./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec3_product29.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec3_product29.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash a59be100f0df5b45ec217b714193edff4cbaee7a030bd6a056d7c0737b59e84e --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:58:18,218 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:58:18,237 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:58:18,259 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:58:18,262 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:58:18,263 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:58:18,265 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:58:18,268 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:58:18,269 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:58:18,270 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:58:18,271 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:58:18,272 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:58:18,273 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:58:18,277 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:58:18,278 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:58:18,279 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:58:18,281 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:58:18,282 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:58:18,283 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:58:18,288 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:58:18,292 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:58:18,292 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:58:18,293 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:58:18,294 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:58:18,296 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:58:18,298 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:58:18,298 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:58:18,299 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:58:18,299 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:58:18,300 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:58:18,300 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:58:18,300 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:58:18,301 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:58:18,301 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:58:18,302 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:58:18,302 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:58:18,302 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:58:18,303 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:58:18,303 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:58:18,304 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:58:18,305 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:58:18,306 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:58:18,320 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:58:18,323 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:58:18,323 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:58:18,324 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:58:18,324 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:58:18,324 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:58:18,325 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:58:18,325 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:58:18,325 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:58:18,325 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:58:18,326 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:58:18,326 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:58:18,326 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:58:18,326 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:58:18,327 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:58:18,327 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:58:18,327 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:58:18,327 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:58:18,327 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:58:18,327 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:58:18,327 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:58:18,328 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:58:18,328 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:58:18,328 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:58:18,328 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:18,328 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:58:18,328 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:58:18,328 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:58:18,329 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:58:18,329 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:58:18,329 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:58:18,329 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:58:18,329 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:58:18,329 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> a59be100f0df5b45ec217b714193edff4cbaee7a030bd6a056d7c0737b59e84e [2022-02-20 17:58:18,501 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:58:18,518 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:58:18,520 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:58:18,522 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:58:18,522 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:58:18,523 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec3_product29.cil.c [2022-02-20 17:58:18,586 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/4c5de60ed/78da5809a7e745ff9bece3468a40c389/FLAG97ddbc9b0 [2022-02-20 17:58:19,030 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:58:19,030 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product29.cil.c [2022-02-20 17:58:19,045 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/4c5de60ed/78da5809a7e745ff9bece3468a40c389/FLAG97ddbc9b0 [2022-02-20 17:58:19,054 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/4c5de60ed/78da5809a7e745ff9bece3468a40c389 [2022-02-20 17:58:19,058 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:58:19,061 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:58:19,062 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:19,062 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:58:19,065 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:58:19,065 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,066 