils]: 0: Hoare triple {21386#true} ~handle := #in~handle;havoc ~retValue_acc~29; {21386#true} is VALID [2022-02-20 17:58:24,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {21386#true} is VALID [2022-02-20 17:58:24,272 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,272 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21386#true} {21387#false} #1115#return; {21387#false} is VALID [2022-02-20 17:58:24,272 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:58:24,273 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {21457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,274 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21386#true} {21387#false} #1147#return; {21387#false} is VALID [2022-02-20 17:58:24,274 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:58:24,275 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,276 INFO L290 TraceCheckUtils]: 0: Hoare triple {21386#true} ~handle := #in~handle;havoc ~retValue_acc~12; {21386#true} is VALID [2022-02-20 17:58:24,276 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {21386#true} is VALID [2022-02-20 17:58:24,276 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,276 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21386#true} {21387#false} #1149#return; {21387#false} is VALID [2022-02-20 17:58:24,276 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:58:24,276 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {21386#true} ~handle := #in~handle;havoc ~retValue_acc~7; {21386#true} is VALID [2022-02-20 17:58:24,280 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {21386#true} is VALID [2022-02-20 17:58:24,280 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,280 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21386#true} {21387#false} #1151#return; {21387#false} is VALID [2022-02-20 17:58:24,280 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:58:24,281 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,282 INFO L290 TraceCheckUtils]: 0: Hoare triple {21386#true} ~handle := #in~handle;havoc ~retValue_acc~6; {21386#true} is VALID [2022-02-20 17:58:24,282 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {21386#true} is VALID [2022-02-20 17:58:24,282 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,283 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21386#true} {21387#false} #1153#return; {21387#false} is VALID [2022-02-20 17:58:24,283 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 17:58:24,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {21386#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {21386#true} is VALID [2022-02-20 17:58:24,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume 1 == ~handle; {21386#true} is VALID [2022-02-20 17:58:24,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {21386#true} is VALID [2022-02-20 17:58:24,285 INFO L290 TraceCheckUtils]: 3: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,285 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21386#true} {21387#false} #1155#return; {21387#false} is VALID [2022-02-20 17:58:24,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {21386#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {21386#true} is VALID [2022-02-20 17:58:24,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {21386#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {21386#true} is VALID [2022-02-20 17:58:24,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {21386#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21386#true} is VALID [2022-02-20 17:58:24,285 INFO L290 TraceCheckUtils]: 3: Hoare triple {21386#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {21386#true} is VALID [2022-02-20 17:58:24,285 INFO L290 TraceCheckUtils]: 4: Hoare triple {21386#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {21386#true} is VALID [2022-02-20 17:58:24,286 INFO L290 TraceCheckUtils]: 5: Hoare triple {21386#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21386#true} is VALID [2022-02-20 17:58:24,286 INFO L272 TraceCheckUtils]: 6: Hoare triple {21386#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21451#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:24,286 INFO L290 TraceCheckUtils]: 7: Hoare triple {21451#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,286 INFO L290 TraceCheckUtils]: 8: Hoare triple {21386#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,286 INFO L290 TraceCheckUtils]: 9: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,287 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21386#true} {21386#true} #1181#return; {21386#true} is VALID [2022-02-20 17:58:24,287 INFO L290 TraceCheckUtils]: 11: Hoare triple {21386#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21386#true} is VALID [2022-02-20 17:58:24,287 INFO L272 TraceCheckUtils]: 12: Hoare triple {21386#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21452#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:24,287 INFO L290 TraceCheckUtils]: 13: Hoare triple {21452#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,287 INFO L290 TraceCheckUtils]: 14: Hoare triple {21386#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,287 INFO L290 TraceCheckUtils]: 15: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,288 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21386#true} {21386#true} #1183#return; {21386#true} is VALID [2022-02-20 17:58:24,288 INFO L290 TraceCheckUtils]: 17: Hoare triple {21386#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21386#true} is VALID [2022-02-20 17:58:24,288 INFO L272 TraceCheckUtils]: 18: Hoare triple {21386#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21451#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:24,288 INFO L290 TraceCheckUtils]: 19: Hoare triple {21451#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,288 INFO L290 TraceCheckUtils]: 20: Hoare triple {21386#true} assume !(1 == ~handle); {21386#true} is VALID [2022-02-20 17:58:24,288 INFO L290 TraceCheckUtils]: 21: Hoare triple {21386#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,289 INFO L290 TraceCheckUtils]: 22: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,289 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21386#true} {21386#true} #1185#return; {21386#true} is VALID [2022-02-20 17:58:24,291 INFO L290 TraceCheckUtils]: 24: Hoare triple {21386#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21386#true} is VALID [2022-02-20 17:58:24,292 INFO L272 TraceCheckUtils]: 25: Hoare triple {21386#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21452#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:24,292 INFO L290 TraceCheckUtils]: 26: Hoare triple {21452#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,292 INFO L290 TraceCheckUtils]: 27: Hoare triple {21386#true} assume !(1 == ~handle); {21386#true} is VALID [2022-02-20 17:58:24,292 INFO L290 TraceCheckUtils]: 28: Hoare triple {21386#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,292 INFO L290 TraceCheckUtils]: 29: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,292 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21386#true} {21386#true} #1187#return; {21386#true} is VALID [2022-02-20 17:58:24,293 INFO L290 TraceCheckUtils]: 31: Hoare triple {21386#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21406#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:24,293 INFO L272 TraceCheckUtils]: 32: Hoare triple {21406#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21451#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:24,294 INFO L290 TraceCheckUtils]: 33: Hoare triple {21451#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21453#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,294 INFO L290 TraceCheckUtils]: 34: Hoare triple {21453#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21453#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,294 INFO L290 TraceCheckUtils]: 35: Hoare triple {21453#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21453#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,294 INFO L290 TraceCheckUtils]: 36: Hoare triple {21453#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21454#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,295 INFO L290 TraceCheckUtils]: 37: Hoare triple {21454#(= 3 |setClientId_#in~handle|)} assume true; {21454#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,295 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {21454#(= 3 |setClientId_#in~handle|)} {21406#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1189#return; {21413#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:58:24,296 INFO L290 TraceCheckUtils]: 39: Hoare triple {21413#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21413#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:58:24,296 INFO L272 TraceCheckUtils]: 40: Hoare triple {21413#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21452#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:24,296 INFO L290 TraceCheckUtils]: 41: Hoare triple {21452#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21455#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:24,297 INFO L290 TraceCheckUtils]: 42: Hoare triple {21455#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21456#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:24,297 INFO L290 TraceCheckUtils]: 43: Hoare triple {21456#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21456#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:24,298 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {21456#(= |setClientPrivateKey_#in~handle| 1)} {21413#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1191#return; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 45: Hoare triple {21387#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 46: Hoare triple {21387#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 47: Hoare triple {21387#false} assume !false; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 48: Hoare triple {21387#false} assume test_~splverifierCounter~0#1 < 4; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 49: Hoare triple {21387#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 50: Hoare triple {21387#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 51: Hoare triple {21387#false} assume !(0 != test_~tmp___9~0#1); {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 52: Hoare triple {21387#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 53: Hoare triple {21387#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 54: Hoare triple {21387#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 55: Hoare triple {21387#false} assume { :end_inline_setClientAutoResponse } true; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 56: Hoare triple {21387#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 57: Hoare triple {21387#false} assume !false; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 58: Hoare triple {21387#false} assume !(test_~splverifierCounter~0#1 < 4); {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L290 TraceCheckUtils]: 59: Hoare triple {21387#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {21387#false} is VALID [2022-02-20 17:58:24,298 INFO L272 TraceCheckUtils]: 60: Hoare triple {21387#false} call sendEmail(~bob~0, ~rjh~0); {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 61: Hoare triple {21387#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L272 TraceCheckUtils]: 62: Hoare triple {21387#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 63: Hoare triple {21457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 64: Hoare triple {21386#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 65: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,299 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {21386#true} {21387#false} #1133#return; {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L272 TraceCheckUtils]: 67: Hoare triple {21387#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21458#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 68: Hoare triple {21458#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 69: Hoare triple {21386#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 70: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,299 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {21386#true} {21387#false} #1135#return; {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 72: Hoare triple {21387#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 73: Hoare triple {21387#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L272 TraceCheckUtils]: 74: Hoare triple {21387#false} call outgoing(~sender#1, ~email~0#1); {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 75: Hoare triple {21387#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 76: Hoare triple {21387#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 77: Hoare triple {21387#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {21387#false} is VALID [2022-02-20 17:58:24,299 INFO L290 TraceCheckUtils]: 78: Hoare triple {21387#false} assume 0 == sign_~privkey~0#1; {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 79: Hoare triple {21387#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L272 TraceCheckUtils]: 80: Hoare triple {21387#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {21386#true} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 81: Hoare triple {21386#true} ~handle := #in~handle;havoc ~retValue_acc~29; {21386#true} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 82: Hoare triple {21386#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {21386#true} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 83: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,300 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {21386#true} {21387#false} #1115#return; {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 85: Hoare triple {21387#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 86: Hoare triple {21387#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L272 TraceCheckUtils]: 87: Hoare triple {21387#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 88: Hoare triple {21387#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 89: Hoare triple {21387#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 90: Hoare triple {21387#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L272 TraceCheckUtils]: 91: Hoare triple {21387#false} call setEmailFrom(~msg#1, ~tmp~12#1); {21457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 92: Hoare triple {21457#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21386#true} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 93: Hoare triple {21386#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21386#true} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 94: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,300 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {21386#true} {21387#false} #1147#return; {21387#false} is VALID [2022-02-20 17:58:24,300 INFO L290 TraceCheckUtils]: 96: Hoare triple {21387#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {21387#false} is VALID [2022-02-20 17:58:24,301 INFO L272 TraceCheckUtils]: 97: Hoare triple {21387#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 98: Hoare triple {21386#true} ~handle := #in~handle;havoc ~retValue_acc~12; {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 99: Hoare triple {21386#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 100: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {21386#true} {21387#false} #1149#return; {21387#false} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 102: Hoare triple {21387#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {21387#false} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 103: Hoare triple {21387#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {21387#false} is VALID [2022-02-20 17:58:24,301 INFO L272 TraceCheckUtils]: 104: Hoare triple {21387#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 105: Hoare triple {21386#true} ~handle := #in~handle;havoc ~retValue_acc~7; {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 106: Hoare triple {21386#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 107: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {21386#true} {21387#false} #1151#return; {21387#false} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 109: Hoare triple {21387#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {21387#false} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 110: Hoare triple {21387#false} assume 1 == ~sent_signed~0; {21387#false} is VALID [2022-02-20 17:58:24,301 INFO L272 TraceCheckUtils]: 111: Hoare triple {21387#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 112: Hoare triple {21386#true} ~handle := #in~handle;havoc ~retValue_acc~6; {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 113: Hoare triple {21386#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {21386#true} is VALID [2022-02-20 17:58:24,301 INFO L290 TraceCheckUtils]: 114: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,302 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {21386#true} {21387#false} #1153#return; {21387#false} is VALID [2022-02-20 17:58:24,302 INFO L290 TraceCheckUtils]: 116: Hoare triple {21387#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {21387#false} is VALID [2022-02-20 17:58:24,302 INFO L272 TraceCheckUtils]: 117: Hoare triple {21387#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {21386#true} is VALID [2022-02-20 17:58:24,302 INFO L290 TraceCheckUtils]: 118: Hoare triple {21386#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {21386#true} is VALID [2022-02-20 17:58:24,302 INFO L290 TraceCheckUtils]: 119: Hoare triple {21386#true} assume 1 == ~handle; {21386#true} is VALID [2022-02-20 17:58:24,302 INFO L290 TraceCheckUtils]: 120: Hoare triple {21386#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {21386#true} is VALID [2022-02-20 17:58:24,302 INFO L290 TraceCheckUtils]: 121: Hoare triple {21386#true} assume true; {21386#true} is VALID [2022-02-20 17:58:24,302 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {21386#true} {21387#false} #1155#return; {21387#false} is VALID [2022-02-20 17:58:24,302 INFO L290 TraceCheckUtils]: 123: Hoare triple {21387#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {21387#false} is VALID [2022-02-20 17:58:24,302 INFO L290 TraceCheckUtils]: 124: Hoare triple {21387#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {21387#false} is VALID [2022-02-20 17:58:24,302 INFO L272 TraceCheckUtils]: 125: Hoare triple {21387#false} call __automaton_fail(); {21387#false} is VALID [2022-02-20 17:58:24,302 INFO L290 TraceCheckUtils]: 126: Hoare triple {21387#false} assume !false; {21387#false} is VALID [2022-02-20 17:58:24,302 INFO L134 CoverageAnalysis]: Checked inductivity of 31 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 17:58:24,303 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:24,303 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1882628785] [2022-02-20 17:58:24,303 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1882628785] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:24,303 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:24,303 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:58:24,303 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2064853484] [2022-02-20 17:58:24,303 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:24,303 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 127 [2022-02-20 17:58:24,304 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:24,304 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:58:24,371 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 119 edges. 119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:24,371 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:58:24,371 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:24,372 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:58:24,372 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:24,372 INFO L87 Difference]: Start difference. First operand 451 states and 702 transitions. Second operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:58:31,964 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:31,964 INFO L93 Difference]: Finished difference Result 997 states and 1575 transitions. [2022-02-20 17:58:31,965 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:58:31,965 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 127 [2022-02-20 17:58:31,965 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:31,966 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:58:31,978 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1327 transitions. [2022-02-20 17:58:31,978 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:58:31,988 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1327 transitions. [2022-02-20 17:58:31,988 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1327 transitions. [2022-02-20 17:58:32,702 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1327 edges. 