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@714d85d8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19, skipping insertion in model container [2022-02-20 17:58:19,067 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,071 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:58:19,124 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:58:19,517 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product29.cil.c[49640,49653] [2022-02-20 17:58:19,576 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:19,586 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:58:19,654 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product29.cil.c[49640,49653] [2022-02-20 17:58:19,667 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:19,691 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:58:19,692 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19 WrapperNode [2022-02-20 17:58:19,692 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:19,693 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:19,693 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:58:19,693 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:58:19,698 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,714 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,759 INFO L137 Inliner]: procedures = 132, calls = 236, calls flagged for inlining = 55, calls inlined = 47, statements flattened = 955 [2022-02-20 17:58:19,760 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:19,760 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:58:19,760 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:58:19,760 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:58:19,766 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,766 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,770 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,770 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,782 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,788 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,792 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,800 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:58:19,801 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:58:19,801 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:58:19,801 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:58:19,815 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (1/1) ... [2022-02-20 17:58:19,820 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:19,842 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:19,855 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:58:19,889 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:58:19,900 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:58:19,900 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:58:19,900 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:58:19,900 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:58:19,900 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:58:19,901 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:58:19,901 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:58:19,901 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:58:19,901 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:58:19,901 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:58:19,902 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:58:19,902 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:58:19,902 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:58:19,902 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:58:19,902 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:58:19,902 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:58:19,902 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:58:19,902 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:58:19,902 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:58:19,903 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:58:19,903 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:58:19,903 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:58:19,903 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:58:19,903 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:58:19,903 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:58:19,903 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:58:19,903 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:58:19,904 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:58:19,904 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:58:19,904 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:58:19,904 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:58:19,904 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:58:19,904 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:58:19,904 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:58:19,904 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:58:19,904 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:58:19,905 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:58:19,905 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:58:19,905 INFO L130 BoogieDeclarations]: Found specification of procedure __automaton_fail [2022-02-20 17:58:19,905 INFO L138 BoogieDeclarations]: Found implementation of procedure __automaton_fail [2022-02-20 17:58:19,905 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:58:19,905 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:58:19,906 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:58:19,906 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:58:19,906 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Encrypt [2022-02-20 17:58:19,906 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Encrypt [2022-02-20 17:58:19,906 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:58:19,906 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:58:19,906 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:58:19,906 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:58:19,906 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:58:19,907 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:58:19,907 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:58:19,907 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:58:19,908 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:58:19,908 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:58:19,908 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:58:19,909 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:58:19,909 