1327 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:32,731 INFO L225 Difference]: With dead ends: 997 [2022-02-20 17:58:32,731 INFO L226 Difference]: Without dead ends: 573 [2022-02-20 17:58:32,735 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 31 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:58:32,735 INFO L933 BasicCegarLoop]: 608 mSDtfsCounter, 1525 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 3664 mSolverCounterSat, 574 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1525 SdHoareTripleChecker+Valid, 1974 SdHoareTripleChecker+Invalid, 4238 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 574 IncrementalHoareTripleChecker+Valid, 3664 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.5s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:32,737 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1525 Valid, 1974 Invalid, 4238 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [574 Valid, 3664 Invalid, 0 Unknown, 0 Unchecked, 3.5s Time] [2022-02-20 17:58:32,738 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 573 states. [2022-02-20 17:58:32,843 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 573 to 451. [2022-02-20 17:58:32,844 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:32,845 INFO L82 GeneralOperation]: Start isEquivalent. First operand 573 states. Second operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:58:32,846 INFO L74 IsIncluded]: Start isIncluded. First operand 573 states. Second operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:58:32,847 INFO L87 Difference]: Start difference. First operand 573 states. Second operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:58:32,887 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:32,888 INFO L93 Difference]: Finished difference Result 573 states and 910 transitions. [2022-02-20 17:58:32,888 INFO L276 IsEmpty]: Start isEmpty. Operand 573 states and 910 transitions. [2022-02-20 17:58:32,890 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:32,890 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:32,891 INFO L74 IsIncluded]: Start isIncluded. First operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) Second operand 573 states. [2022-02-20 17:58:32,892 INFO L87 Difference]: Start difference. First operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) Second operand 573 states. [2022-02-20 17:58:32,907 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:32,922 INFO L93 Difference]: Finished difference Result 573 states and 910 transitions. [2022-02-20 17:58:32,922 INFO L276 IsEmpty]: Start isEmpty. Operand 573 states and 910 transitions. [2022-02-20 17:58:32,925 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:32,925 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:32,925 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:32,925 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:32,926 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 451 states, 352 states have (on average 1.5710227272727273) internal successors, (553), 358 states have internal predecessors, (553), 72 states have call successors, (72), 24 states have call predecessors, (72), 26 states have return successors, (76), 68 states have call predecessors, (76), 69 states have call successors, (76) [2022-02-20 17:58:32,958 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 451 states to 451 states and 701 transitions. [2022-02-20 17:58:32,958 INFO L78 Accepts]: Start accepts. Automaton has 451 states and 701 transitions. Word has length 127 [2022-02-20 17:58:32,959 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:32,959 INFO L470 AbstractCegarLoop]: Abstraction has 451 states and 701 transitions. [2022-02-20 17:58:32,959 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (18), 6 states have call predecessors, (18), 3 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2022-02-20 17:58:32,959 INFO L276 IsEmpty]: Start isEmpty. Operand 451 states and 701 transitions. [2022-02-20 17:58:32,961 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 148 [2022-02-20 17:58:32,961 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:32,961 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:32,961 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:58:32,961 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:32,962 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:32,962 INFO L85 PathProgramCache]: Analyzing trace with hash -1660844141, now seen corresponding path program 1 times [2022-02-20 17:58:32,962 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:32,962 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [495478569] [2022-02-20 17:58:32,962 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:32,962 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:33,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:33,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,050 INFO L290 TraceCheckUtils]: 0: Hoare triple {24733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,050 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24654#true} #1181#return; {24654#true} is VALID [2022-02-20 17:58:33,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:33,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,056 INFO L290 TraceCheckUtils]: 0: Hoare triple {24734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,056 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,056 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,056 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24654#true} #1183#return; {24654#true} is VALID [2022-02-20 17:58:33,057 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:33,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,064 INFO L290 TraceCheckUtils]: 0: Hoare triple {24733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,064 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume !(1 == ~handle); {24654#true} is VALID [2022-02-20 17:58:33,064 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,065 INFO L290 TraceCheckUtils]: 3: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,065 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24654#true} {24654#true} #1185#return; {24654#true} is VALID [2022-02-20 17:58:33,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:33,066 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,067 INFO L290 TraceCheckUtils]: 0: Hoare triple {24734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,067 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume !(1 == ~handle); {24654#true} is VALID [2022-02-20 17:58:33,067 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,068 INFO L290 TraceCheckUtils]: 3: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,068 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24654#true} {24654#true} #1187#return; {24654#true} is VALID [2022-02-20 17:58:33,068 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:33,069 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {24733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24735#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {24735#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {24735#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {24735#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {24735#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,081 INFO L290 TraceCheckUtils]: 3: Hoare triple {24735#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24736#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,082 INFO L290 TraceCheckUtils]: 4: Hoare triple {24736#(= 3 |setClientId_#in~handle|)} assume true; {24736#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,082 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {24736#(= 3 |setClientId_#in~handle|)} {24674#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1189#return; {24681#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:58:33,082 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:58:33,084 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,107 INFO L290 TraceCheckUtils]: 0: Hoare triple {24734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24737#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:33,108 INFO L290 TraceCheckUtils]: 1: Hoare triple {24737#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {24737#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:33,108 INFO L290 TraceCheckUtils]: 2: Hoare triple {24737#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24738#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:33,108 INFO L290 TraceCheckUtils]: 3: Hoare triple {24738#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {24738#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:33,109 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24738#(= 2 |setClientPrivateKey_#in~handle|)} {24681#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1191#return; {24655#false} is VALID [2022-02-20 17:58:33,114 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:58:33,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,118 INFO L290 TraceCheckUtils]: 0: Hoare triple {24739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,118 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,118 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,118 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24655#false} #1133#return; {24655#false} is VALID [2022-02-20 17:58:33,123 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:58:33,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,128 INFO L290 TraceCheckUtils]: 0: Hoare triple {24740#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,128 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,128 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,128 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24655#false} #1135#return; {24655#false} is VALID [2022-02-20 17:58:33,128 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:58:33,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,130 INFO L290 TraceCheckUtils]: 0: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~29; {24654#true} is VALID [2022-02-20 17:58:33,130 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {24654#true} is VALID [2022-02-20 17:58:33,130 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,130 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24655#false} #1115#return; {24655#false} is VALID [2022-02-20 17:58:33,131 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:58:33,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,132 INFO L290 TraceCheckUtils]: 0: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~7; {24654#true} is VALID [2022-02-20 17:58:33,132 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {24654#true} is VALID [2022-02-20 17:58:33,132 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,133 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24655#false} #1117#return; {24655#false} is VALID [2022-02-20 17:58:33,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:58:33,133 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {24654#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {24654#true} is VALID [2022-02-20 17:58:33,134 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle; {24654#true} is VALID [2022-02-20 17:58:33,135 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {24654#true} is VALID [2022-02-20 17:58:33,135 INFO L290 TraceCheckUtils]: 3: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,135 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24654#true} {24655#false} #1119#return; {24655#false} is VALID [2022-02-20 17:58:33,135 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:58:33,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,138 INFO L290 TraceCheckUtils]: 0: Hoare triple {24740#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,138 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,138 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,138 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24655#false} #1121#return; {24655#false} is VALID [2022-02-20 17:58:33,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:58:33,139 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,140 INFO L290 TraceCheckUtils]: 0: Hoare triple {24739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,140 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,140 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,140 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24655#false} #1147#return; {24655#false} is VALID [2022-02-20 17:58:33,141 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 17:58:33,141 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,142 INFO L290 TraceCheckUtils]: 0: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~12; {24654#true} is VALID [2022-02-20 17:58:33,142 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {24654#true} is VALID [2022-02-20 17:58:33,142 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,142 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24655#false} #1149#return; {24655#false} is VALID [2022-02-20 17:58:33,143 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:58:33,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~7; {24654#true} is VALID [2022-02-20 17:58:33,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {24654#true} is VALID [2022-02-20 17:58:33,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,144 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24655#false} #1151#return; {24655#false} is VALID [2022-02-20 17:58:33,144 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:58:33,145 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,151 INFO L290 TraceCheckUtils]: 0: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~6; {24654#true} is VALID [2022-02-20 17:58:33,151 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {24654#true} is VALID [2022-02-20 17:58:33,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,151 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {24654#true} {24655#false} #1153#return; {24655#false} is VALID [2022-02-20 17:58:33,152 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 17:58:33,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:33,153 INFO L290 TraceCheckUtils]: 0: Hoare triple {24654#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {24654#true} is VALID [2022-02-20 17:58:33,153 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume 1 == ~handle; {24654#true} is VALID [2022-02-20 17:58:33,154 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {24654#true} is VALID [2022-02-20 17:58:33,154 INFO L290 TraceCheckUtils]: 3: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,154 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {24654#true} {24655#false} #1155#return; {24655#false} is VALID [2022-02-20 17:58:33,154 INFO L290 TraceCheckUtils]: 0: Hoare triple {24654#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {24654#true} is VALID [2022-02-20 17:58:33,154 INFO L290 TraceCheckUtils]: 1: Hoare triple {24654#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {24654#true} is VALID [2022-02-20 17:58:33,154 INFO L290 TraceCheckUtils]: 2: Hoare triple {24654#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {24654#true} is VALID [2022-02-20 17:58:33,154 INFO L290 TraceCheckUtils]: 3: Hoare triple {24654#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {24654#true} is VALID [2022-02-20 17:58:33,154 INFO L290 TraceCheckUtils]: 4: Hoare triple {24654#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {24654#true} is VALID [2022-02-20 17:58:33,155 INFO L290 TraceCheckUtils]: 5: Hoare triple {24654#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {24654#true} is VALID [2022-02-20 17:58:33,155 INFO L272 TraceCheckUtils]: 6: Hoare triple {24654#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {24733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:33,155 INFO L290 TraceCheckUtils]: 7: Hoare triple {24733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,155 INFO L290 TraceCheckUtils]: 8: Hoare triple {24654#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,155 INFO L290 TraceCheckUtils]: 9: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,156 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {24654#true} {24654#true} #1181#return; {24654#true} is VALID [2022-02-20 17:58:33,156 INFO L290 TraceCheckUtils]: 11: Hoare triple {24654#true} assume { :end_inline_setup_bob__wrappee__Base } true; {24654#true} is VALID [2022-02-20 17:58:33,156 INFO L272 TraceCheckUtils]: 12: Hoare triple {24654#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {24734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:33,156 INFO L290 TraceCheckUtils]: 13: Hoare triple {24734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,156 INFO L290 TraceCheckUtils]: 14: Hoare triple {24654#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,156 INFO L290 TraceCheckUtils]: 15: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,157 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {24654#true} {24654#true} #1183#return; {24654#true} is VALID [2022-02-20 17:58:33,157 INFO L290 TraceCheckUtils]: 17: Hoare triple {24654#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {24654#true} is VALID [2022-02-20 17:58:33,157 INFO L272 TraceCheckUtils]: 18: Hoare triple {24654#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {24733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:33,157 INFO L290 TraceCheckUtils]: 19: Hoare triple {24733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,157 INFO L290 TraceCheckUtils]: 20: Hoare triple {24654#true} assume !(1 == ~handle); {24654#true} is VALID [2022-02-20 17:58:33,157 INFO L290 TraceCheckUtils]: 21: Hoare triple {24654#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,158 INFO L290 TraceCheckUtils]: 22: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,158 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {24654#true} {24654#true} #1185#return; {24654#true} is VALID [2022-02-20 17:58:33,158 INFO L290 TraceCheckUtils]: 24: Hoare triple {24654#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {24654#true} is VALID [2022-02-20 17:58:33,158 INFO L272 TraceCheckUtils]: 25: Hoare triple {24654#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {24734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:33,158 INFO L290 TraceCheckUtils]: 26: Hoare triple {24734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,158 INFO L290 TraceCheckUtils]: 27: Hoare triple {24654#true} assume !(1 == ~handle); {24654#true} is VALID [2022-02-20 17:58:33,164 INFO L290 TraceCheckUtils]: 28: Hoare triple {24654#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,164 INFO L290 TraceCheckUtils]: 29: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,164 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {24654#true} {24654#true} #1187#return; {24654#true} is VALID [2022-02-20 17:58:33,164 INFO L290 TraceCheckUtils]: 31: Hoare triple {24654#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {24674#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:33,165 INFO L272 TraceCheckUtils]: 32: Hoare triple {24674#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {24733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:33,165 INFO L290 TraceCheckUtils]: 33: Hoare triple {24733#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {24735#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,165 INFO L290 TraceCheckUtils]: 34: Hoare triple {24735#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {24735#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,166 INFO L290 TraceCheckUtils]: 35: Hoare triple {24735#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {24735#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,166 INFO L290 TraceCheckUtils]: 36: Hoare triple {24735#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {24736#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,166 INFO L290 TraceCheckUtils]: 37: Hoare triple {24736#(= 3 |setClientId_#in~handle|)} assume true; {24736#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:33,166 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {24736#(= 3 |setClientId_#in~handle|)} {24674#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1189#return; {24681#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:58:33,167 INFO L290 TraceCheckUtils]: 39: Hoare triple {24681#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {24681#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:58:33,167 INFO L272 TraceCheckUtils]: 40: Hoare triple {24681#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {24734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:33,167 INFO L290 TraceCheckUtils]: 41: Hoare triple {24734#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {24737#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:33,168 INFO L290 TraceCheckUtils]: 42: Hoare triple {24737#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {24737#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:33,168 INFO L290 TraceCheckUtils]: 43: Hoare triple {24737#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {24738#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:33,168 INFO L290 TraceCheckUtils]: 44: Hoare triple {24738#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {24738#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:33,168 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {24738#(= 2 |setClientPrivateKey_#in~handle|)} {24681#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1191#return; {24655#false} is VALID [2022-02-20 17:58:33,169 INFO L290 TraceCheckUtils]: 46: Hoare triple {24655#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {24655#false} is VALID [2022-02-20 17:58:33,169 INFO L290 TraceCheckUtils]: 47: Hoare triple {24655#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {24655#false} is VALID [2022-02-20 17:58:33,169 INFO L290 TraceCheckUtils]: 48: Hoare triple {24655#false} assume !false; {24655#false} is VALID [2022-02-20 17:58:33,169 INFO L290 TraceCheckUtils]: 49: Hoare triple {24655#false} assume test_~splverifierCounter~0#1 < 4; {24655#false} is VALID [2022-02-20 17:58:33,169 INFO L290 TraceCheckUtils]: 50: Hoare triple {24655#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {24655#false} is VALID [2022-02-20 17:58:33,169 INFO L290 TraceCheckUtils]: 51: Hoare triple {24655#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {24655#false} is VALID [2022-02-20 17:58:33,169 INFO L290 TraceCheckUtils]: 52: Hoare triple {24655#false} assume !(0 != test_~tmp___9~0#1); {24655#false} is VALID [2022-02-20 17:58:33,169 INFO L290 TraceCheckUtils]: 53: Hoare triple {24655#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {24655#false} is VALID [2022-02-20 17:58:33,170 INFO L290 TraceCheckUtils]: 54: Hoare triple {24655#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {24655#false} is VALID [2022-02-20 17:58:33,170 INFO L290 TraceCheckUtils]: 55: Hoare triple {24655#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {24655#false} is VALID [2022-02-20 17:58:33,170 INFO L290 TraceCheckUtils]: 56: Hoare triple {24655#false} assume { :end_inline_setClientAutoResponse } true; {24655#false} is VALID [2022-02-20 17:58:33,170 INFO L290 TraceCheckUtils]: 57: Hoare triple {24655#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {24655#false} is VALID [2022-02-20 17:58:33,170 INFO L290 TraceCheckUtils]: 58: Hoare triple {24655#false} assume !false; {24655#false} is VALID [2022-02-20 17:58:33,170 INFO L290 TraceCheckUtils]: 59: Hoare triple {24655#false} assume !