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:58:19,909 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:58:19,910 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:58:19,910 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:58:19,910 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:58:20,134 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:58:20,136 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:58:20,884 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:58:20,900 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:58:20,901 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:58:20,902 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:20 BoogieIcfgContainer [2022-02-20 17:58:20,903 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:58:20,904 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:58:20,904 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:58:20,907 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:58:20,907 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:58:19" (1/3) ... [2022-02-20 17:58:20,908 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@622c5870 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:20, skipping insertion in model container [2022-02-20 17:58:20,908 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:19" (2/3) ... [2022-02-20 17:58:20,908 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@622c5870 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:20, skipping insertion in model container [2022-02-20 17:58:20,908 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:20" (3/3) ... [2022-02-20 17:58:20,909 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec3_product29.cil.c [2022-02-20 17:58:20,912 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:58:20,913 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:58:20,964 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:58:20,970 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:58:20,970 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:58:21,007 INFO L276 IsEmpty]: Start isEmpty. Operand has 419 states, 320 states have (on average 1.55) internal successors, (496), 327 states have internal predecessors, (496), 68 states have call successors, (68), 29 states have call predecessors, (68), 29 states have return successors, (68), 66 states have call predecessors, (68), 68 states have call successors, (68) [2022-02-20 17:58:21,027 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 140 [2022-02-20 17:58:21,027 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:21,028 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:21,028 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:21,032 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:21,033 INFO L85 PathProgramCache]: Analyzing trace with hash -1911849213, now seen corresponding path program 1 times [2022-02-20 17:58:21,056 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:21,056 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2075512966] [2022-02-20 17:58:21,056 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:21,058 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:21,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,380 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:21,386 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,396 INFO L290 TraceCheckUtils]: 0: Hoare triple {499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,397 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,397 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,397 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {422#true} #1245#return; {422#true} is VALID [2022-02-20 17:58:21,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:21,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,417 INFO L290 TraceCheckUtils]: 0: Hoare triple {500#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,417 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,417 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,418 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {422#true} #1247#return; {422#true} is VALID [2022-02-20 17:58:21,418 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:21,421 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,448 INFO L290 TraceCheckUtils]: 0: Hoare triple {499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {501#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:21,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {501#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {502#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:21,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {502#(= |setClientId_#in~handle| 1)} assume true; {502#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:21,450 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {502#(= |setClientId_#in~handle| 1)} {432#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1249#return; {423#false} is VALID [2022-02-20 17:58:21,450 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:21,458 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,465 INFO L290 TraceCheckUtils]: 0: Hoare triple {500#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,467 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,467 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,467 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1251#return; {423#false} is VALID [2022-02-20 17:58:21,468 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:21,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,472 INFO L290 TraceCheckUtils]: 0: Hoare triple {499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,473 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,473 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,473 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1253#return; {423#false} is VALID [2022-02-20 17:58:21,477 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:21,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,484 INFO L290 TraceCheckUtils]: 0: Hoare triple {500#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,485 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,485 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,485 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1255#return; {423#false} is VALID [2022-02-20 17:58:21,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:58:21,495 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {503#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,505 