(test_~splverifierCounter~0#1 < 4); {24655#false} is VALID [2022-02-20 17:58:33,170 INFO L290 TraceCheckUtils]: 60: Hoare triple {24655#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {24655#false} is VALID [2022-02-20 17:58:33,170 INFO L272 TraceCheckUtils]: 61: Hoare triple {24655#false} call sendEmail(~bob~0, ~rjh~0); {24655#false} is VALID [2022-02-20 17:58:33,170 INFO L290 TraceCheckUtils]: 62: Hoare triple {24655#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {24655#false} is VALID [2022-02-20 17:58:33,171 INFO L272 TraceCheckUtils]: 63: Hoare triple {24655#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {24739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:33,171 INFO L290 TraceCheckUtils]: 64: Hoare triple {24739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,171 INFO L290 TraceCheckUtils]: 65: Hoare triple {24654#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,171 INFO L290 TraceCheckUtils]: 66: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,171 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {24654#true} {24655#false} #1133#return; {24655#false} is VALID [2022-02-20 17:58:33,171 INFO L272 TraceCheckUtils]: 68: Hoare triple {24655#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {24740#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:33,171 INFO L290 TraceCheckUtils]: 69: Hoare triple {24740#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,171 INFO L290 TraceCheckUtils]: 70: Hoare triple {24654#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,171 INFO L290 TraceCheckUtils]: 71: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,172 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {24654#true} {24655#false} #1135#return; {24655#false} is VALID [2022-02-20 17:58:33,172 INFO L290 TraceCheckUtils]: 73: Hoare triple {24655#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {24655#false} is VALID [2022-02-20 17:58:33,172 INFO L290 TraceCheckUtils]: 74: Hoare triple {24655#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {24655#false} is VALID [2022-02-20 17:58:33,172 INFO L272 TraceCheckUtils]: 75: Hoare triple {24655#false} call outgoing(~sender#1, ~email~0#1); {24655#false} is VALID [2022-02-20 17:58:33,172 INFO L290 TraceCheckUtils]: 76: Hoare triple {24655#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {24655#false} is VALID [2022-02-20 17:58:33,173 INFO L290 TraceCheckUtils]: 77: Hoare triple {24655#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {24655#false} is VALID [2022-02-20 17:58:33,173 INFO L290 TraceCheckUtils]: 78: Hoare triple {24655#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {24655#false} is VALID [2022-02-20 17:58:33,173 INFO L290 TraceCheckUtils]: 79: Hoare triple {24655#false} assume 0 == sign_~privkey~0#1; {24655#false} is VALID [2022-02-20 17:58:33,173 INFO L290 TraceCheckUtils]: 80: Hoare triple {24655#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {24655#false} is VALID [2022-02-20 17:58:33,173 INFO L272 TraceCheckUtils]: 81: Hoare triple {24655#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {24654#true} is VALID [2022-02-20 17:58:33,173 INFO L290 TraceCheckUtils]: 82: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~29; {24654#true} is VALID [2022-02-20 17:58:33,173 INFO L290 TraceCheckUtils]: 83: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {24654#true} is VALID [2022-02-20 17:58:33,173 INFO L290 TraceCheckUtils]: 84: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,173 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {24654#true} {24655#false} #1115#return; {24655#false} is VALID [2022-02-20 17:58:33,174 INFO L290 TraceCheckUtils]: 86: Hoare triple {24655#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {24655#false} is VALID [2022-02-20 17:58:33,174 INFO L290 TraceCheckUtils]: 87: Hoare triple {24655#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {24655#false} is VALID [2022-02-20 17:58:33,174 INFO L290 TraceCheckUtils]: 88: Hoare triple {24655#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret87#1 := puts(37, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret87#1; {24655#false} is VALID [2022-02-20 17:58:33,174 INFO L272 TraceCheckUtils]: 89: Hoare triple {24655#false} call outgoing__wrappee__AddressBook_#t~ret88#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {24654#true} is VALID [2022-02-20 17:58:33,187 INFO L290 TraceCheckUtils]: 90: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~7; {24654#true} is VALID [2022-02-20 17:58:33,187 INFO L290 TraceCheckUtils]: 91: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {24654#true} is VALID [2022-02-20 17:58:33,187 INFO L290 TraceCheckUtils]: 92: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,187 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {24654#true} {24655#false} #1117#return; {24655#false} is VALID [2022-02-20 17:58:33,187 INFO L290 TraceCheckUtils]: 94: Hoare triple {24655#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret88#1;havoc outgoing__wrappee__AddressBook_#t~ret88#1;outgoing__wrappee__AddressBook_~receiver~0#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret89#1 := puts(38, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret89#1; {24655#false} is VALID [2022-02-20 17:58:33,188 INFO L272 TraceCheckUtils]: 95: Hoare triple {24655#false} call outgoing__wrappee__AddressBook_#t~ret90#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {24654#true} is VALID [2022-02-20 17:58:33,188 INFO L290 TraceCheckUtils]: 96: Hoare triple {24654#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {24654#true} is VALID [2022-02-20 17:58:33,188 INFO L290 TraceCheckUtils]: 97: Hoare triple {24654#true} assume 1 == ~handle; {24654#true} is VALID [2022-02-20 17:58:33,188 INFO L290 TraceCheckUtils]: 98: Hoare triple {24654#true} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {24654#true} is VALID [2022-02-20 17:58:33,188 INFO L290 TraceCheckUtils]: 99: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,188 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {24654#true} {24655#false} #1119#return; {24655#false} is VALID [2022-02-20 17:58:33,188 INFO L290 TraceCheckUtils]: 101: Hoare triple {24655#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~4#1 := outgoing__wrappee__AddressBook_#t~ret90#1;havoc outgoing__wrappee__AddressBook_#t~ret90#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~4#1; {24655#false} is VALID [2022-02-20 17:58:33,188 INFO L272 TraceCheckUtils]: 102: Hoare triple {24655#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {24740#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:33,188 INFO L290 TraceCheckUtils]: 103: Hoare triple {24740#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,189 INFO L290 TraceCheckUtils]: 104: Hoare triple {24654#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,189 INFO L290 TraceCheckUtils]: 105: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,189 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {24654#true} {24655#false} #1121#return; {24655#false} is VALID [2022-02-20 17:58:33,189 INFO L272 TraceCheckUtils]: 107: Hoare triple {24655#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {24655#false} is VALID [2022-02-20 17:58:33,189 INFO L290 TraceCheckUtils]: 108: Hoare triple {24655#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {24655#false} is VALID [2022-02-20 17:58:33,189 INFO L290 TraceCheckUtils]: 109: Hoare triple {24655#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {24655#false} is VALID [2022-02-20 17:58:33,189 INFO L290 TraceCheckUtils]: 110: Hoare triple {24655#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {24655#false} is VALID [2022-02-20 17:58:33,189 INFO L272 TraceCheckUtils]: 111: Hoare triple {24655#false} call setEmailFrom(~msg#1, ~tmp~12#1); {24739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:33,189 INFO L290 TraceCheckUtils]: 112: Hoare triple {24739#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {24654#true} is VALID [2022-02-20 17:58:33,190 INFO L290 TraceCheckUtils]: 113: Hoare triple {24654#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {24654#true} is VALID [2022-02-20 17:58:33,190 INFO L290 TraceCheckUtils]: 114: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,190 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {24654#true} {24655#false} #1147#return; {24655#false} is VALID [2022-02-20 17:58:33,190 INFO L290 TraceCheckUtils]: 116: Hoare triple {24655#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {24655#false} is VALID [2022-02-20 17:58:33,190 INFO L272 TraceCheckUtils]: 117: Hoare triple {24655#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {24654#true} is VALID [2022-02-20 17:58:33,190 INFO L290 TraceCheckUtils]: 118: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~12; {24654#true} is VALID [2022-02-20 17:58:33,190 INFO L290 TraceCheckUtils]: 119: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {24654#true} is VALID [2022-02-20 17:58:33,190 INFO L290 TraceCheckUtils]: 120: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,191 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {24654#true} {24655#false} #1149#return; {24655#false} is VALID [2022-02-20 17:58:33,191 INFO L290 TraceCheckUtils]: 122: Hoare triple {24655#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {24655#false} is VALID [2022-02-20 17:58:33,191 INFO L290 TraceCheckUtils]: 123: Hoare triple {24655#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {24655#false} is VALID [2022-02-20 17:58:33,191 INFO L272 TraceCheckUtils]: 124: Hoare triple {24655#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {24654#true} is VALID [2022-02-20 17:58:33,191 INFO L290 TraceCheckUtils]: 125: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~7; {24654#true} is VALID [2022-02-20 17:58:33,191 INFO L290 TraceCheckUtils]: 126: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {24654#true} is VALID [2022-02-20 17:58:33,191 INFO L290 TraceCheckUtils]: 127: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,191 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {24654#true} {24655#false} #1151#return; {24655#false} is VALID [2022-02-20 17:58:33,191 INFO L290 TraceCheckUtils]: 129: Hoare triple {24655#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {24655#false} is VALID [2022-02-20 17:58:33,192 INFO L290 TraceCheckUtils]: 130: Hoare triple {24655#false} assume 1 == ~sent_signed~0; {24655#false} is VALID [2022-02-20 17:58:33,192 INFO L272 TraceCheckUtils]: 131: Hoare triple {24655#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {24654#true} is VALID [2022-02-20 17:58:33,192 INFO L290 TraceCheckUtils]: 132: Hoare triple {24654#true} ~handle := #in~handle;havoc ~retValue_acc~6; {24654#true} is VALID [2022-02-20 17:58:33,192 INFO L290 TraceCheckUtils]: 133: Hoare triple {24654#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {24654#true} is VALID [2022-02-20 17:58:33,192 INFO L290 TraceCheckUtils]: 134: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,192 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {24654#true} {24655#false} #1153#return; {24655#false} is VALID [2022-02-20 17:58:33,192 INFO L290 TraceCheckUtils]: 136: Hoare triple {24655#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {24655#false} is VALID [2022-02-20 17:58:33,192 INFO L272 TraceCheckUtils]: 137: Hoare triple {24655#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {24654#true} is VALID [2022-02-20 17:58:33,192 INFO L290 TraceCheckUtils]: 138: Hoare triple {24654#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {24654#true} is VALID [2022-02-20 17:58:33,193 INFO L290 TraceCheckUtils]: 139: Hoare triple {24654#true} assume 1 == ~handle; {24654#true} is VALID [2022-02-20 17:58:33,193 INFO L290 TraceCheckUtils]: 140: Hoare triple {24654#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {24654#true} is VALID [2022-02-20 17:58:33,193 INFO L290 TraceCheckUtils]: 141: Hoare triple {24654#true} assume true; {24654#true} is VALID [2022-02-20 17:58:33,193 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {24654#true} {24655#false} #1155#return; {24655#false} is VALID [2022-02-20 17:58:33,193 INFO L290 TraceCheckUtils]: 143: Hoare triple {24655#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {24655#false} is VALID [2022-02-20 17:58:33,193 INFO L290 TraceCheckUtils]: 144: Hoare triple {24655#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {24655#false} is VALID [2022-02-20 17:58:33,193 INFO L272 TraceCheckUtils]: 145: Hoare triple {24655#false} call __automaton_fail(); {24655#false} is VALID [2022-02-20 17:58:33,193 INFO L290 TraceCheckUtils]: 146: Hoare triple {24655#false} assume !false; {24655#false} is VALID [2022-02-20 17:58:33,194 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 26 trivial. 0 not checked. [2022-02-20 17:58:33,194 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:33,194 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [495478569] [2022-02-20 17:58:33,194 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [495478569] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:33,194 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:33,194 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:58:33,195 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [70740928] [2022-02-20 17:58:33,195 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:33,195 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 147 [2022-02-20 17:58:33,195 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:33,196 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:58:33,247 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 133 edges. 133 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:33,247 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:58:33,247 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:33,247 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:58:33,247 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:33,247 INFO L87 Difference]: Start difference. First operand 451 states and 701 transitions. Second operand has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:58:41,606 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:41,606 INFO L93 Difference]: Finished difference Result 999 states and 1581 transitions. [2022-02-20 17:58:41,606 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:58:41,606 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 147 [2022-02-20 17:58:41,607 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:41,607 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:58:41,615 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1328 transitions. [2022-02-20 17:58:41,615 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:58:41,624 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1328 transitions. [2022-02-20 17:58:41,624 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1328 transitions. [2022-02-20 17:58:42,746 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1328 edges. 1328 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:42,763 INFO L225 Difference]: With dead ends: 999 [2022-02-20 17:58:42,763 INFO L226 Difference]: Without dead ends: 575 [2022-02-20 17:58:42,765 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 59 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:58:42,765 INFO L933 BasicCegarLoop]: 614 mSDtfsCounter, 1515 mSDsluCounter, 1366 mSDsCounter, 0 mSdLazyCounter, 3727 mSolverCounterSat, 561 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1515 SdHoareTripleChecker+Valid, 1980 SdHoareTripleChecker+Invalid, 4288 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 561 IncrementalHoareTripleChecker+Valid, 3727 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.9s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:42,765 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1515 Valid, 1980 Invalid, 4288 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [561 Valid, 3727 Invalid, 0 Unknown, 0 Unchecked, 3.9s Time] [2022-02-20 17:58:42,766 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 575 states. [2022-02-20 17:58:42,853 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 575 to 453. [2022-02-20 17:58:42,853 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:42,854 INFO L82 GeneralOperation]: Start isEquivalent. First operand 575 states. Second operand has 453 states, 353 states have (on average 1.5694050991501416) internal successors, (554), 360 states have internal predecessors, (554), 72 states have call successors, (72), 24 states have call predecessors, (72), 27 states have return successors, (81), 68 states have call predecessors, (81), 69 states have call successors, (81) [2022-02-20 17:58:42,855 INFO L74 IsIncluded]: Start isIncluded. First operand 575 states. Second operand has 453 states, 353 states have (on average 1.5694050991501416) internal successors, (554), 360 states have internal predecessors, (554), 72 states have call successors, (72), 24 states have call predecessors, (72), 27 states have return successors, (81), 68 states have call predecessors, (81), 69 states have call successors, (81) [2022-02-20 17:58:42,856 INFO L87 Difference]: Start difference. First operand 575 states. Second operand has 453 states, 353 states have (on average 1.5694050991501416) internal successors, (554), 360 states have internal predecessors, (554), 72 states have call successors, (72), 24 states have call predecessors, (72), 27 states have return successors, (81), 68 states have call predecessors, (81), 69 states have call successors, (81) [2022-02-20 17:58:42,870 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:42,870 INFO L93 Difference]: Finished difference Result 575 states and 916 transitions. [2022-02-20 17:58:42,870 INFO L276 IsEmpty]: Start isEmpty. Operand 575 states and 916 transitions. [2022-02-20 17:58:42,872 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:42,872 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:42,873 INFO L74 IsIncluded]: Start isIncluded. First operand has 453 states, 353 states have (on average 1.5694050991501416) internal successors, (554), 360 states have internal predecessors, (554), 72 states have call successors, (72), 24 states have call predecessors, (72), 27 states have return successors, (81), 68 states have call predecessors, (81), 69 states have call successors, (81) Second operand 575 states. [2022-02-20 17:58:42,874 INFO L87 Difference]: Start difference. First operand has 453 states, 353 states have (on average 1.5694050991501416) internal successors, (554), 360 states have internal predecessors, (554), 72 states have call successors, (72), 24 states have call predecessors, (72), 27 states have return successors, (81), 68 states have call predecessors, (81), 69 states have call successors, (81) Second operand 575 states. [2022-02-20 17:58:42,888 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:42,888 INFO L93 Difference]: Finished difference Result 575 states and 916 transitions. [2022-02-20 17:58:42,888 INFO L276 IsEmpty]: Start isEmpty. Operand 575 states and 916 transitions. [2022-02-20 17:58:42,890 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:42,890 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:42,891 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:42,891 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:42,891 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 453 states, 353 states have (on average 1.5694050991501416) internal successors, (554), 360 states have internal predecessors, (554), 72 states have call successors, (72), 24 states have call predecessors, (72), 27 states have return successors, (81), 68 states have call predecessors, (81), 69 states have call successors, (81) [2022-02-20 17:58:42,903 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 453 states to 453 states and 707 transitions. [2022-02-20 17:58:42,903 INFO L78 Accepts]: Start accepts. Automaton has 453 states and 707 transitions. Word has length 147 [2022-02-20 17:58:42,903 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:42,903 INFO L470 AbstractCegarLoop]: Abstraction has 453 states and 707 transitions. [2022-02-20 17:58:42,903 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 8.636363636363637) internal successors, (95), 8 states have internal predecessors, (95), 4 states have call successors, (21), 6 states have call predecessors, (21), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:58:42,903 INFO L276 IsEmpty]: Start isEmpty. Operand 453 states and 707 transitions. [2022-02-20 17:58:42,905 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 149 [2022-02-20 17:58:42,905 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:42,905 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:42,905 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 17:58:42,905 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:42,906 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:42,906 INFO L85 PathProgramCache]: Analyzing trace with hash 1639873244, now seen corresponding path program 1 times [2022-02-20 17:58:42,906 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:42,906 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [771843818] [2022-02-20 17:58:42,906 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:42,906 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:42,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:42,980 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:42,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:42,989 INFO L290 TraceCheckUtils]: 0: Hoare triple {28025#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:42,990 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:42,990 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:42,990 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27944#true} #1181#return; {27944#true} is VALID [2022-02-20 17:58:42,996 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:42,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:42,998 INFO L290 TraceCheckUtils]: 0: Hoare triple {28026#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:42,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:42,999 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:42,999 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27944#true} #1183#return; {27944#true} is VALID [2022-02-20 17:58:42,999 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:43,000 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,026 INFO L290 TraceCheckUtils]: 0: Hoare triple {28025#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28027#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,026 INFO L290 TraceCheckUtils]: 1: Hoare triple {28027#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {28027#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,027 INFO L290 TraceCheckUtils]: 2: Hoare triple {28027#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {28028#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,027 INFO L290 TraceCheckUtils]: 3: Hoare triple {28028#(= 2 |setClientId_#in~handle|)} assume true; {28028#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,028 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {28028#(= 2 |setClientId_#in~handle|)} {27954#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1185#return; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:43,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {28026#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,031 INFO L290 TraceCheckUtils]: 3: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,032 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27944#true} {27960#(not (= ~rjh~0 1))} #1187#return; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:43,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {28025#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume !(2 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,035 INFO L290 TraceCheckUtils]: 3: Hoare triple {27944#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,035 INFO L290 TraceCheckUtils]: 4: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,035 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27944#true} {27960#(not (= ~rjh~0 1))} #1189#return; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:58:43,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {28026#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,039 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume !(2 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,039 INFO L290 TraceCheckUtils]: 3: Hoare triple {27944#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,039 INFO L290 TraceCheckUtils]: 4: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,039 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {27944#true} {27960#(not (= ~rjh~0 1))} #1191#return; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,059 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:58:43,060 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,062 INFO L290 TraceCheckUtils]: 0: Hoare triple {28029#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,062 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,062 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,062 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27945#false} #1133#return; {27945#false} is VALID [2022-02-20 17:58:43,069 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:58:43,070 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,071 INFO L290 TraceCheckUtils]: 0: Hoare triple {28030#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,071 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,072 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,072 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27945#false} #1135#return; {27945#false} is VALID [2022-02-20 17:58:43,072 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:58:43,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,074 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~29; {27944#true} is VALID [2022-02-20 17:58:43,074 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {27944#true} is VALID [2022-02-20 17:58:43,074 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,074 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27945#false} #1115#return; {27945#false} is VALID [2022-02-20 17:58:43,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:58:43,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:43,076 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:43,076 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,076 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27945#false} #1117#return; {27945#false} is VALID [2022-02-20 17:58:43,076 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:58:43,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,078 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {27944#true} is VALID [2022-02-20 17:58:43,078 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle; {27944#true} is VALID [2022-02-20 17:58:43,078 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {27944#true} is VALID [2022-02-20 17:58:43,078 INFO L290 TraceCheckUtils]: 3: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,078 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27944#true} {27945#false} #1119#return; {27945#false} is VALID [2022-02-20 17:58:43,079 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:58:43,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,090 INFO L290 TraceCheckUtils]: 0: Hoare triple {28030#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,091 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,091 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27945#false} #1121#return; {27945#false} is VALID [2022-02-20 17:58:43,091 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:58:43,092 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,093 INFO L290 TraceCheckUtils]: 0: Hoare triple {28029#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,093 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,093 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,093 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27945#false} #1147#return; {27945#false} is VALID [2022-02-20 17:58:43,094 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:58:43,094 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,095 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~12; {27944#true} is VALID [2022-02-20 17:58:43,095 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {27944#true} is VALID [2022-02-20 17:58:43,095 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,096 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27945#false} #1149#return; {27945#false} is VALID [2022-02-20 17:58:43,096 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:58:43,096 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,097 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:43,097 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:43,097 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,098 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27945#false} #1151#return; {27945#false} is VALID [2022-02-20 17:58:43,098 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 17:58:43,098 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,099 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~6; {27944#true} is VALID [2022-02-20 17:58:43,099 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {27944#true} is VALID [2022-02-20 17:58:43,100 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,100 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {27944#true} {27945#false} #1153#return; {27945#false} is VALID [2022-02-20 17:58:43,100 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 17:58:43,100 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {27944#true} is VALID [2022-02-20 17:58:43,102 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume 1 == ~handle; {27944#true} is VALID [2022-02-20 17:58:43,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {27944#true} is VALID [2022-02-20 17:58:43,102 INFO L290 TraceCheckUtils]: 3: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,102 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {27944#true} {27945#false} #1155#return; {27945#false} is VALID [2022-02-20 17:58:43,102 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {27944#true} is VALID [2022-02-20 17:58:43,102 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {27944#true} is VALID [2022-02-20 17:58:43,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27944#true} is VALID [2022-02-20 17:58:43,102 INFO L290 TraceCheckUtils]: 3: Hoare triple {27944#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {27944#true} is VALID [2022-02-20 17:58:43,103 INFO L290 TraceCheckUtils]: 4: Hoare triple {27944#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {27944#true} is VALID [2022-02-20 17:58:43,103 INFO L290 TraceCheckUtils]: 5: Hoare triple {27944#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27944#true} is VALID [2022-02-20 17:58:43,119 INFO L272 TraceCheckUtils]: 6: Hoare triple {27944#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {28025#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,119 INFO L290 TraceCheckUtils]: 7: Hoare triple {28025#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,119 INFO L290 TraceCheckUtils]: 8: Hoare triple {27944#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,119 INFO L290 TraceCheckUtils]: 9: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,120 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27944#true} {27944#true} #1181#return; {27944#true} is VALID [2022-02-20 17:58:43,120 INFO L290 TraceCheckUtils]: 11: Hoare triple {27944#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27944#true} is VALID [2022-02-20 17:58:43,120 INFO L272 TraceCheckUtils]: 12: Hoare triple {27944#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {28026#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,121 INFO L290 TraceCheckUtils]: 13: Hoare triple {28026#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,121 INFO L290 TraceCheckUtils]: 14: Hoare triple {27944#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,121 INFO L290 TraceCheckUtils]: 15: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,121 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27944#true} {27944#true} #1183#return; {27944#true} is VALID [2022-02-20 17:58:43,121 INFO L290 TraceCheckUtils]: 17: Hoare triple {27944#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27954#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:43,122 INFO L272 TraceCheckUtils]: 18: Hoare triple {27954#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {28025#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,122 INFO L290 TraceCheckUtils]: 19: Hoare triple {28025#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {28027#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,122 INFO L290 TraceCheckUtils]: 20: Hoare triple {28027#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {28027#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,123 INFO L290 TraceCheckUtils]: 21: Hoare triple {28027#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {28028#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,123 INFO L290 TraceCheckUtils]: 22: Hoare triple {28028#(= 2 |setClientId_#in~handle|)} assume true; {28028#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,124 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {28028#(= 2 |setClientId_#in~handle|)} {27954#(= ~rjh~0 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1185#return; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,124 INFO L290 TraceCheckUtils]: 24: Hoare triple {27960#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,124 INFO L272 TraceCheckUtils]: 25: Hoare triple {27960#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {28026#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,125 INFO L290 TraceCheckUtils]: 26: Hoare triple {28026#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,125 INFO L290 TraceCheckUtils]: 27: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,125 INFO L290 TraceCheckUtils]: 28: Hoare triple {27944#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,125 INFO L290 TraceCheckUtils]: 29: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,125 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27944#true} {27960#(not (= ~rjh~0 1))} #1187#return; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,126 INFO L290 TraceCheckUtils]: 31: Hoare triple {27960#(not (= ~rjh~0 1))} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,126 INFO L272 TraceCheckUtils]: 32: Hoare triple {27960#(not (= ~rjh~0 1))} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {28025#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,126 INFO L290 TraceCheckUtils]: 33: Hoare triple {28025#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,126 INFO L290 TraceCheckUtils]: 34: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,127 INFO L290 TraceCheckUtils]: 35: Hoare triple {27944#true} assume !(2 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,127 INFO L290 TraceCheckUtils]: 36: Hoare triple {27944#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,127 INFO L290 TraceCheckUtils]: 37: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,127 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27944#true} {27960#(not (= ~rjh~0 1))} #1189#return; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,127 INFO L290 TraceCheckUtils]: 39: Hoare triple {27960#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,128 INFO L272 TraceCheckUtils]: 40: Hoare triple {27960#(not (= ~rjh~0 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {28026#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,128 INFO L290 TraceCheckUtils]: 41: Hoare triple {28026#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,128 INFO L290 TraceCheckUtils]: 42: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,128 INFO L290 TraceCheckUtils]: 43: Hoare triple {27944#true} assume !(2 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,128 INFO L290 TraceCheckUtils]: 44: Hoare triple {27944#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,129 INFO L290 TraceCheckUtils]: 45: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,129 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {27944#true} {27960#(not (= ~rjh~0 1))} #1191#return; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,129 INFO L290 TraceCheckUtils]: 47: Hoare triple {27960#(not (= ~rjh~0 1))} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,130 INFO L290 TraceCheckUtils]: 48: Hoare triple {27960#(not (= ~rjh~0 1))} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,130 INFO L290 TraceCheckUtils]: 49: Hoare triple {27960#(not (= ~rjh~0 1))} assume !false; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,130 INFO L290 TraceCheckUtils]: 50: Hoare triple {27960#(not (= ~rjh~0 1))} assume test_~splverifierCounter~0#1 < 4; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,130 INFO L290 TraceCheckUtils]: 51: Hoare triple {27960#(not (= ~rjh~0 1))} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,131 INFO L290 TraceCheckUtils]: 52: Hoare triple {27960#(not (= ~rjh~0 1))} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,131 INFO L290 TraceCheckUtils]: 53: Hoare triple {27960#(not (= ~rjh~0 1))} assume !(0 != test_~tmp___9~0#1); {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,131 INFO L290 TraceCheckUtils]: 54: Hoare triple {27960#(not (= ~rjh~0 1))} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {27960#(not (= ~rjh~0 1))} is VALID [2022-02-20 17:58:43,132 INFO L290 TraceCheckUtils]: 55: Hoare triple {27960#(not (= ~rjh~0 1))} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {27978#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} is VALID [2022-02-20 17:58:43,132 INFO L290 TraceCheckUtils]: 56: Hoare triple {27978#(not (= |ULTIMATE.start_setClientAutoResponse_~handle#1| 1))} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {27945#false} is VALID [2022-02-20 17:58:43,132 INFO L290 TraceCheckUtils]: 57: Hoare triple {27945#false} assume { :end_inline_setClientAutoResponse } true; {27945#false} is VALID [2022-02-20 17:58:43,132 INFO L290 TraceCheckUtils]: 58: Hoare triple {27945#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {27945#false} is VALID [2022-02-20 17:58:43,132 INFO L290 TraceCheckUtils]: 59: Hoare triple {27945#false} assume !false; {27945#false} is VALID [2022-02-20 17:58:43,132 INFO L290 TraceCheckUtils]: 60: Hoare triple {27945#false} assume !(test_~splverifierCounter~0#1 < 4); {27945#false} is VALID [2022-02-20 17:58:43,132 INFO L290 TraceCheckUtils]: 61: Hoare triple {27945#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {27945#false} is VALID [2022-02-20 17:58:43,150 INFO L272 TraceCheckUtils]: 62: Hoare triple {27945#false} call sendEmail(~bob~0, ~rjh~0); {27945#false} is VALID [2022-02-20 17:58:43,150 INFO L290 TraceCheckUtils]: 63: Hoare triple {27945#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27945#false} is VALID [2022-02-20 17:58:43,150 INFO L272 TraceCheckUtils]: 64: Hoare triple {27945#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {28029#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:43,150 INFO L290 TraceCheckUtils]: 65: Hoare triple {28029#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,150 INFO L290 TraceCheckUtils]: 66: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,150 INFO L290 TraceCheckUtils]: 67: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,150 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {27944#true} {27945#false} #1133#return; {27945#false} is VALID [2022-02-20 17:58:43,150 INFO L272 TraceCheckUtils]: 69: Hoare triple {27945#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {28030#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:43,150 INFO L290 TraceCheckUtils]: 70: Hoare triple {28030#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,150 INFO L290 TraceCheckUtils]: 71: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,151 INFO L290 TraceCheckUtils]: 72: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,151 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {27944#true} {27945#false} #1135#return; {27945#false} is VALID [2022-02-20 17:58:43,151 INFO L290 TraceCheckUtils]: 74: Hoare triple {27945#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {27945#false} is VALID [2022-02-20 17:58:43,151 INFO L290 TraceCheckUtils]: 75: Hoare triple {27945#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {27945#false} is VALID [2022-02-20 17:58:43,151 INFO L272 TraceCheckUtils]: 76: Hoare triple {27945#false} call outgoing(~sender#1, ~email~0#1); {27945#false} is VALID [2022-02-20 17:58:43,151 INFO L290 TraceCheckUtils]: 77: Hoare triple {27945#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {27945#false} is VALID [2022-02-20 17:58:43,151 INFO L290 TraceCheckUtils]: 78: Hoare triple {27945#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {27945#false} is VALID [2022-02-20 17:58:43,151 INFO L290 TraceCheckUtils]: 79: Hoare triple {27945#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {27945#false} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 80: Hoare triple {27945#false} assume 0 == sign_~privkey~0#1; {27945#false} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 81: Hoare triple {27945#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {27945#false} is VALID [2022-02-20 17:58:43,152 INFO L272 TraceCheckUtils]: 82: Hoare triple {27945#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {27944#true} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 83: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~29; {27944#true} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 84: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {27944#true} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 85: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,152 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {27944#true} {27945#false} #1115#return; {27945#false} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 87: Hoare triple {27945#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {27945#false} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 88: Hoare triple {27945#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {27945#false} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 89: Hoare triple {27945#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret87#1 := puts(37, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret87#1; {27945#false} is VALID [2022-02-20 17:58:43,152 INFO L272 TraceCheckUtils]: 90: Hoare triple {27945#false} call outgoing__wrappee__AddressBook_#t~ret88#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {27944#true} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 91: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 92: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:43,152 INFO L290 TraceCheckUtils]: 93: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,152 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {27944#true} {27945#false} #1117#return; {27945#false} is VALID [2022-02-20 17:58:43,153 INFO L290 TraceCheckUtils]: 95: Hoare triple {27945#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret88#1;havoc outgoing__wrappee__AddressBook_#t~ret88#1;outgoing__wrappee__AddressBook_~receiver~0#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret89#1 := puts(38, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret89#1; {27945#false} is VALID [2022-02-20 17:58:43,153 INFO L272 TraceCheckUtils]: 96: Hoare triple {27945#false} call outgoing__wrappee__AddressBook_#t~ret90#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {27944#true} is VALID [2022-02-20 17:58:43,153 INFO L290 TraceCheckUtils]: 97: Hoare triple {27944#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {27944#true} is VALID [2022-02-20 17:58:43,153 INFO L290 TraceCheckUtils]: 98: Hoare triple {27944#true} assume 1 == ~handle; {27944#true} is VALID [2022-02-20 17:58:43,153 INFO L290 TraceCheckUtils]: 99: Hoare triple {27944#true} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {27944#true} is VALID [2022-02-20 17:58:43,153 INFO L290 TraceCheckUtils]: 100: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,153 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {27944#true} {27945#false} #1119#return; {27945#false} is VALID [2022-02-20 17:58:43,153 INFO L290 TraceCheckUtils]: 102: Hoare triple {27945#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~4#1 := outgoing__wrappee__AddressBook_#t~ret90#1;havoc outgoing__wrappee__AddressBook_#t~ret90#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~4#1; {27945#false} is VALID [2022-02-20 17:58:43,153 INFO L272 TraceCheckUtils]: 103: Hoare triple {27945#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {28030#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:43,153 INFO L290 TraceCheckUtils]: 104: Hoare triple {28030#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,153 INFO L290 TraceCheckUtils]: 105: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,153 INFO L290 TraceCheckUtils]: 106: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,153 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {27944#true} {27945#false} #1121#return; {27945#false} is VALID [2022-02-20 17:58:43,153 INFO L272 TraceCheckUtils]: 108: Hoare triple {27945#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {27945#false} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 109: Hoare triple {27945#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {27945#false} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 110: Hoare triple {27945#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {27945#false} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 111: Hoare triple {27945#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {27945#false} is VALID [2022-02-20 17:58:43,154 INFO L272 TraceCheckUtils]: 112: Hoare triple {27945#false} call setEmailFrom(~msg#1, ~tmp~12#1); {28029#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 113: Hoare triple {28029#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 114: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 115: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,154 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {27944#true} {27945#false} #1147#return; {27945#false} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 117: Hoare triple {27945#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {27945#false} is VALID [2022-02-20 17:58:43,154 INFO L272 TraceCheckUtils]: 118: Hoare triple {27945#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {27944#true} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 119: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~12; {27944#true} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 120: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {27944#true} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 121: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,154 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {27944#true} {27945#false} #1149#return; {27945#false} is VALID [2022-02-20 17:58:43,154 INFO L290 TraceCheckUtils]: 123: Hoare triple {27945#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {27945#false} is VALID [2022-02-20 17:58:43,155 INFO L290 TraceCheckUtils]: 124: Hoare triple {27945#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {27945#false} is VALID [2022-02-20 17:58:43,155 INFO L272 TraceCheckUtils]: 125: Hoare triple {27945#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {27944#true} is VALID [2022-02-20 17:58:43,155 INFO L290 TraceCheckUtils]: 126: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:43,155 INFO L290 TraceCheckUtils]: 127: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:43,155 INFO L290 TraceCheckUtils]: 128: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,155 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {27944#true} {27945#false} #1151#return; {27945#false} is VALID [2022-02-20 17:58:43,155 INFO L290 TraceCheckUtils]: 130: Hoare triple {27945#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {27945#false} is VALID [2022-02-20 17:58:43,155 INFO L290 TraceCheckUtils]: 131: Hoare triple {27945#false} assume 1 == ~sent_signed~0; {27945#false} is VALID [2022-02-20 17:58:43,155 INFO L272 TraceCheckUtils]: 132: Hoare triple {27945#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {27944#true} is VALID [2022-02-20 17:58:43,155 INFO L290 TraceCheckUtils]: 133: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~6; {27944#true} is VALID [2022-02-20 17:58:43,155 INFO L290 TraceCheckUtils]: 134: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {27944#true} is VALID [2022-02-20 17:58:43,155 INFO L290 TraceCheckUtils]: 135: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,155 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {27944#true} {27945#false} #1153#return; {27945#false} is VALID [2022-02-20 17:58:43,156 INFO L290 TraceCheckUtils]: 137: Hoare triple {27945#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {27945#false} is VALID [2022-02-20 17:58:43,156 INFO L272 TraceCheckUtils]: 138: Hoare triple {27945#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {27944#true} is VALID [2022-02-20 17:58:43,156 INFO L290 TraceCheckUtils]: 139: Hoare triple {27944#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {27944#true} is VALID [2022-02-20 17:58:43,156 INFO L290 TraceCheckUtils]: 140: Hoare triple {27944#true} assume 1 == ~handle; {27944#true} is VALID [2022-02-20 17:58:43,156 INFO L290 TraceCheckUtils]: 141: Hoare triple {27944#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {27944#true} is VALID [2022-02-20 17:58:43,156 INFO L290 TraceCheckUtils]: 142: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,156 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {27944#true} {27945#false} #1155#return; {27945#false} is VALID [2022-02-20 17:58:43,156 INFO L290 TraceCheckUtils]: 144: Hoare triple {27945#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {27945#false} is VALID [2022-02-20 17:58:43,156 INFO L290 TraceCheckUtils]: 145: Hoare triple {27945#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {27945#false} is VALID [2022-02-20 17:58:43,156 INFO L272 TraceCheckUtils]: 146: Hoare triple {27945#false} call __automaton_fail(); {27945#false} is VALID [2022-02-20 17:58:43,156 INFO L290 TraceCheckUtils]: 147: Hoare triple {27945#false} assume !false; {27945#false} is VALID [2022-02-20 17:58:43,156 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 5 proven. 4 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2022-02-20 17:58:43,157 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:43,157 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [771843818] [2022-02-20 17:58:43,157 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [771843818] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:43,157 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1813673974] [2022-02-20 17:58:43,157 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:43,157 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:43,157 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:43,158 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:43,159 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 17:58:43,396 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,399 INFO L263 TraceCheckSpWp]: Trace formula consists of 1265 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:58:43,442 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,443 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:43,778 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {27944#true} is VALID [2022-02-20 17:58:43,778 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {27944#true} is VALID [2022-02-20 17:58:43,778 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27944#true} is VALID [2022-02-20 17:58:43,778 INFO L290 TraceCheckUtils]: 3: Hoare triple {27944#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {27944#true} is VALID [2022-02-20 17:58:43,778 INFO L290 TraceCheckUtils]: 4: Hoare triple {27944#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {27944#true} is VALID [2022-02-20 17:58:43,779 INFO L290 TraceCheckUtils]: 5: Hoare triple {27944#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27944#true} is VALID [2022-02-20 17:58:43,779 INFO L272 TraceCheckUtils]: 6: Hoare triple {27944#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {27944#true} is VALID [2022-02-20 17:58:43,779 INFO L290 TraceCheckUtils]: 7: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,779 INFO L290 TraceCheckUtils]: 8: Hoare triple {27944#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,779 INFO L290 TraceCheckUtils]: 9: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,779 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27944#true} {27944#true} #1181#return; {27944#true} is VALID [2022-02-20 17:58:43,779 INFO L290 TraceCheckUtils]: 11: Hoare triple {27944#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27944#true} is VALID [2022-02-20 17:58:43,779 INFO L272 TraceCheckUtils]: 12: Hoare triple {27944#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {27944#true} is VALID [2022-02-20 17:58:43,780 INFO L290 TraceCheckUtils]: 13: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,780 INFO L290 TraceCheckUtils]: 14: Hoare triple {27944#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,780 INFO L290 TraceCheckUtils]: 15: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,780 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27944#true} {27944#true} #1183#return; {27944#true} is VALID [2022-02-20 17:58:43,780 INFO L290 TraceCheckUtils]: 17: Hoare triple {27944#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27944#true} is VALID [2022-02-20 17:58:43,780 INFO L272 TraceCheckUtils]: 18: Hoare triple {27944#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {27944#true} is VALID [2022-02-20 17:58:43,780 INFO L290 TraceCheckUtils]: 19: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,780 INFO L290 TraceCheckUtils]: 20: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,781 INFO L290 TraceCheckUtils]: 21: Hoare triple {27944#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,781 INFO L290 TraceCheckUtils]: 22: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,781 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {27944#true} {27944#true} #1185#return; {27944#true} is VALID [2022-02-20 17:58:43,781 INFO L290 TraceCheckUtils]: 24: Hoare triple {27944#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {27944#true} is VALID [2022-02-20 17:58:43,781 INFO L272 TraceCheckUtils]: 25: Hoare triple {27944#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {27944#true} is VALID [2022-02-20 17:58:43,781 INFO L290 TraceCheckUtils]: 26: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,781 INFO L290 TraceCheckUtils]: 27: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,781 INFO L290 TraceCheckUtils]: 28: Hoare triple {27944#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,781 INFO L290 TraceCheckUtils]: 29: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,782 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27944#true} {27944#true} #1187#return; {27944#true} is VALID [2022-02-20 17:58:43,782 INFO L290 TraceCheckUtils]: 31: Hoare triple {27944#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27944#true} is VALID [2022-02-20 17:58:43,782 INFO L272 TraceCheckUtils]: 32: Hoare triple {27944#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {27944#true} is VALID [2022-02-20 17:58:43,782 INFO L290 TraceCheckUtils]: 33: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,782 INFO L290 TraceCheckUtils]: 34: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,782 INFO L290 TraceCheckUtils]: 35: Hoare triple {27944#true} assume !(2 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,782 INFO L290 TraceCheckUtils]: 36: Hoare triple {27944#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,782 INFO L290 TraceCheckUtils]: 37: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,783 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27944#true} {27944#true} #1189#return; {27944#true} is VALID [2022-02-20 17:58:43,783 INFO L290 TraceCheckUtils]: 39: Hoare triple {27944#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {27944#true} is VALID [2022-02-20 17:58:43,783 INFO L272 TraceCheckUtils]: 40: Hoare triple {27944#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {27944#true} is VALID [2022-02-20 17:58:43,783 INFO L290 TraceCheckUtils]: 41: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:43,783 INFO L290 TraceCheckUtils]: 42: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,783 INFO L290 TraceCheckUtils]: 43: Hoare triple {27944#true} assume !(2 == ~handle); {27944#true} is VALID [2022-02-20 17:58:43,783 INFO L290 TraceCheckUtils]: 44: Hoare triple {27944#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:43,783 INFO L290 TraceCheckUtils]: 45: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:43,784 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {27944#true} {27944#true} #1191#return; {27944#true} is VALID [2022-02-20 17:58:43,784 INFO L290 TraceCheckUtils]: 47: Hoare triple {27944#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {27944#true} is VALID [2022-02-20 17:58:43,784 INFO L290 TraceCheckUtils]: 48: Hoare triple {27944#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28178#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:43,784 INFO L290 TraceCheckUtils]: 49: Hoare triple {28178#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {28178#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:43,785 INFO L290 TraceCheckUtils]: 50: Hoare triple {28178#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {28178#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:43,785 INFO L290 TraceCheckUtils]: 51: Hoare triple {28178#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:58:43,786 INFO L290 TraceCheckUtils]: 52: Hoare triple {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:58:43,786 INFO L290 TraceCheckUtils]: 53: Hoare triple {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:58:43,787 INFO L290 TraceCheckUtils]: 54: Hoare triple {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:58:43,787 INFO L290 TraceCheckUtils]: 55: Hoare triple {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:58:43,787 INFO L290 TraceCheckUtils]: 56: Hoare triple {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:58:43,788 INFO L290 TraceCheckUtils]: 57: Hoare triple {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_setClientAutoResponse } true; {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:58:43,788 INFO L290 TraceCheckUtils]: 58: Hoare triple {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:58:43,788 INFO L290 TraceCheckUtils]: 59: Hoare triple {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:58:43,789 INFO L290 TraceCheckUtils]: 60: Hoare triple {28188#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {27945#false} is VALID [2022-02-20 17:58:43,789 INFO L290 TraceCheckUtils]: 61: Hoare triple {27945#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {27945#false} is VALID [2022-02-20 17:58:43,789 INFO L272 TraceCheckUtils]: 62: Hoare triple {27945#false} call sendEmail(~bob~0, ~rjh~0); {27945#false} is VALID [2022-02-20 17:58:43,789 INFO L290 TraceCheckUtils]: 63: Hoare triple {27945#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27945#false} is VALID [2022-02-20 17:58:43,789 INFO L272 TraceCheckUtils]: 64: Hoare triple {27945#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27945#false} is VALID [2022-02-20 17:58:43,789 INFO L290 TraceCheckUtils]: 65: Hoare triple {27945#false} ~handle := #in~handle;~value := #in~value; {27945#false} is VALID [2022-02-20 17:58:43,789 INFO L290 TraceCheckUtils]: 66: Hoare triple {27945#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27945#false} is VALID [2022-02-20 17:58:43,790 INFO L290 TraceCheckUtils]: 67: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,790 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {27945#false} {27945#false} #1133#return; {27945#false} is VALID [2022-02-20 17:58:43,790 INFO L272 TraceCheckUtils]: 69: Hoare triple {27945#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {27945#false} is VALID [2022-02-20 17:58:43,790 INFO L290 TraceCheckUtils]: 70: Hoare triple {27945#false} ~handle := #in~handle;~value := #in~value; {27945#false} is VALID [2022-02-20 17:58:43,790 INFO L290 TraceCheckUtils]: 71: Hoare triple {27945#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27945#false} is VALID [2022-02-20 17:58:43,790 INFO L290 TraceCheckUtils]: 72: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,790 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {27945#false} {27945#false} #1135#return; {27945#false} is VALID [2022-02-20 17:58:43,790 INFO L290 TraceCheckUtils]: 74: Hoare triple {27945#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {27945#false} is VALID [2022-02-20 17:58:43,790 INFO L290 TraceCheckUtils]: 75: Hoare triple {27945#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {27945#false} is VALID [2022-02-20 17:58:43,791 INFO L272 TraceCheckUtils]: 76: Hoare triple {27945#false} call outgoing(~sender#1, ~email~0#1); {27945#false} is VALID [2022-02-20 17:58:43,791 INFO L290 TraceCheckUtils]: 77: Hoare triple {27945#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {27945#false} is VALID [2022-02-20 17:58:43,791 INFO L290 TraceCheckUtils]: 78: Hoare triple {27945#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {27945#false} is VALID [2022-02-20 17:58:43,791 INFO L290 TraceCheckUtils]: 79: Hoare triple {27945#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {27945#false} is VALID [2022-02-20 17:58:43,791 INFO L290 TraceCheckUtils]: 80: Hoare triple {27945#false} assume 0 == sign_~privkey~0#1; {27945#false} is VALID [2022-02-20 17:58:43,791 INFO L290 TraceCheckUtils]: 81: Hoare triple {27945#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {27945#false} is VALID [2022-02-20 17:58:43,791 INFO L272 TraceCheckUtils]: 82: Hoare triple {27945#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {27945#false} is VALID [2022-02-20 17:58:43,791 INFO L290 TraceCheckUtils]: 83: Hoare triple {27945#false} ~handle := #in~handle;havoc ~retValue_acc~29; {27945#false} is VALID [2022-02-20 17:58:43,792 INFO L290 TraceCheckUtils]: 84: Hoare triple {27945#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {27945#false} is VALID [2022-02-20 17:58:43,792 INFO L290 TraceCheckUtils]: 85: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,792 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {27945#false} {27945#false} #1115#return; {27945#false} is VALID [2022-02-20 17:58:43,792 INFO L290 TraceCheckUtils]: 87: Hoare triple {27945#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {27945#false} is VALID [2022-02-20 17:58:43,792 INFO L290 TraceCheckUtils]: 88: Hoare triple {27945#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {27945#false} is VALID [2022-02-20 17:58:43,792 INFO L290 TraceCheckUtils]: 89: Hoare triple {27945#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret87#1 := puts(37, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret87#1; {27945#false} is VALID [2022-02-20 17:58:43,792 INFO L272 TraceCheckUtils]: 90: Hoare triple {27945#false} call outgoing__wrappee__AddressBook_#t~ret88#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {27945#false} is VALID [2022-02-20 17:58:43,792 INFO L290 TraceCheckUtils]: 91: Hoare triple {27945#false} ~handle := #in~handle;havoc ~retValue_acc~7; {27945#false} is VALID [2022-02-20 17:58:43,793 INFO L290 TraceCheckUtils]: 92: Hoare triple {27945#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {27945#false} is VALID [2022-02-20 17:58:43,793 INFO L290 TraceCheckUtils]: 93: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,793 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {27945#false} {27945#false} #1117#return; {27945#false} is VALID [2022-02-20 17:58:43,793 INFO L290 TraceCheckUtils]: 95: Hoare triple {27945#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret88#1;havoc outgoing__wrappee__AddressBook_#t~ret88#1;outgoing__wrappee__AddressBook_~receiver~0#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret89#1 := puts(38, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret89#1; {27945#false} is VALID [2022-02-20 17:58:43,793 INFO L272 TraceCheckUtils]: 96: Hoare triple {27945#false} call outgoing__wrappee__AddressBook_#t~ret90#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {27945#false} is VALID [2022-02-20 17:58:43,793 INFO L290 TraceCheckUtils]: 97: Hoare triple {27945#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {27945#false} is VALID [2022-02-20 17:58:43,793 INFO L290 TraceCheckUtils]: 98: Hoare triple {27945#false} assume 1 == ~handle; {27945#false} is VALID [2022-02-20 17:58:43,793 INFO L290 TraceCheckUtils]: 99: Hoare triple {27945#false} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {27945#false} is VALID [2022-02-20 17:58:43,793 INFO L290 TraceCheckUtils]: 100: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,794 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {27945#false} {27945#false} #1119#return; {27945#false} is VALID [2022-02-20 17:58:43,794 INFO L290 TraceCheckUtils]: 102: Hoare triple {27945#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~4#1 := outgoing__wrappee__AddressBook_#t~ret90#1;havoc outgoing__wrappee__AddressBook_#t~ret90#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~4#1; {27945#false} is VALID [2022-02-20 17:58:43,794 INFO L272 TraceCheckUtils]: 103: Hoare triple {27945#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {27945#false} is VALID [2022-02-20 17:58:43,794 INFO L290 TraceCheckUtils]: 104: Hoare triple {27945#false} ~handle := #in~handle;~value := #in~value; {27945#false} is VALID [2022-02-20 17:58:43,794 INFO L290 TraceCheckUtils]: 105: Hoare triple {27945#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27945#false} is VALID [2022-02-20 17:58:43,794 INFO L290 TraceCheckUtils]: 106: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,794 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {27945#false} {27945#false} #1121#return; {27945#false} is VALID [2022-02-20 17:58:43,794 INFO L272 TraceCheckUtils]: 108: Hoare triple {27945#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {27945#false} is VALID [2022-02-20 17:58:43,795 INFO L290 TraceCheckUtils]: 109: Hoare triple {27945#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {27945#false} is VALID [2022-02-20 17:58:43,795 INFO L290 TraceCheckUtils]: 110: Hoare triple {27945#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {27945#false} is VALID [2022-02-20 17:58:43,795 INFO L290 TraceCheckUtils]: 111: Hoare triple {27945#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {27945#false} is VALID [2022-02-20 17:58:43,795 INFO L272 TraceCheckUtils]: 112: Hoare triple {27945#false} call setEmailFrom(~msg#1, ~tmp~12#1); {27945#false} is VALID [2022-02-20 17:58:43,795 INFO L290 TraceCheckUtils]: 113: Hoare triple {27945#false} ~handle := #in~handle;~value := #in~value; {27945#false} is VALID [2022-02-20 17:58:43,795 INFO L290 TraceCheckUtils]: 114: Hoare triple {27945#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27945#false} is VALID [2022-02-20 17:58:43,795 INFO L290 TraceCheckUtils]: 115: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,795 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {27945#false} {27945#false} #1147#return; {27945#false} is VALID [2022-02-20 17:58:43,795 INFO L290 TraceCheckUtils]: 117: Hoare triple {27945#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {27945#false} is VALID [2022-02-20 17:58:43,796 INFO L272 TraceCheckUtils]: 118: Hoare triple {27945#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {27945#false} is VALID [2022-02-20 17:58:43,796 INFO L290 TraceCheckUtils]: 119: Hoare triple {27945#false} ~handle := #in~handle;havoc ~retValue_acc~12; {27945#false} is VALID [2022-02-20 17:58:43,796 INFO L290 TraceCheckUtils]: 120: Hoare triple {27945#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {27945#false} is VALID [2022-02-20 17:58:43,796 INFO L290 TraceCheckUtils]: 121: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,796 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {27945#false} {27945#false} #1149#return; {27945#false} is VALID [2022-02-20 17:58:43,796 INFO L290 TraceCheckUtils]: 123: Hoare triple {27945#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {27945#false} is VALID [2022-02-20 17:58:43,796 INFO L290 TraceCheckUtils]: 124: Hoare triple {27945#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {27945#false} is VALID [2022-02-20 17:58:43,796 INFO L272 TraceCheckUtils]: 125: Hoare triple {27945#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {27945#false} is VALID [2022-02-20 17:58:43,796 INFO L290 TraceCheckUtils]: 126: Hoare triple {27945#false} ~handle := #in~handle;havoc ~retValue_acc~7; {27945#false} is VALID [2022-02-20 17:58:43,797 INFO L290 TraceCheckUtils]: 127: Hoare triple {27945#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {27945#false} is VALID [2022-02-20 17:58:43,797 INFO L290 TraceCheckUtils]: 128: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,797 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {27945#false} {27945#false} #1151#return; {27945#false} is VALID [2022-02-20 17:58:43,797 INFO L290 TraceCheckUtils]: 130: Hoare triple {27945#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {27945#false} is VALID [2022-02-20 17:58:43,797 INFO L290 TraceCheckUtils]: 131: Hoare triple {27945#false} assume 1 == ~sent_signed~0; {27945#false} is VALID [2022-02-20 17:58:43,797 INFO L272 TraceCheckUtils]: 132: Hoare triple {27945#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {27945#false} is VALID [2022-02-20 17:58:43,797 INFO L290 TraceCheckUtils]: 133: Hoare triple {27945#false} ~handle := #in~handle;havoc ~retValue_acc~6; {27945#false} is VALID [2022-02-20 17:58:43,797 INFO L290 TraceCheckUtils]: 134: Hoare triple {27945#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {27945#false} is VALID [2022-02-20 17:58:43,798 INFO L290 TraceCheckUtils]: 135: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,798 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {27945#false} {27945#false} #1153#return; {27945#false} is VALID [2022-02-20 17:58:43,798 INFO L290 TraceCheckUtils]: 137: Hoare triple {27945#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {27945#false} is VALID [2022-02-20 17:58:43,798 INFO L272 TraceCheckUtils]: 138: Hoare triple {27945#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {27945#false} is VALID [2022-02-20 17:58:43,798 INFO L290 TraceCheckUtils]: 139: Hoare triple {27945#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {27945#false} is VALID [2022-02-20 17:58:43,798 INFO L290 TraceCheckUtils]: 140: Hoare triple {27945#false} assume 1 == ~handle; {27945#false} is VALID [2022-02-20 17:58:43,798 INFO L290 TraceCheckUtils]: 141: Hoare triple {27945#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {27945#false} is VALID [2022-02-20 17:58:43,798 INFO L290 TraceCheckUtils]: 142: Hoare triple {27945#false} assume true; {27945#false} is VALID [2022-02-20 17:58:43,798 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {27945#false} {27945#false} #1155#return; {27945#false} is VALID [2022-02-20 17:58:43,799 INFO L290 TraceCheckUtils]: 144: Hoare triple {27945#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {27945#false} is VALID [2022-02-20 17:58:43,799 INFO L290 TraceCheckUtils]: 145: Hoare triple {27945#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {27945#false} is VALID [2022-02-20 17:58:43,799 INFO L272 TraceCheckUtils]: 146: Hoare triple {27945#false} call __automaton_fail(); {27945#false} is VALID [2022-02-20 17:58:43,799 INFO L290 TraceCheckUtils]: 147: Hoare triple {27945#false} assume !false; {27945#false} is VALID [2022-02-20 17:58:43,799 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 38 trivial. 