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,505 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,505 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1231#return; {423#false} is VALID [2022-02-20 17:58:21,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:58:21,516 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,519 INFO L290 TraceCheckUtils]: 0: Hoare triple {504#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,519 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,519 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,519 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1233#return; {423#false} is VALID [2022-02-20 17:58:21,520 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:21,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,523 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~12; {422#true} is VALID [2022-02-20 17:58:21,523 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {422#true} is VALID [2022-02-20 17:58:21,523 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,523 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1161#return; {423#false} is VALID [2022-02-20 17:58:21,523 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:58:21,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,526 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~6; {422#true} is VALID [2022-02-20 17:58:21,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {422#true} is VALID [2022-02-20 17:58:21,527 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,527 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1163#return; {423#false} is VALID [2022-02-20 17:58:21,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:58:21,528 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,530 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~24; {422#true} is VALID [2022-02-20 17:58:21,530 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {422#true} is VALID [2022-02-20 17:58:21,530 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,531 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1181#return; {423#false} is VALID [2022-02-20 17:58:21,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:58:21,532 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,534 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {422#true} is VALID [2022-02-20 17:58:21,534 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle; {422#true} is VALID [2022-02-20 17:58:21,534 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {422#true} is VALID [2022-02-20 17:58:21,534 INFO L290 TraceCheckUtils]: 3: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,534 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {422#true} {423#false} #1183#return; {423#false} is VALID [2022-02-20 17:58:21,535 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:58:21,536 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,548 INFO L290 TraceCheckUtils]: 0: Hoare triple {503#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,548 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1189#return; {423#false} is VALID [2022-02-20 17:58:21,550 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:58:21,551 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,554 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~29; {422#true} is VALID [2022-02-20 17:58:21,554 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {422#true} is VALID [2022-02-20 17:58:21,554 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,554 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1191#return; {423#false} is VALID [2022-02-20 17:58:21,554 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:58:21,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,557 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~24; {422#true} is VALID [2022-02-20 17:58:21,558 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {422#true} is VALID [2022-02-20 17:58:21,558 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,558 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1193#return; {423#false} is VALID [2022-02-20 17:58:21,559 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:58:21,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,563 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~12; {422#true} is VALID [2022-02-20 17:58:21,564 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {422#true} is VALID [2022-02-20 17:58:21,564 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,564 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1195#return; {423#false} is VALID [2022-02-20 17:58:21,565 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:58:21,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,568 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~23; {422#true} is VALID [2022-02-20 17:58:21,568 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {422#true} is VALID [2022-02-20 17:58:21,568 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,569 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {422#true} {423#false} #1207#return; {423#false} is VALID [2022-02-20 17:58:21,569 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:58:21,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,573 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {422#true} is VALID [2022-02-20 17:58:21,573 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume 1 == ~handle; {422#true} is VALID [2022-02-20 17:58:21,573 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {422#true} is VALID [2022-02-20 17:58:21,573 INFO L290 TraceCheckUtils]: 3: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,573 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {422#true} {423#false} #1209#return; {423#false} is VALID [2022-02-20 17:58:21,574 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {422#true} is VALID [2022-02-20 17:58:21,574 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {422#true} is VALID [2022-02-20 17:58:21,574 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {422#true} is VALID [2022-02-20 17:58:21,575 INFO L290 TraceCheckUtils]: 3: Hoare triple {422#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {422#true} is VALID [2022-02-20 17:58:21,575 INFO L290 TraceCheckUtils]: 4: Hoare triple {422#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {422#true} is VALID [2022-02-20 17:58:21,575 INFO L290 TraceCheckUtils]: 5: Hoare triple {422#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {422#true} is VALID [2022-02-20 17:58:21,576 INFO L272 TraceCheckUtils]: 