0 not checked. [2022-02-20 17:58:43,799 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 17:58:44,188 INFO L290 TraceCheckUtils]: 147: Hoare triple {27945#false} assume !false; {27945#false} is VALID [2022-02-20 17:58:44,189 INFO L272 TraceCheckUtils]: 146: Hoare triple {27945#false} call __automaton_fail(); {27945#false} is VALID [2022-02-20 17:58:44,189 INFO L290 TraceCheckUtils]: 145: Hoare triple {27945#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {27945#false} is VALID [2022-02-20 17:58:44,189 INFO L290 TraceCheckUtils]: 144: Hoare triple {27945#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {27945#false} is VALID [2022-02-20 17:58:44,189 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {27944#true} {27945#false} #1155#return; {27945#false} is VALID [2022-02-20 17:58:44,189 INFO L290 TraceCheckUtils]: 142: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,189 INFO L290 TraceCheckUtils]: 141: Hoare triple {27944#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {27944#true} is VALID [2022-02-20 17:58:44,189 INFO L290 TraceCheckUtils]: 140: Hoare triple {27944#true} assume 1 == ~handle; {27944#true} is VALID [2022-02-20 17:58:44,190 INFO L290 TraceCheckUtils]: 139: Hoare triple {27944#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {27944#true} is VALID [2022-02-20 17:58:44,190 INFO L272 TraceCheckUtils]: 138: Hoare triple {27945#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {27944#true} is VALID [2022-02-20 17:58:44,190 INFO L290 TraceCheckUtils]: 137: Hoare triple {27945#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {27945#false} is VALID [2022-02-20 17:58:44,190 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {27944#true} {27945#false} #1153#return; {27945#false} is VALID [2022-02-20 17:58:44,190 INFO L290 TraceCheckUtils]: 135: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,190 INFO L290 TraceCheckUtils]: 134: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {27944#true} is VALID [2022-02-20 17:58:44,190 INFO L290 TraceCheckUtils]: 133: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~6; {27944#true} is VALID [2022-02-20 17:58:44,190 INFO L272 TraceCheckUtils]: 132: Hoare triple {27945#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {27944#true} is VALID [2022-02-20 17:58:44,191 INFO L290 TraceCheckUtils]: 131: Hoare triple {27945#false} assume 1 == ~sent_signed~0; {27945#false} is VALID [2022-02-20 17:58:44,191 INFO L290 TraceCheckUtils]: 130: Hoare triple {27945#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {27945#false} is VALID [2022-02-20 17:58:44,191 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {27944#true} {27945#false} #1151#return; {27945#false} is VALID [2022-02-20 17:58:44,191 INFO L290 TraceCheckUtils]: 128: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,191 INFO L290 TraceCheckUtils]: 127: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:44,191 INFO L290 TraceCheckUtils]: 126: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:44,191 INFO L272 TraceCheckUtils]: 125: Hoare triple {27945#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {27944#true} is VALID [2022-02-20 17:58:44,191 INFO L290 TraceCheckUtils]: 124: Hoare triple {27945#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {27945#false} is VALID [2022-02-20 17:58:44,191 INFO L290 TraceCheckUtils]: 123: Hoare triple {27945#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {27945#false} is VALID [2022-02-20 17:58:44,192 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {27944#true} {27945#false} #1149#return; {27945#false} is VALID [2022-02-20 17:58:44,192 INFO L290 TraceCheckUtils]: 121: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,192 INFO L290 TraceCheckUtils]: 120: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {27944#true} is VALID [2022-02-20 17:58:44,192 INFO L290 TraceCheckUtils]: 119: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~12; {27944#true} is VALID [2022-02-20 17:58:44,192 INFO L272 TraceCheckUtils]: 118: Hoare triple {27945#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {27944#true} is VALID [2022-02-20 17:58:44,192 INFO L290 TraceCheckUtils]: 117: Hoare triple {27945#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {27945#false} is VALID [2022-02-20 17:58:44,192 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {27944#true} {27945#false} #1147#return; {27945#false} is VALID [2022-02-20 17:58:44,192 INFO L290 TraceCheckUtils]: 115: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,193 INFO L290 TraceCheckUtils]: 114: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,193 INFO L290 TraceCheckUtils]: 113: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,193 INFO L272 TraceCheckUtils]: 112: Hoare triple {27945#false} call setEmailFrom(~msg#1, ~tmp~12#1); {27944#true} is VALID [2022-02-20 17:58:44,193 INFO L290 TraceCheckUtils]: 111: Hoare triple {27945#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {27945#false} is VALID [2022-02-20 17:58:44,193 INFO L290 TraceCheckUtils]: 110: Hoare triple {27945#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {27945#false} is VALID [2022-02-20 17:58:44,193 INFO L290 TraceCheckUtils]: 109: Hoare triple {27945#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {27945#false} is VALID [2022-02-20 17:58:44,193 INFO L272 TraceCheckUtils]: 108: Hoare triple {27945#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {27945#false} is VALID [2022-02-20 17:58:44,193 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {27944#true} {27945#false} #1121#return; {27945#false} is VALID [2022-02-20 17:58:44,193 INFO L290 TraceCheckUtils]: 106: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,194 INFO L290 TraceCheckUtils]: 105: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,194 INFO L290 TraceCheckUtils]: 104: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,194 INFO L272 TraceCheckUtils]: 103: Hoare triple {27945#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {27944#true} is VALID [2022-02-20 17:58:44,194 INFO L290 TraceCheckUtils]: 102: Hoare triple {27945#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~4#1 := outgoing__wrappee__AddressBook_#t~ret90#1;havoc outgoing__wrappee__AddressBook_#t~ret90#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~4#1; {27945#false} is VALID [2022-02-20 17:58:44,194 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {27944#true} {27945#false} #1119#return; {27945#false} is VALID [2022-02-20 17:58:44,194 INFO L290 TraceCheckUtils]: 100: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,194 INFO L290 TraceCheckUtils]: 99: Hoare triple {27944#true} assume 0 == ~index;~retValue_acc~33 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~33; {27944#true} is VALID [2022-02-20 17:58:44,194 INFO L290 TraceCheckUtils]: 98: Hoare triple {27944#true} assume 1 == ~handle; {27944#true} is VALID [2022-02-20 17:58:44,194 INFO L290 TraceCheckUtils]: 97: Hoare triple {27944#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~33; {27944#true} is VALID [2022-02-20 17:58:44,195 INFO L272 TraceCheckUtils]: 96: Hoare triple {27945#false} call outgoing__wrappee__AddressBook_#t~ret90#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {27944#true} is VALID [2022-02-20 17:58:44,195 INFO L290 TraceCheckUtils]: 95: Hoare triple {27945#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~6#1 := outgoing__wrappee__AddressBook_#t~ret88#1;havoc outgoing__wrappee__AddressBook_#t~ret88#1;outgoing__wrappee__AddressBook_~receiver~0#1 := outgoing__wrappee__AddressBook_~tmp___0~6#1;call outgoing__wrappee__AddressBook_#t~ret89#1 := puts(38, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret89#1; {27945#false} is VALID [2022-02-20 17:58:44,195 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {27944#true} {27945#false} #1117#return; {27945#false} is VALID [2022-02-20 17:58:44,195 INFO L290 TraceCheckUtils]: 93: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,195 INFO L290 TraceCheckUtils]: 92: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:44,195 INFO L290 TraceCheckUtils]: 91: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~7; {27944#true} is VALID [2022-02-20 17:58:44,195 INFO L272 TraceCheckUtils]: 90: Hoare triple {27945#false} call outgoing__wrappee__AddressBook_#t~ret88#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {27944#true} is VALID [2022-02-20 17:58:44,195 INFO L290 TraceCheckUtils]: 89: Hoare triple {27945#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret87#1 := puts(37, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret87#1; {27945#false} is VALID [2022-02-20 17:58:44,196 INFO L290 TraceCheckUtils]: 88: Hoare triple {27945#false} assume 0 != outgoing__wrappee__AddressBook_~size~0#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {27945#false} is VALID [2022-02-20 17:58:44,196 INFO L290 TraceCheckUtils]: 87: Hoare triple {27945#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {27945#false} is VALID [2022-02-20 17:58:44,196 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {27944#true} {27945#false} #1115#return; {27945#false} is VALID [2022-02-20 17:58:44,196 INFO L290 TraceCheckUtils]: 85: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,196 INFO L290 TraceCheckUtils]: 84: Hoare triple {27944#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {27944#true} is VALID [2022-02-20 17:58:44,196 INFO L290 TraceCheckUtils]: 83: Hoare triple {27944#true} ~handle := #in~handle;havoc ~retValue_acc~29; {27944#true} is VALID [2022-02-20 17:58:44,196 INFO L272 TraceCheckUtils]: 82: Hoare triple {27945#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {27944#true} is VALID [2022-02-20 17:58:44,196 INFO L290 TraceCheckUtils]: 81: Hoare triple {27945#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {27945#false} is VALID [2022-02-20 17:58:44,196 INFO L290 TraceCheckUtils]: 80: Hoare triple {27945#false} assume 0 == sign_~privkey~0#1; {27945#false} is VALID [2022-02-20 17:58:44,197 INFO L290 TraceCheckUtils]: 79: Hoare triple {27945#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {27945#false} is VALID [2022-02-20 17:58:44,197 INFO L290 TraceCheckUtils]: 78: Hoare triple {27945#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {27945#false} is VALID [2022-02-20 17:58:44,197 INFO L290 TraceCheckUtils]: 77: Hoare triple {27945#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {27945#false} is VALID [2022-02-20 17:58:44,197 INFO L272 TraceCheckUtils]: 76: Hoare triple {27945#false} call outgoing(~sender#1, ~email~0#1); {27945#false} is VALID [2022-02-20 17:58:44,197 INFO L290 TraceCheckUtils]: 75: Hoare triple {27945#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {27945#false} is VALID [2022-02-20 17:58:44,197 INFO L290 TraceCheckUtils]: 74: Hoare triple {27945#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {27945#false} is VALID [2022-02-20 17:58:44,197 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {27944#true} {27945#false} #1135#return; {27945#false} is VALID [2022-02-20 17:58:44,197 INFO L290 TraceCheckUtils]: 72: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,197 INFO L290 TraceCheckUtils]: 71: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,198 INFO L290 TraceCheckUtils]: 70: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,198 INFO L272 TraceCheckUtils]: 69: Hoare triple {27945#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {27944#true} is VALID [2022-02-20 17:58:44,198 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {27944#true} {27945#false} #1133#return; {27945#false} is VALID [2022-02-20 17:58:44,198 INFO L290 TraceCheckUtils]: 67: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,198 INFO L290 TraceCheckUtils]: 66: Hoare triple {27944#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,198 INFO L290 TraceCheckUtils]: 65: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,198 INFO L272 TraceCheckUtils]: 64: Hoare triple {27945#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {27944#true} is VALID [2022-02-20 17:58:44,198 INFO L290 TraceCheckUtils]: 63: Hoare triple {27945#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {27945#false} is VALID [2022-02-20 17:58:44,199 INFO L272 TraceCheckUtils]: 62: Hoare triple {27945#false} call sendEmail(~bob~0, ~rjh~0); {27945#false} is VALID [2022-02-20 17:58:44,199 INFO L290 TraceCheckUtils]: 61: Hoare triple {27945#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {27945#false} is VALID [2022-02-20 17:58:44,199 INFO L290 TraceCheckUtils]: 60: Hoare triple {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {27945#false} is VALID [2022-02-20 17:58:44,199 INFO L290 TraceCheckUtils]: 59: Hoare triple {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:58:44,199 INFO L290 TraceCheckUtils]: 58: Hoare triple {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:58:44,200 INFO L290 TraceCheckUtils]: 57: Hoare triple {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume { :end_inline_setClientAutoResponse } true; {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:58:44,200 INFO L290 TraceCheckUtils]: 56: Hoare triple {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:58:44,200 INFO L290 TraceCheckUtils]: 55: Hoare triple {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:58:44,201 INFO L290 TraceCheckUtils]: 54: Hoare triple {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet25#1 && test_#t~nondet25#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet25#1;havoc test_#t~nondet25#1; {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:58:44,201 INFO L290 TraceCheckUtils]: 53: Hoare triple {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:58:44,201 INFO L290 TraceCheckUtils]: 52: Hoare triple {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:58:44,202 INFO L290 TraceCheckUtils]: 51: Hoare triple {28766#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {28738#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:58:44,202 INFO L290 TraceCheckUtils]: 50: Hoare triple {28766#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {28766#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:58:44,202 INFO L290 TraceCheckUtils]: 49: Hoare triple {28766#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {28766#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:58:44,203 INFO L290 TraceCheckUtils]: 48: Hoare triple {27944#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {28766#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:58:44,203 INFO L290 TraceCheckUtils]: 47: Hoare triple {27944#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {27944#true} is VALID [2022-02-20 17:58:44,203 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {27944#true} {27944#true} #1191#return; {27944#true} is VALID [2022-02-20 17:58:44,203 INFO L290 TraceCheckUtils]: 45: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,203 INFO L290 TraceCheckUtils]: 44: Hoare triple {27944#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,203 INFO L290 TraceCheckUtils]: 43: Hoare triple {27944#true} assume !(2 == ~handle); {27944#true} is VALID [2022-02-20 17:58:44,203 INFO L290 TraceCheckUtils]: 42: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:44,203 INFO L290 TraceCheckUtils]: 41: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,204 INFO L272 TraceCheckUtils]: 40: Hoare triple {27944#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {27944#true} is VALID [2022-02-20 17:58:44,204 INFO L290 TraceCheckUtils]: 39: Hoare triple {27944#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {27944#true} is VALID [2022-02-20 17:58:44,204 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {27944#true} {27944#true} #1189#return; {27944#true} is VALID [2022-02-20 17:58:44,204 INFO L290 TraceCheckUtils]: 37: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,204 INFO L290 TraceCheckUtils]: 36: Hoare triple {27944#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,204 INFO L290 TraceCheckUtils]: 35: Hoare triple {27944#true} assume !(2 == ~handle); {27944#true} is VALID [2022-02-20 17:58:44,204 INFO L290 TraceCheckUtils]: 34: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:44,204 INFO L290 TraceCheckUtils]: 33: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,205 INFO L272 TraceCheckUtils]: 32: Hoare triple {27944#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {27944#true} is VALID [2022-02-20 17:58:44,205 INFO L290 TraceCheckUtils]: 31: Hoare triple {27944#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {27944#true} is VALID [2022-02-20 17:58:44,205 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {27944#true} {27944#true} #1187#return; {27944#true} is VALID [2022-02-20 17:58:44,205 INFO L290 TraceCheckUtils]: 29: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,205 INFO L290 TraceCheckUtils]: 28: Hoare triple {27944#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,205 INFO L290 TraceCheckUtils]: 27: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:44,205 INFO L290 TraceCheckUtils]: 26: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,205 INFO L272 TraceCheckUtils]: 25: Hoare triple {27944#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {27944#true} is VALID [2022-02-20 17:58:44,205 INFO L290 TraceCheckUtils]: 24: Hoare triple {27944#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {27944#true} is VALID [2022-02-20 17:58:44,206 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {27944#true} {27944#true} #1185#return; {27944#true} is VALID [2022-02-20 17:58:44,206 INFO L290 TraceCheckUtils]: 22: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,206 INFO L290 TraceCheckUtils]: 21: Hoare triple {27944#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,206 INFO L290 TraceCheckUtils]: 20: Hoare triple {27944#true} assume !(1 == ~handle); {27944#true} is VALID [2022-02-20 17:58:44,206 INFO L290 TraceCheckUtils]: 19: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,206 INFO L272 TraceCheckUtils]: 18: Hoare triple {27944#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {27944#true} is VALID [2022-02-20 17:58:44,206 INFO L290 TraceCheckUtils]: 17: Hoare triple {27944#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {27944#true} is VALID [2022-02-20 17:58:44,206 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {27944#true} {27944#true} #1183#return; {27944#true} is VALID [2022-02-20 17:58:44,207 INFO L290 TraceCheckUtils]: 15: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,207 INFO L290 TraceCheckUtils]: 14: Hoare triple {27944#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,207 INFO L290 TraceCheckUtils]: 13: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,207 INFO L272 TraceCheckUtils]: 12: Hoare triple {27944#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {27944#true} is VALID [2022-02-20 17:58:44,207 INFO L290 TraceCheckUtils]: 11: Hoare triple {27944#true} assume { :end_inline_setup_bob__wrappee__Base } true; {27944#true} is VALID [2022-02-20 17:58:44,207 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27944#true} {27944#true} #1181#return; {27944#true} is VALID [2022-02-20 17:58:44,207 INFO L290 TraceCheckUtils]: 9: Hoare triple {27944#true} assume true; {27944#true} is VALID [2022-02-20 17:58:44,207 INFO L290 TraceCheckUtils]: 8: Hoare triple {27944#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {27944#true} is VALID [2022-02-20 17:58:44,207 INFO L290 TraceCheckUtils]: 7: Hoare triple {27944#true} ~handle := #in~handle;~value := #in~value; {27944#true} is VALID [2022-02-20 17:58:44,208 INFO L272 TraceCheckUtils]: 6: Hoare triple {27944#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {27944#true} is VALID [2022-02-20 17:58:44,208 INFO L290 TraceCheckUtils]: 5: Hoare triple {27944#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {27944#true} is VALID [2022-02-20 17:58:44,208 INFO L290 TraceCheckUtils]: 4: Hoare triple {27944#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {27944#true} is VALID [2022-02-20 17:58:44,208 INFO L290 TraceCheckUtils]: 3: Hoare triple {27944#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {27944#true} is VALID [2022-02-20 17:58:44,208 INFO L290 TraceCheckUtils]: 2: Hoare triple {27944#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27944#true} is VALID [2022-02-20 17:58:44,208 INFO L290 TraceCheckUtils]: 1: Hoare triple {27944#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {27944#true} is VALID [2022-02-20 17:58:44,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {27944#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {27944#true} is VALID [2022-02-20 17:58:44,209 INFO L134 CoverageAnalysis]: Checked inductivity of 40 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 38 trivial. 