6: Hoare triple {422#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:21,576 INFO L290 TraceCheckUtils]: 7: Hoare triple {499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,576 INFO L290 TraceCheckUtils]: 8: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,577 INFO L290 TraceCheckUtils]: 9: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,577 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {422#true} {422#true} #1245#return; {422#true} is VALID [2022-02-20 17:58:21,577 INFO L290 TraceCheckUtils]: 11: Hoare triple {422#true} assume { :end_inline_setup_bob__wrappee__Base } true; {422#true} is VALID [2022-02-20 17:58:21,578 INFO L272 TraceCheckUtils]: 12: Hoare triple {422#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {500#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:21,578 INFO L290 TraceCheckUtils]: 13: Hoare triple {500#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,578 INFO L290 TraceCheckUtils]: 14: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,578 INFO L290 TraceCheckUtils]: 15: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,578 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {422#true} {422#true} #1247#return; {422#true} is VALID [2022-02-20 17:58:21,579 INFO L290 TraceCheckUtils]: 17: Hoare triple {422#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {432#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:21,580 INFO L272 TraceCheckUtils]: 18: Hoare triple {432#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:21,580 INFO L290 TraceCheckUtils]: 19: Hoare triple {499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {501#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:21,580 INFO L290 TraceCheckUtils]: 20: Hoare triple {501#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {502#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:21,581 INFO L290 TraceCheckUtils]: 21: Hoare triple {502#(= |setClientId_#in~handle| 1)} assume true; {502#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:21,581 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {502#(= |setClientId_#in~handle| 1)} {432#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1249#return; {423#false} is VALID [2022-02-20 17:58:21,582 INFO L290 TraceCheckUtils]: 23: Hoare triple {423#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {423#false} is VALID [2022-02-20 17:58:21,582 INFO L272 TraceCheckUtils]: 24: Hoare triple {423#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {500#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:21,582 INFO L290 TraceCheckUtils]: 25: Hoare triple {500#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,582 INFO L290 TraceCheckUtils]: 26: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,582 INFO L290 TraceCheckUtils]: 27: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,582 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {422#true} {423#false} #1251#return; {423#false} is VALID [2022-02-20 17:58:21,583 INFO L290 TraceCheckUtils]: 29: Hoare triple {423#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {423#false} is VALID [2022-02-20 17:58:21,583 INFO L272 TraceCheckUtils]: 30: Hoare triple {423#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:21,583 INFO L290 TraceCheckUtils]: 31: Hoare triple {499#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,583 INFO L290 TraceCheckUtils]: 32: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,583 INFO L290 TraceCheckUtils]: 33: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,583 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {422#true} {423#false} #1253#return; {423#false} is VALID [2022-02-20 17:58:21,584 INFO L290 TraceCheckUtils]: 35: Hoare triple {423#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {423#false} is VALID [2022-02-20 17:58:21,584 INFO L272 TraceCheckUtils]: 36: Hoare triple {423#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {500#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:21,584 INFO L290 TraceCheckUtils]: 37: Hoare triple {500#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,584 INFO L290 TraceCheckUtils]: 38: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,584 INFO L290 TraceCheckUtils]: 39: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,584 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {422#true} {423#false} #1255#return; {423#false} is VALID [2022-02-20 17:58:21,585 INFO L290 TraceCheckUtils]: 41: Hoare triple {423#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {423#false} is VALID [2022-02-20 17:58:21,585 INFO L290 TraceCheckUtils]: 42: Hoare triple {423#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {423#false} is VALID [2022-02-20 17:58:21,585 INFO L290 TraceCheckUtils]: 43: Hoare triple {423#false} assume false; {423#false} is VALID [2022-02-20 17:58:21,585 INFO L290 TraceCheckUtils]: 44: Hoare triple {423#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {423#false} is VALID [2022-02-20 17:58:21,585 INFO L272 TraceCheckUtils]: 45: Hoare triple {423#false} call sendEmail(~bob~0, ~rjh~0); {423#false} is VALID [2022-02-20 17:58:21,586 INFO L290 TraceCheckUtils]: 46: Hoare triple {423#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {423#false} is VALID [2022-02-20 17:58:21,586 INFO L272 TraceCheckUtils]: 47: Hoare triple {423#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {503#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:21,586 INFO L290 TraceCheckUtils]: 48: Hoare triple {503#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,586 INFO L290 TraceCheckUtils]: 49: Hoare triple {422#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,586 INFO L290 TraceCheckUtils]: 50: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,586 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {422#true} {423#false} #1231#return; {423#false} is VALID [2022-02-20 17:58:21,587 INFO L272 TraceCheckUtils]: 52: Hoare triple {423#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {504#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:21,587 INFO L290 TraceCheckUtils]: 53: Hoare triple {504#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,587 INFO L290 TraceCheckUtils]: 54: Hoare triple {422#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,587 INFO L290 TraceCheckUtils]: 55: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,587 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {422#true} {423#false} #1233#return; {423#false} is VALID [2022-02-20 17:58:21,587 INFO L290 TraceCheckUtils]: 57: Hoare triple {423#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {423#false} is VALID [2022-02-20 17:58:21,587 INFO L290 TraceCheckUtils]: 58: Hoare triple {423#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {423#false} is VALID [2022-02-20 17:58:21,588 INFO L272 TraceCheckUtils]: 59: Hoare triple {423#false} call outgoing(~sender#1, ~email~0#1); {423#false} is VALID [2022-02-20 17:58:21,588 INFO L290 TraceCheckUtils]: 60: Hoare triple {423#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {423#false} is VALID [2022-02-20 17:58:21,588 INFO L272 TraceCheckUtils]: 61: Hoare triple {423#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {422#true} is VALID [2022-02-20 17:58:21,588 INFO L290 TraceCheckUtils]: 62: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~12; {422#true} is VALID [2022-02-20 17:58:21,588 INFO L290 TraceCheckUtils]: 63: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {422#true} is VALID [2022-02-20 17:58:21,588 INFO L290 TraceCheckUtils]: 64: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,589 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {422#true} {423#false} #1161#return; {423#false} is VALID [2022-02-20 17:58:21,589 INFO L290 TraceCheckUtils]: 66: Hoare triple {423#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {423#false} is VALID [2022-02-20 17:58:21,589 INFO L290 TraceCheckUtils]: 67: Hoare triple {423#false} assume 0 == sign_~privkey~1#1; {423#false} is VALID [2022-02-20 17:58:21,589 INFO L290 TraceCheckUtils]: 68: Hoare triple {423#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {423#false} is VALID [2022-02-20 17:58:21,589 INFO L272 TraceCheckUtils]: 69: Hoare triple {423#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {422#true} is VALID [2022-02-20 17:58:21,589 INFO L290 TraceCheckUtils]: 70: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~6; {422#true} is VALID [2022-02-20 17:58:21,590 INFO L290 TraceCheckUtils]: 71: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {422#true} is VALID [2022-02-20 17:58:21,590 INFO L290 TraceCheckUtils]: 72: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,590 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {422#true} {423#false} #1163#return; {423#false} is VALID [2022-02-20 17:58:21,590 INFO L290 TraceCheckUtils]: 74: Hoare triple {423#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {423#false} is VALID [2022-02-20 17:58:21,590 INFO L290 TraceCheckUtils]: 75: Hoare triple {423#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {423#false} is VALID [2022-02-20 17:58:21,590 INFO L272 TraceCheckUtils]: 76: Hoare triple {423#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {423#false} is VALID [2022-02-20 17:58:21,590 INFO L290 TraceCheckUtils]: 77: Hoare triple {423#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {423#false} is VALID [2022-02-20 17:58:21,591 INFO L272 TraceCheckUtils]: 78: Hoare triple {423#false} call #t~ret85#1 := getEmailTo(~msg#1); {422#true} is VALID [2022-02-20 17:58:21,591 INFO L290 TraceCheckUtils]: 79: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~24; {422#true} is VALID [2022-02-20 17:58:21,592 INFO L290 TraceCheckUtils]: 80: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {422#true} is VALID [2022-02-20 17:58:21,593 INFO L290 TraceCheckUtils]: 81: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,593 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {422#true} {423#false} #1181#return; {423#false} is VALID [2022-02-20 17:58:21,593 INFO L290 TraceCheckUtils]: 83: Hoare triple {423#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {423#false} is VALID [2022-02-20 17:58:21,593 INFO L272 TraceCheckUtils]: 84: Hoare triple {423#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {422#true} is VALID [2022-02-20 17:58:21,593 INFO L290 TraceCheckUtils]: 85: Hoare triple {422#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {422#true} is VALID [2022-02-20 17:58:21,593 INFO L290 TraceCheckUtils]: 86: Hoare triple {422#true} assume 1 == ~handle; {422#true} is VALID [2022-02-20 17:58:21,594 INFO L290 TraceCheckUtils]: 87: Hoare triple {422#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {422#true} is VALID [2022-02-20 17:58:21,594 INFO L290 TraceCheckUtils]: 88: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,594 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {422#true} {423#false} #1183#return; {423#false} is VALID [2022-02-20 17:58:21,594 INFO L290 TraceCheckUtils]: 90: Hoare triple {423#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {423#false} is VALID [2022-02-20 17:58:21,594 INFO L290 TraceCheckUtils]: 91: Hoare triple {423#false} assume !(0 != ~pubkey~0#1); {423#false} is VALID [2022-02-20 17:58:21,594 INFO L290 TraceCheckUtils]: 92: Hoare triple {423#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {423#false} is VALID [2022-02-20 17:58:21,595 INFO L290 TraceCheckUtils]: 93: Hoare triple {423#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {423#false} is VALID [2022-02-20 17:58:21,595 INFO L290 TraceCheckUtils]: 94: Hoare triple {423#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {423#false} is VALID [2022-02-20 17:58:21,595 INFO L272 TraceCheckUtils]: 95: Hoare triple {423#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {503#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:21,595 INFO L290 TraceCheckUtils]: 96: Hoare triple {503#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:21,595 INFO L290 TraceCheckUtils]: 97: Hoare triple {422#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:21,596 INFO L290 TraceCheckUtils]: 98: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,596 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {422#true} {423#false} #1189#return; {423#false} is VALID [2022-02-20 17:58:21,596 INFO L290 TraceCheckUtils]: 100: Hoare triple {423#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {423#false} is VALID [2022-02-20 17:58:21,596 INFO L272 TraceCheckUtils]: 101: Hoare triple {423#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {422#true} is VALID [2022-02-20 17:58:21,596 INFO L290 TraceCheckUtils]: 102: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~29; {422#true} is VALID [2022-02-20 17:58:21,596 INFO L290 TraceCheckUtils]: 103: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {422#true} is VALID [2022-02-20 17:58:21,597 INFO L290 TraceCheckUtils]: 104: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,597 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {422#true} {423#false} #1191#return; {423#false} is VALID [2022-02-20 17:58:21,597 INFO L290 TraceCheckUtils]: 106: Hoare triple {423#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {423#false} is VALID [2022-02-20 17:58:21,597 INFO L290 TraceCheckUtils]: 107: Hoare triple {423#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {423#false} is VALID [2022-02-20 17:58:21,597 INFO L272 TraceCheckUtils]: 108: Hoare triple {423#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {422#true} is VALID [2022-02-20 17:58:21,597 INFO L290 TraceCheckUtils]: 109: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~24; {422#true} is VALID [2022-02-20 17:58:21,597 INFO L290 TraceCheckUtils]: 110: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {422#true} is VALID [2022-02-20 17:58:21,598 INFO L290 TraceCheckUtils]: 111: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,598 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {422#true} {423#false} #1193#return; {423#false} is VALID [2022-02-20 17:58:21,598 INFO L290 TraceCheckUtils]: 113: Hoare triple {423#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {423#false} is VALID [2022-02-20 17:58:21,598 INFO L272 TraceCheckUtils]: 114: Hoare triple {423#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {422#true} is VALID [2022-02-20 17:58:21,598 INFO L290 TraceCheckUtils]: 115: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~12; {422#true} is VALID [2022-02-20 17:58:21,598 INFO L290 TraceCheckUtils]: 116: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {422#true} is VALID [2022-02-20 17:58:21,599 INFO L290 TraceCheckUtils]: 117: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,599 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {422#true} {423#false} #1195#return; {423#false} is VALID [2022-02-20 17:58:21,599 INFO L290 TraceCheckUtils]: 119: Hoare triple {423#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {423#false} is VALID [2022-02-20 17:58:21,599 INFO L290 TraceCheckUtils]: 120: Hoare triple {423#false} assume !(0 != incoming_~privkey~0#1); {423#false} is VALID [2022-02-20 17:58:21,599 INFO L290 TraceCheckUtils]: 121: Hoare triple {423#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {423#false} is VALID [2022-02-20 17:58:21,599 INFO L290 TraceCheckUtils]: 122: Hoare triple {423#false} assume 1 == ~sent_signed~0; {423#false} is VALID [2022-02-20 17:58:21,600 INFO L272 TraceCheckUtils]: 123: Hoare triple {423#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {422#true} is VALID [2022-02-20 17:58:21,600 INFO L290 TraceCheckUtils]: 124: Hoare triple {422#true} ~handle := #in~handle;havoc ~retValue_acc~23; {422#true} is VALID [2022-02-20 17:58:21,600 INFO L290 TraceCheckUtils]: 125: Hoare triple {422#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {422#true} is VALID [2022-02-20 17:58:21,600 INFO L290 TraceCheckUtils]: 126: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,600 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {422#true} {423#false} #1207#return; {423#false} is VALID [2022-02-20 17:58:21,600 INFO L290 TraceCheckUtils]: 128: Hoare triple {423#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {423#false} is VALID [2022-02-20 17:58:21,600 INFO L272 TraceCheckUtils]: 129: Hoare triple {423#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {422#true} is VALID [2022-02-20 17:58:21,601 INFO L290 TraceCheckUtils]: 130: Hoare triple {422#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {422#true} is VALID [2022-02-20 17:58:21,601 INFO L290 TraceCheckUtils]: 131: Hoare triple {422#true} assume 1 == ~handle; {422#true} is VALID [2022-02-20 17:58:21,601 INFO L290 TraceCheckUtils]: 132: Hoare triple {422#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {422#true} is VALID [2022-02-20 17:58:21,601 INFO L290 TraceCheckUtils]: 133: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:21,601 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {422#true} {423#false} #1209#return; {423#false} is VALID [2022-02-20 17:58:21,601 INFO L290 TraceCheckUtils]: 135: Hoare triple {423#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {423#false} is VALID [2022-02-20 17:58:21,602 INFO L290 TraceCheckUtils]: 136: Hoare triple {423#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {423#false} is VALID [2022-02-20 17:58:21,602 INFO L272 TraceCheckUtils]: 137: Hoare triple {423#false} call __automaton_fail(); {423#false} is VALID [2022-02-20 17:58:21,602 INFO L290 TraceCheckUtils]: 138: Hoare triple {423#false} assume !false; {423#false} is VALID [2022-02-20 17:58:21,603 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 35 trivial. 0 not checked. [2022-02-20 17:58:21,603 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:21,603 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2075512966] [2022-02-20 17:58:21,604 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2075512966] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:21,604 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [766155645] [2022-02-20 17:58:21,604 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:21,604 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:21,604 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:21,606 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:21,609 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:58:21,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,898 INFO L263 TraceCheckSpWp]: Trace formula consists of 1245 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:58:21,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:21,966 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:22,284 INFO L290 TraceCheckUtils]: 0: Hoare triple {422#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {422#true} is VALID [2022-02-20 17:58:22,284 INFO L290 TraceCheckUtils]: 1: Hoare triple {422#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {422#true} is VALID [2022-02-20 17:58:22,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {422#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {422#true} is VALID [2022-02-20 17:58:22,285 INFO L290 TraceCheckUtils]: 3: Hoare triple {422#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {422#true} is VALID [2022-02-20 17:58:22,285 INFO L290 TraceCheckUtils]: 4: Hoare triple {422#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {422#true} is VALID [2022-02-20 17:58:22,285 INFO L290 TraceCheckUtils]: 5: Hoare triple {422#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {422#true} is VALID [2022-02-20 17:58:22,285 INFO L272 TraceCheckUtils]: 6: Hoare triple {422#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {422#true} is