0 not checked. [2022-02-20 17:58:44,209 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1813673974] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 17:58:44,209 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 17:58:44,209 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 4, 4] total 15 [2022-02-20 17:58:44,209 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2121655286] [2022-02-20 17:58:44,209 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 17:58:44,210 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 11.142857142857142) internal successors, (156), 11 states have internal predecessors, (156), 4 states have call successors, (42), 6 states have call predecessors, (42), 3 states have return successors, (32), 3 states have call predecessors, (32), 4 states have call successors, (32) Word has length 148 [2022-02-20 17:58:45,551 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:45,552 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 14 states have (on average 11.142857142857142) internal successors, (156), 11 states have internal predecessors, (156), 4 states have call successors, (42), 6 states have call predecessors, (42), 3 states have return successors, (32), 3 states have call predecessors, (32), 4 states have call successors, (32) [2022-02-20 17:58:45,690 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 230 edges. 230 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:45,690 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 17:58:45,690 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:45,691 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 17:58:45,691 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=33, Invalid=177, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:58:45,691 INFO L87 Difference]: Start difference. First operand 453 states and 707 transitions. Second operand has 15 states, 14 states have (on average 11.142857142857142) internal successors, (156), 11 states have internal predecessors, (156), 4 states have call successors, (42), 6 states have call predecessors, (42), 3 states have return successors, (32), 3 states have call predecessors, (32), 4 states have call successors, (32) [2022-02-20 17:59:00,985 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:00,986 INFO L93 Difference]: Finished difference Result 1858 states and 3139 transitions. [2022-02-20 17:59:00,986 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-02-20 17:59:00,986 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 14 states have (on average 11.142857142857142) internal successors, (156), 11 states have internal predecessors, (156), 4 states have call successors, (42), 6 states have call predecessors, (42), 3 states have return successors, (32), 3 states have call predecessors, (32), 4 states have call successors, (32) Word has length 148 [2022-02-20 17:59:00,986 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:00,987 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 14 states have (on average 11.142857142857142) internal successors, (156), 11 states have internal predecessors, (156), 4 states have call successors, (42), 6 states have call predecessors, (42), 3 states have return successors, (32), 3 states have call predecessors, (32), 4 states have call successors, (32) [2022-02-20 17:59:01,044 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20 states to 20 states and 2391 transitions. [2022-02-20 17:59:01,046 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 14 states have (on average 11.142857142857142) internal successors, (156), 11 states have internal predecessors, (156), 4 states have call successors, (42), 6 states have call predecessors, (42), 3 states have return successors, (32), 3 states have call predecessors, (32), 4 states have call successors, (32) [2022-02-20 17:59:01,067 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 20 states to 20 states and 2391 transitions. [2022-02-20 17:59:01,068 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 20 states and 2391 transitions. [2022-02-20 17:59:02,413 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 2391 edges. 2391 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:02,515 INFO L225 Difference]: With dead ends: 1858 [2022-02-20 17:59:02,515 INFO L226 Difference]: Without dead ends: 1436 [2022-02-20 17:59:02,542 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 357 GetRequests, 327 SyntacticMatches, 0 SemanticMatches, 30 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 140 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=181, Invalid=811, Unknown=0, NotChecked=0, Total=992 [2022-02-20 17:59:02,543 INFO L933 BasicCegarLoop]: 799 mSDtfsCounter, 3708 mSDsluCounter, 3147 mSDsCounter, 0 mSdLazyCounter, 4530 mSolverCounterSat, 1401 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 6.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3710 SdHoareTripleChecker+Valid, 3946 SdHoareTripleChecker+Invalid, 5931 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1401 IncrementalHoareTripleChecker+Valid, 4530 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 6.5s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:02,544 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [3710 Valid, 3946 Invalid, 5931 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1401 Valid, 4530 Invalid, 0 Unknown, 0 Unchecked, 6.5s Time] [2022-02-20 17:59:02,545 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1436 states. [2022-02-20 17:59:02,906 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1436 to 871. [2022-02-20 17:59:02,907 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:02,908 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1436 states. Second operand has 871 states, 692 states have (on average 1.6184971098265897) internal successors, (1120), 699 states have internal predecessors, (1120), 151 states have call successors, (151), 24 states have call predecessors, (151), 27 states have return successors, (170), 147 states have call predecessors, (170), 148 states have call successors, (170) [2022-02-20 17:59:02,909 INFO L74 IsIncluded]: Start isIncluded. First operand 1436 states. Second operand has 871 states, 692 states have (on average 1.6184971098265897) internal successors, (1120), 699 states have internal predecessors, (1120), 151 states have call successors, (151), 24 states have call predecessors, (151), 27 states have return successors, (170), 147 states have call predecessors, (170), 148 states have call successors, (170) [2022-02-20 17:59:02,910 INFO L87 Difference]: Start difference. First operand 1436 states. Second operand has 871 states, 692 states have (on average 1.6184971098265897) internal successors, (1120), 699 states have internal predecessors, (1120), 151 states have call successors, (151), 24 states have call predecessors, (151), 27 states have return successors, (170), 147 states have call predecessors, (170), 148 states have call successors, (170) [2022-02-20 17:59:02,980 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:02,980 INFO L93 Difference]: Finished difference Result 1436 states and 2457 transitions. [2022-02-20 17:59:02,980 INFO L276 IsEmpty]: Start isEmpty. Operand 1436 states and 2457 transitions. [2022-02-20 17:59:02,985 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:02,986 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:02,987 INFO L74 IsIncluded]: Start isIncluded. First operand has 871 states, 692 states have (on average 1.6184971098265897) internal successors, (1120), 699 states have internal predecessors, (1120), 151 states have call successors, (151), 24 states have call predecessors, (151), 27 states have return successors, (170), 147 states have call predecessors, (170), 148 states have call successors, (170) Second operand 1436 states. [2022-02-20 17:59:02,988 INFO L87 Difference]: Start difference. First operand has 871 states, 692 states have (on average 1.6184971098265897) internal successors, (1120), 699 states have internal predecessors, (1120), 151 states have call successors, (151), 24 states have call predecessors, (151), 27 states have return successors, (170), 147 states have call predecessors, (170), 148 states have call successors, (170) Second operand 1436 states. [2022-02-20 17:59:03,061 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:03,062 INFO L93 Difference]: Finished difference Result 1436 states and 2457 transitions. [2022-02-20 17:59:03,062 INFO L276 IsEmpty]: Start isEmpty. Operand 1436 states and 2457 transitions. [2022-02-20 17:59:03,067 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:03,067 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:03,067 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:03,068 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:03,069 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 871 states, 692 states have (on average 1.6184971098265897) internal successors, (1120), 699 states have internal predecessors, (1120), 151 states have call successors, (151), 24 states have call predecessors, (151), 27 states have return successors, (170), 147 states have call predecessors, (170), 148 states have call successors, (170) [2022-02-20 17:59:03,134 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 871 states to 871 states and 1441 transitions. [2022-02-20 17:59:03,147 INFO L78 Accepts]: Start accepts. Automaton has 871 states and 1441 transitions. Word has length 148 [2022-02-20 17:59:03,148 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:03,148 INFO L470 AbstractCegarLoop]: Abstraction has 871 states and 1441 transitions. [2022-02-20 17:59:03,148 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 14 states have (on average 11.142857142857142) internal successors, (156), 11 states have internal predecessors, (156), 4 states have call successors, (42), 6 states have call predecessors, (42), 3 states have return successors, (32), 3 states have call predecessors, (32), 4 states have call successors, (32) [2022-02-20 17:59:03,148 INFO L276 IsEmpty]: Start isEmpty. Operand 871 states and 1441 transitions. [2022-02-20 17:59:03,152 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 133 [2022-02-20 17:59:03,152 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:03,152 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:03,179 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:03,370 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9,7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:03,371 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:03,371 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:03,371 INFO L85 PathProgramCache]: Analyzing trace with hash 1013022430, now seen corresponding path program 1 times [2022-02-20 17:59:03,371 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:03,371 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [181735622] [2022-02-20 17:59:03,372 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:03,372 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:03,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,425 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:03,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,429 INFO L290 TraceCheckUtils]: 0: Hoare triple {35785#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,429 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,429 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,429 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35719#true} {35719#true} #1181#return; {35719#true} is VALID [2022-02-20 17:59:03,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:03,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {35786#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,437 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35719#true} {35719#true} #1183#return; {35719#true} is VALID [2022-02-20 17:59:03,437 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:03,438 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,440 INFO L290 TraceCheckUtils]: 0: Hoare triple {35785#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,440 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume !(1 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,440 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,440 INFO L290 TraceCheckUtils]: 3: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,440 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {35719#true} {35719#true} #1185#return; {35719#true} is VALID [2022-02-20 17:59:03,441 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:03,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,444 INFO L290 TraceCheckUtils]: 0: Hoare triple {35786#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,444 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume !(1 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,445 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,445 INFO L290 TraceCheckUtils]: 3: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,445 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {35719#true} {35719#true} #1187#return; {35719#true} is VALID [2022-02-20 17:59:03,445 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:03,446 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,447 INFO L290 TraceCheckUtils]: 0: Hoare triple {35785#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,448 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume !(1 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,448 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume !(2 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,448 INFO L290 TraceCheckUtils]: 3: Hoare triple {35719#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,448 INFO L290 TraceCheckUtils]: 4: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,448 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {35719#true} {35719#true} #1189#return; {35719#true} is VALID [2022-02-20 17:59:03,448 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:03,449 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,451 INFO L290 TraceCheckUtils]: 0: Hoare triple {35786#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,451 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume !(1 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,451 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume !(2 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,451 INFO L290 TraceCheckUtils]: 3: Hoare triple {35719#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,451 INFO L290 TraceCheckUtils]: 4: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,451 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {35719#true} {35719#true} #1191#return; {35719#true} is VALID [2022-02-20 17:59:03,456 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:59:03,456 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,458 INFO L290 TraceCheckUtils]: 0: Hoare triple {35787#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,458 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,458 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,458 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35719#true} {35720#false} #1133#return; {35720#false} is VALID [2022-02-20 17:59:03,463 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:59:03,464 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,465 INFO L290 TraceCheckUtils]: 0: Hoare triple {35788#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,465 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,465 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,465 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35719#true} {35720#false} #1135#return; {35720#false} is VALID [2022-02-20 17:59:03,465 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:59:03,466 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,467 INFO L290 TraceCheckUtils]: 0: Hoare triple {35719#true} ~handle := #in~handle;havoc ~retValue_acc~29; {35719#true} is VALID [2022-02-20 17:59:03,467 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {35719#true} is VALID [2022-02-20 17:59:03,468 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,468 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35719#true} {35720#false} #1115#return; {35720#false} is VALID [2022-02-20 17:59:03,468 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:59:03,468 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,470 INFO L290 TraceCheckUtils]: 0: Hoare triple {35787#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,470 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,470 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,470 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35719#true} {35720#false} #1147#return; {35720#false} is VALID [2022-02-20 17:59:03,470 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:59:03,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,472 INFO L290 TraceCheckUtils]: 0: Hoare triple {35719#true} ~handle := #in~handle;havoc ~retValue_acc~12; {35719#true} is VALID [2022-02-20 17:59:03,472 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {35719#true} is VALID [2022-02-20 17:59:03,472 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,472 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35719#true} {35720#false} #1149#return; {35720#false} is VALID [2022-02-20 17:59:03,472 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:59:03,473 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,475 INFO L290 TraceCheckUtils]: 0: Hoare triple {35719#true} ~handle := #in~handle;havoc ~retValue_acc~7; {35719#true} is VALID [2022-02-20 17:59:03,475 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {35719#true} is VALID [2022-02-20 17:59:03,475 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,475 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35719#true} {35720#false} #1151#return; {35720#false} is VALID [2022-02-20 17:59:03,475 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 17:59:03,476 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {35719#true} ~handle := #in~handle;havoc ~retValue_acc~6; {35719#true} is VALID [2022-02-20 17:59:03,477 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {35719#true} is VALID [2022-02-20 17:59:03,477 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,477 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {35719#true} {35720#false} #1153#return; {35720#false} is VALID [2022-02-20 17:59:03,478 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 17:59:03,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {35719#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {35719#true} is VALID [2022-02-20 17:59:03,480 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume 1 == ~handle; {35719#true} is VALID [2022-02-20 17:59:03,480 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {35719#true} is VALID [2022-02-20 17:59:03,480 INFO L290 TraceCheckUtils]: 3: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,480 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {35719#true} {35720#false} #1155#return; {35720#false} is VALID [2022-02-20 17:59:03,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {35719#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(4, 24);call write~init~int(37, 24, 0, 1);call write~init~int(115, 24, 1, 1);call write~init~int(10, 24, 2, 1);call write~init~int(0, 24, 3, 1);call #Ultimate.allocInit(10, 25);call #Ultimate.allocInit(12, 26);call #Ultimate.allocInit(10, 27);call #Ultimate.allocInit(18, 28);call #Ultimate.allocInit(13, 29);call #Ultimate.allocInit(16, 30);call #Ultimate.allocInit(25, 31);call #Ultimate.allocInit(13, 32);call #Ultimate.allocInit(16, 33);call #Ultimate.allocInit(15, 34);call #Ultimate.allocInit(16, 35);call #Ultimate.allocInit(10, 36);call #Ultimate.allocInit(34, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(20, 40);call #Ultimate.allocInit(22, 41);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~sent_signed~0 := -1;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {35719#true} is VALID [2022-02-20 17:59:03,481 INFO L290 TraceCheckUtils]: 1: Hoare triple {35719#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~0#1, main_~tmp~1#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {35719#true} is VALID [2022-02-20 17:59:03,481 INFO L290 TraceCheckUtils]: 2: Hoare triple {35719#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {35719#true} is VALID [2022-02-20 17:59:03,481 INFO L290 TraceCheckUtils]: 3: Hoare triple {35719#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~17#1;havoc valid_product_~retValue_acc~17#1;valid_product_~retValue_acc~17#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~17#1; {35719#true} is VALID [2022-02-20 17:59:03,481 INFO L290 TraceCheckUtils]: 4: Hoare triple {35719#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {35719#true} is VALID [2022-02-20 17:59:03,481 INFO L290 TraceCheckUtils]: 5: Hoare triple {35719#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet9#1, setup_#t~nondet10#1, setup_#t~nondet11#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {35719#true} is VALID [2022-02-20 17:59:03,482 INFO L272 TraceCheckUtils]: 6: Hoare triple {35719#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {35785#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:03,482 INFO L290 TraceCheckUtils]: 7: Hoare triple {35785#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,482 INFO L290 TraceCheckUtils]: 8: Hoare triple {35719#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,482 INFO L290 TraceCheckUtils]: 9: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,482 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {35719#true} {35719#true} #1181#return; {35719#true} is VALID [2022-02-20 17:59:03,482 INFO L290 TraceCheckUtils]: 11: Hoare triple {35719#true} assume { :end_inline_setup_bob__wrappee__Base } true; {35719#true} is VALID [2022-02-20 17:59:03,483 INFO L272 TraceCheckUtils]: 12: Hoare triple {35719#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {35786#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:03,483 INFO L290 TraceCheckUtils]: 13: Hoare triple {35786#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,483 INFO L290 TraceCheckUtils]: 14: Hoare triple {35719#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,483 INFO L290 TraceCheckUtils]: 15: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,484 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {35719#true} {35719#true} #1183#return; {35719#true} is VALID [2022-02-20 17:59:03,484 INFO L290 TraceCheckUtils]: 17: Hoare triple {35719#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet9#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {35719#true} is VALID [2022-02-20 17:59:03,485 INFO L272 TraceCheckUtils]: 18: Hoare triple {35719#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {35785#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:03,485 INFO L290 TraceCheckUtils]: 19: Hoare triple {35785#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,485 INFO L290 TraceCheckUtils]: 20: Hoare triple {35719#true} assume !(1 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,485 INFO L290 TraceCheckUtils]: 21: Hoare triple {35719#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,485 INFO L290 TraceCheckUtils]: 22: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,485 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {35719#true} {35719#true} #1185#return; {35719#true} is VALID [2022-02-20 17:59:03,486 INFO L290 TraceCheckUtils]: 24: Hoare triple {35719#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {35719#true} is VALID [2022-02-20 17:59:03,486 INFO L272 TraceCheckUtils]: 25: Hoare triple {35719#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {35786#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:03,486 INFO L290 TraceCheckUtils]: 26: Hoare triple {35786#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,486 INFO L290 TraceCheckUtils]: 27: Hoare triple {35719#true} assume !(1 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,487 INFO L290 TraceCheckUtils]: 28: Hoare triple {35719#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,487 INFO L290 TraceCheckUtils]: 29: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,487 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {35719#true} {35719#true} #1187#return; {35719#true} is VALID [2022-02-20 17:59:03,487 INFO L290 TraceCheckUtils]: 31: Hoare triple {35719#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet10#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {35719#true} is VALID [2022-02-20 17:59:03,488 INFO L272 TraceCheckUtils]: 32: Hoare triple {35719#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {35785#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:03,488 INFO L290 TraceCheckUtils]: 33: Hoare triple {35785#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,488 INFO L290 TraceCheckUtils]: 34: Hoare triple {35719#true} assume !(1 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,488 INFO L290 TraceCheckUtils]: 35: Hoare triple {35719#true} assume !(2 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,488 INFO L290 TraceCheckUtils]: 36: Hoare triple {35719#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,488 INFO L290 TraceCheckUtils]: 37: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,488 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {35719#true} {35719#true} #1189#return; {35719#true} is VALID [2022-02-20 17:59:03,488 INFO L290 TraceCheckUtils]: 39: Hoare triple {35719#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {35719#true} is VALID [2022-02-20 17:59:03,489 INFO L272 TraceCheckUtils]: 40: Hoare triple {35719#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {35786#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:03,489 INFO L290 TraceCheckUtils]: 41: Hoare triple {35786#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,489 INFO L290 TraceCheckUtils]: 42: Hoare triple {35719#true} assume !(1 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,489 INFO L290 TraceCheckUtils]: 43: Hoare triple {35719#true} assume !(2 == ~handle); {35719#true} is VALID [2022-02-20 17:59:03,490 INFO L290 TraceCheckUtils]: 44: Hoare triple {35719#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,490 INFO L290 TraceCheckUtils]: 45: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,490 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {35719#true} {35719#true} #1191#return; {35719#true} is VALID [2022-02-20 17:59:03,490 INFO L290 TraceCheckUtils]: 47: Hoare triple {35719#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 8, 0;havoc setup_#t~nondet11#1; {35719#true} is VALID [2022-02-20 17:59:03,490 INFO L290 TraceCheckUtils]: 48: Hoare triple {35719#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet24#1, test_#t~nondet25#1, test_#t~nondet26#1, test_#t~nondet27#1, test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:59:03,491 INFO L290 TraceCheckUtils]: 49: Hoare triple {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !false; {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:59:03,491 INFO L290 TraceCheckUtils]: 50: Hoare triple {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:59:03,491 INFO L290 TraceCheckUtils]: 51: Hoare triple {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:59:03,491 INFO L290 TraceCheckUtils]: 52: Hoare triple {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet24#1 && test_#t~nondet24#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet24#1;havoc test_#t~nondet24#1; {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:59:03,492 INFO L290 TraceCheckUtils]: 53: Hoare triple {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 != test_~tmp___9~0#1); {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} is VALID [2022-02-20 17:59:03,492 INFO L290 TraceCheckUtils]: 54: Hoare triple {35751#(= |ULTIMATE.start_test_~op2~0#1| 0)} assume !(0 == test_~op2~0#1); {35720#false} is VALID [2022-02-20 17:59:03,492 INFO L290 TraceCheckUtils]: 55: Hoare triple {35720#false} assume !(0 == test_~op3~0#1); {35720#false} is VALID [2022-02-20 17:59:03,492 INFO L290 TraceCheckUtils]: 56: Hoare triple {35720#false} assume !(0 == test_~op4~0#1); {35720#false} is VALID [2022-02-20 17:59:03,492 INFO L290 TraceCheckUtils]: 57: Hoare triple {35720#false} assume !(0 == test_~op5~0#1); {35720#false} is VALID [2022-02-20 17:59:03,493 INFO L290 TraceCheckUtils]: 58: Hoare triple {35720#false} assume !(0 == test_~op6~0#1); {35720#false} is VALID [2022-02-20 17:59:03,493 INFO L290 TraceCheckUtils]: 59: Hoare triple {35720#false} assume !(0 == test_~op7~0#1); {35720#false} is VALID [2022-02-20 17:59:03,493 INFO L290 TraceCheckUtils]: 60: Hoare triple {35720#false} assume !(0 == test_~op8~0#1); {35720#false} is VALID [2022-02-20 17:59:03,493 INFO L290 TraceCheckUtils]: 61: Hoare triple {35720#false} assume !(0 == test_~op9~0#1); {35720#false} is VALID [2022-02-20 17:59:03,493 INFO L290 TraceCheckUtils]: 62: Hoare triple {35720#false} assume !(0 == test_~op10~0#1); {35720#false} is VALID [2022-02-20 17:59:03,493 INFO L290 TraceCheckUtils]: 63: Hoare triple {35720#false} assume !(0 == test_~op11~0#1); {35720#false} is VALID [2022-02-20 17:59:03,493 INFO L290 TraceCheckUtils]: 64: Hoare triple {35720#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret4#1, bobToRjh_#t~ret5#1, bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_~tmp~0#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~0#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret4#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret4#1 && bobToRjh_#t~ret4#1 <= 2147483647;havoc bobToRjh_#t~ret4#1; {35720#false} is VALID [2022-02-20 17:59:03,493 INFO L272 TraceCheckUtils]: 65: Hoare triple {35720#false} call sendEmail(~bob~0, ~rjh~0); {35720#false} is VALID [2022-02-20 17:59:03,494 INFO L290 TraceCheckUtils]: 66: Hoare triple {35720#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~16#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~20#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~20#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {35720#false} is VALID [2022-02-20 17:59:03,494 INFO L272 TraceCheckUtils]: 67: Hoare triple {35720#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {35787#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:03,494 INFO L290 TraceCheckUtils]: 68: Hoare triple {35787#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,494 INFO L290 TraceCheckUtils]: 69: Hoare triple {35719#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,494 INFO L290 TraceCheckUtils]: 70: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,494 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {35719#true} {35720#false} #1133#return; {35720#false} is VALID [2022-02-20 17:59:03,494 INFO L272 TraceCheckUtils]: 72: Hoare triple {35720#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {35788#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:03,495 INFO L290 TraceCheckUtils]: 73: Hoare triple {35788#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,495 INFO L290 TraceCheckUtils]: 74: Hoare triple {35719#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,495 INFO L290 TraceCheckUtils]: 75: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,495 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {35719#true} {35720#false} #1135#return; {35720#false} is VALID [2022-02-20 17:59:03,495 INFO L290 TraceCheckUtils]: 77: Hoare triple {35720#false} createEmail_~retValue_acc~20#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~20#1; {35720#false} is VALID [2022-02-20 17:59:03,495 INFO L290 TraceCheckUtils]: 78: Hoare triple {35720#false} #t~ret95#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret95#1 && #t~ret95#1 <= 2147483647;~tmp~16#1 := #t~ret95#1;havoc #t~ret95#1;~email~0#1 := ~tmp~16#1; {35720#false} is VALID [2022-02-20 17:59:03,495 INFO L272 TraceCheckUtils]: 79: Hoare triple {35720#false} call outgoing(~sender#1, ~email~0#1); {35720#false} is VALID [2022-02-20 17:59:03,495 INFO L290 TraceCheckUtils]: 80: Hoare triple {35720#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret99#1, sign_~client#1, sign_~msg#1, sign_~privkey~0#1, sign_~tmp~18#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~0#1;havoc sign_~tmp~18#1;assume { :begin_inline_getClientPrivateKey } true;getClientPrivateKey_#in~handle#1 := sign_~client#1;havoc getClientPrivateKey_#res#1;havoc getClientPrivateKey_~handle#1, getClientPrivateKey_~retValue_acc~35#1;getClientPrivateKey_~handle#1 := getClientPrivateKey_#in~handle#1;havoc getClientPrivateKey_~retValue_acc~35#1; {35720#false} is VALID [2022-02-20 17:59:03,496 INFO L290 TraceCheckUtils]: 81: Hoare triple {35720#false} assume 1 == getClientPrivateKey_~handle#1;getClientPrivateKey_~retValue_acc~35#1 := ~__ste_client_privateKey0~0;getClientPrivateKey_#res#1 := getClientPrivateKey_~retValue_acc~35#1; {35720#false} is VALID [2022-02-20 17:59:03,496 INFO L290 TraceCheckUtils]: 82: Hoare triple {35720#false} sign_#t~ret99#1 := getClientPrivateKey_#res#1;assume { :end_inline_getClientPrivateKey } true;assume -2147483648 <= sign_#t~ret99#1 && sign_#t~ret99#1 <= 2147483647;sign_~tmp~18#1 := sign_#t~ret99#1;havoc sign_#t~ret99#1;sign_~privkey~0#1 := sign_~tmp~18#1; {35720#false} is VALID [2022-02-20 17:59:03,496 INFO L290 TraceCheckUtils]: 83: Hoare triple {35720#false} assume 0 == sign_~privkey~0#1; {35720#false} is VALID [2022-02-20 17:59:03,496 INFO L290 TraceCheckUtils]: 84: Hoare triple {35720#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1, outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~0#1, outgoing__wrappee__AddressBook_~tmp~13#1, outgoing__wrappee__AddressBook_~receiver~0#1, outgoing__wrappee__AddressBook_~tmp___0~6#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~4#1, outgoing__wrappee__AddressBook_~tmp___2~3#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~0#1;havoc outgoing__wrappee__AddressBook_~tmp~13#1;havoc outgoing__wrappee__AddressBook_~receiver~0#1;havoc outgoing__wrappee__AddressBook_~tmp___0~6#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~4#1;havoc outgoing__wrappee__AddressBook_~tmp___2~3#1; {35720#false} is VALID [2022-02-20 17:59:03,496 INFO L272 TraceCheckUtils]: 85: Hoare triple {35720#false} call outgoing__wrappee__AddressBook_#t~ret86#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {35719#true} is VALID [2022-02-20 17:59:03,496 INFO L290 TraceCheckUtils]: 86: Hoare triple {35719#true} ~handle := #in~handle;havoc ~retValue_acc~29; {35719#true} is VALID [2022-02-20 17:59:03,496 INFO L290 TraceCheckUtils]: 87: Hoare triple {35719#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~29; {35719#true} is VALID [2022-02-20 17:59:03,496 INFO L290 TraceCheckUtils]: 88: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,497 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {35719#true} {35720#false} #1115#return; {35720#false} is VALID [2022-02-20 17:59:03,497 INFO L290 TraceCheckUtils]: 90: Hoare triple {35720#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret86#1 && outgoing__wrappee__AddressBook_#t~ret86#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~13#1 := outgoing__wrappee__AddressBook_#t~ret86#1;havoc outgoing__wrappee__AddressBook_#t~ret86#1;outgoing__wrappee__AddressBook_~size~0#1 := outgoing__wrappee__AddressBook_~tmp~13#1; {35720#false} is VALID [2022-02-20 17:59:03,497 INFO L290 TraceCheckUtils]: 91: Hoare triple {35720#false} assume !(0 != outgoing__wrappee__AddressBook_~size~0#1); {35720#false} is VALID [2022-02-20 17:59:03,497 INFO L272 TraceCheckUtils]: 92: Hoare triple {35720#false} call outgoing__wrappee__AutoResponder(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {35720#false} is VALID [2022-02-20 17:59:03,497 INFO L290 TraceCheckUtils]: 93: Hoare triple {35720#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~tmp~12#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := ~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {35720#false} is VALID [2022-02-20 17:59:03,497 INFO L290 TraceCheckUtils]: 94: Hoare triple {35720#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {35720#false} is VALID [2022-02-20 17:59:03,497 INFO L290 TraceCheckUtils]: 95: Hoare triple {35720#false} #t~ret85#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~12#1 := #t~ret85#1;havoc #t~ret85#1; {35720#false} is VALID [2022-02-20 17:59:03,498 INFO L272 TraceCheckUtils]: 96: Hoare triple {35720#false} call setEmailFrom(~msg#1, ~tmp~12#1); {35787#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:03,498 INFO L290 TraceCheckUtils]: 97: Hoare triple {35787#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {35719#true} is VALID [2022-02-20 17:59:03,498 INFO L290 TraceCheckUtils]: 98: Hoare triple {35719#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {35719#true} is VALID [2022-02-20 17:59:03,498 INFO L290 TraceCheckUtils]: 99: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,498 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {35719#true} {35720#false} #1147#return; {35720#false} is VALID [2022-02-20 17:59:03,498 INFO L290 TraceCheckUtils]: 101: Hoare triple {35720#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := ~client#1, ~msg#1;havoc mail_#t~ret83#1, mail_#t~ret84#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~11#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~11#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1, __utac_acc__SignVerify_spec__1_#t~ret75#1, __utac_acc__SignVerify_spec__1_#t~nondet76#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret74#1 := puts(32, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret74#1 && __utac_acc__SignVerify_spec__1_#t~ret74#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret74#1; {35720#false} is VALID [2022-02-20 17:59:03,498 INFO L272 TraceCheckUtils]: 102: Hoare triple {35720#false} call __utac_acc__SignVerify_spec__1_#t~ret75#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {35719#true} is VALID [2022-02-20 17:59:03,498 INFO L290 TraceCheckUtils]: 103: Hoare triple {35719#true} ~handle := #in~handle;havoc ~retValue_acc~12; {35719#true} is VALID [2022-02-20 17:59:03,499 INFO L290 TraceCheckUtils]: 104: Hoare triple {35719#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {35719#true} is VALID [2022-02-20 17:59:03,499 INFO L290 TraceCheckUtils]: 105: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,499 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {35719#true} {35720#false} #1149#return; {35720#false} is VALID [2022-02-20 17:59:03,499 INFO L290 TraceCheckUtils]: 107: Hoare triple {35720#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret75#1 && __utac_acc__SignVerify_spec__1_#t~ret75#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret75#1;havoc __utac_acc__SignVerify_spec__1_#t~ret75#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 33, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet76#1; {35720#false} is VALID [2022-02-20 17:59:03,499 INFO L290 TraceCheckUtils]: 108: Hoare triple {35720#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret83#1 := puts(36, 0);assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;havoc mail_#t~ret83#1; {35720#false} is VALID [2022-02-20 17:59:03,499 INFO L272 TraceCheckUtils]: 109: Hoare triple {35720#false} call mail_#t~ret84#1 := getEmailTo(mail_~msg#1); {35719#true} is VALID [2022-02-20 17:59:03,499 INFO L290 TraceCheckUtils]: 110: Hoare triple {35719#true} ~handle := #in~handle;havoc ~retValue_acc~7; {35719#true} is VALID [2022-02-20 17:59:03,499 INFO L290 TraceCheckUtils]: 111: Hoare triple {35719#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {35719#true} is VALID [2022-02-20 17:59:03,500 INFO L290 TraceCheckUtils]: 112: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,500 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {35719#true} {35720#false} #1151#return; {35720#false} is VALID [2022-02-20 17:59:03,500 INFO L290 TraceCheckUtils]: 114: Hoare triple {35720#false} assume -2147483648 <= mail_#t~ret84#1 && mail_#t~ret84#1 <= 2147483647;mail_~tmp~11#1 := mail_#t~ret84#1;havoc mail_#t~ret84#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~11#1, mail_~msg#1;havoc incoming_~client#1, incoming_~msg#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc verify_#t~ret100#1, verify_#t~ret101#1, verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~19#1, verify_~tmp___0~7#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~19#1;havoc verify_~tmp___0~7#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1, __utac_acc__SignVerify_spec__2_#t~nondet78#1, __utac_acc__SignVerify_spec__2_#t~ret79#1, __utac_acc__SignVerify_spec__2_#t~ret80#1, __utac_acc__SignVerify_spec__2_#t~ret81#1, __utac_acc__SignVerify_spec__2_#t~ret82#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~10#1, __utac_acc__SignVerify_spec__2_~tmp___0~5#1, __utac_acc__SignVerify_spec__2_~tmp___1~3#1, __utac_acc__SignVerify_spec__2_~tmp___2~2#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~3#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~2#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret77#1 := puts(34, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret77#1 && __utac_acc__SignVerify_spec__2_#t~ret77#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret77#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 35, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet78#1; {35720#false} is VALID [2022-02-20 17:59:03,500 INFO L290 TraceCheckUtils]: 115: Hoare triple {35720#false} assume 1 == ~sent_signed~0; {35720#false} is VALID [2022-02-20 17:59:03,500 INFO L272 TraceCheckUtils]: 116: Hoare triple {35720#false} call __utac_acc__SignVerify_spec__2_#t~ret79#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {35719#true} is VALID [2022-02-20 17:59:03,500 INFO L290 TraceCheckUtils]: 117: Hoare triple {35719#true} ~handle := #in~handle;havoc ~retValue_acc~6; {35719#true} is VALID [2022-02-20 17:59:03,500 INFO L290 TraceCheckUtils]: 118: Hoare triple {35719#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {35719#true} is VALID [2022-02-20 17:59:03,501 INFO L290 TraceCheckUtils]: 119: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,501 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {35719#true} {35720#false} #1153#return; {35720#false} is VALID [2022-02-20 17:59:03,501 INFO L290 TraceCheckUtils]: 121: Hoare triple {35720#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret79#1 && __utac_acc__SignVerify_spec__2_#t~ret79#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~10#1 := __utac_acc__SignVerify_spec__2_#t~ret79#1;havoc __utac_acc__SignVerify_spec__2_#t~ret79#1; {35720#false} is VALID [2022-02-20 17:59:03,501 INFO L272 TraceCheckUtils]: 122: Hoare triple {35720#false} call __utac_acc__SignVerify_spec__2_#t~ret80#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~10#1); {35719#true} is VALID [2022-02-20 17:59:03,501 INFO L290 TraceCheckUtils]: 123: Hoare triple {35719#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {35719#true} is VALID [2022-02-20 17:59:03,501 INFO L290 TraceCheckUtils]: 124: Hoare triple {35719#true} assume 1 == ~handle; {35719#true} is VALID [2022-02-20 17:59:03,501 INFO L290 TraceCheckUtils]: 125: Hoare triple {35719#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {35719#true} is VALID [2022-02-20 17:59:03,501 INFO L290 TraceCheckUtils]: 126: Hoare triple {35719#true} assume true; {35719#true} is VALID [2022-02-20 17:59:03,502 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {35719#true} {35720#false} #1155#return; {35720#false} is VALID [2022-02-20 17:59:03,502 INFO L290 TraceCheckUtils]: 128: Hoare triple {35720#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret80#1 && __utac_acc__SignVerify_spec__2_#t~ret80#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~5#1 := __utac_acc__SignVerify_spec__2_#t~ret80#1;havoc __utac_acc__SignVerify_spec__2_#t~ret80#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~5#1; {35720#false} is VALID [2022-02-20 17:59:03,502 INFO L290 TraceCheckUtils]: 129: Hoare triple {35720#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {35720#false} is VALID [2022-02-20 17:59:03,502 INFO L272 TraceCheckUtils]: 130: Hoare triple {35720#false} call __automaton_fail(); {35720#false} is VALID [2022-02-20 17:59:03,502 INFO L290 TraceCheckUtils]: 131: Hoare triple {35720#false} assume !false; {35720#false} is VALID [2022-02-20 17:59:03,502 INFO L134 CoverageAnalysis]: Checked inductivity of 30 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 30 trivial. 0 not checked. [2022-02-20 17:59:03,503 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:03,503 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [181735622] [2022-02-20 17:59:03,503 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [181735622] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:03,503 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:03,503 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 17:59:03,503 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1679713642] [2022-02-20 17:59:03,503 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:03,504 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 12.428571428571429) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (18), 6 states have call predecessors, (18), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) Word has length 132 [2022-02-20 17:59:03,504 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:03,504 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 12.428571428571429) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (18), 6 states have call predecessors, (18), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14) [2022-02-20 17:59:03,586 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 119 edges. 119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:03,587 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 17:59:03,587 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:03,587 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 17:59:03,587 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 17:59:03,588 INFO L87 Difference]: Start difference. First operand 871 states and 1441 transitions. Second operand has 7 states, 7 states have (on average 12.428571428571429) internal successors, (87), 3 states have internal predecessors, (87), 2 states have call successors, (18), 6 states have call predecessors, (18), 1 states have return successors, (14), 2 states have call predecessors, (14), 2 states have call successors, (14)