VALID [2022-02-20 17:58:22,285 INFO L290 TraceCheckUtils]: 7: Hoare triple {422#true} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:22,285 INFO L290 TraceCheckUtils]: 8: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:22,285 INFO L290 TraceCheckUtils]: 9: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:22,285 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {422#true} {422#true} #1245#return; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L290 TraceCheckUtils]: 11: Hoare triple {422#true} assume { :end_inline_setup_bob__wrappee__Base } true; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L272 TraceCheckUtils]: 12: Hoare triple {422#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {422#true} is VALID [2022-02-20 17:58:22,286 INFO L290 TraceCheckUtils]: 13: Hoare triple {422#true} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L290 TraceCheckUtils]: 14: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L290 TraceCheckUtils]: 15: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {422#true} {422#true} #1247#return; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L290 TraceCheckUtils]: 17: Hoare triple {422#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L272 TraceCheckUtils]: 18: Hoare triple {422#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {422#true} is VALID [2022-02-20 17:58:22,286 INFO L290 TraceCheckUtils]: 19: Hoare triple {422#true} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L290 TraceCheckUtils]: 20: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L290 TraceCheckUtils]: 21: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {422#true} {422#true} #1249#return; {422#true} is VALID [2022-02-20 17:58:22,286 INFO L290 TraceCheckUtils]: 23: Hoare triple {422#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {422#true} is VALID [2022-02-20 17:58:22,287 INFO L272 TraceCheckUtils]: 24: Hoare triple {422#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {422#true} is VALID [2022-02-20 17:58:22,287 INFO L290 TraceCheckUtils]: 25: Hoare triple {422#true} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:22,287 INFO L290 TraceCheckUtils]: 26: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:22,287 INFO L290 TraceCheckUtils]: 27: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:22,287 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {422#true} {422#true} #1251#return; {422#true} is VALID [2022-02-20 17:58:22,287 INFO L290 TraceCheckUtils]: 29: Hoare triple {422#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {422#true} is VALID [2022-02-20 17:58:22,287 INFO L272 TraceCheckUtils]: 30: Hoare triple {422#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {422#true} is VALID [2022-02-20 17:58:22,288 INFO L290 TraceCheckUtils]: 31: Hoare triple {422#true} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L290 TraceCheckUtils]: 32: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L290 TraceCheckUtils]: 33: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {422#true} {422#true} #1253#return; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L290 TraceCheckUtils]: 35: Hoare triple {422#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L272 TraceCheckUtils]: 36: Hoare triple {422#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {422#true} is VALID [2022-02-20 17:58:22,288 INFO L290 TraceCheckUtils]: 37: Hoare triple {422#true} ~handle := #in~handle;~value := #in~value; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L290 TraceCheckUtils]: 38: Hoare triple {422#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L290 TraceCheckUtils]: 39: Hoare triple {422#true} assume true; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {422#true} {422#true} #1255#return; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L290 TraceCheckUtils]: 41: Hoare triple {422#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {422#true} is VALID [2022-02-20 17:58:22,288 INFO L290 TraceCheckUtils]: 42: Hoare triple {422#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {422#true} is VALID [2022-02-20 17:58:22,289 INFO L290 TraceCheckUtils]: 43: Hoare triple {422#true} assume false; {423#false} is VALID [2022-02-20 17:58:22,289 INFO L290 TraceCheckUtils]: 44: Hoare triple {423#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {423#false} is VALID [2022-02-20 17:58:22,289 INFO L272 TraceCheckUtils]: 45: Hoare triple {423#false} call sendEmail(~bob~0, ~rjh~0); {423#false} is VALID [2022-02-20 17:58:22,289 INFO L290 TraceCheckUtils]: 46: Hoare triple {423#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {423#false} is VALID [2022-02-20 17:58:22,289 INFO L272 TraceCheckUtils]: 47: Hoare triple {423#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {423#false} is VALID [2022-02-20 17:58:22,289 INFO L290 TraceCheckUtils]: 48: Hoare triple {423#false} ~handle := #in~handle;~value := #in~value; {423#false} is VALID [2022-02-20 17:58:22,289 INFO L290 TraceCheckUtils]: 49: Hoare triple {423#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L290 TraceCheckUtils]: 50: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {423#false} {423#false} #1231#return; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L272 TraceCheckUtils]: 52: Hoare triple {423#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {423#false} is VALID [2022-02-20 17:58:22,290 INFO L290 TraceCheckUtils]: 53: Hoare triple {423#false} ~handle := #in~handle;~value := #in~value; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L290 TraceCheckUtils]: 54: Hoare triple {423#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L290 TraceCheckUtils]: 55: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {423#false} {423#false} #1233#return; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L290 TraceCheckUtils]: 57: Hoare triple {423#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L290 TraceCheckUtils]: 58: Hoare triple {423#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L272 TraceCheckUtils]: 59: Hoare triple {423#false} call outgoing(~sender#1, ~email~0#1); {423#false} is VALID [2022-02-20 17:58:22,290 INFO L290 TraceCheckUtils]: 60: Hoare triple {423#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {423#false} is VALID [2022-02-20 17:58:22,290 INFO L272 TraceCheckUtils]: 61: Hoare triple {423#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {423#false} is VALID [2022-02-20 17:58:22,291 INFO L290 TraceCheckUtils]: 62: Hoare triple {423#false} ~handle := #in~handle;havoc ~retValue_acc~12; {423#false} is VALID [2022-02-20 17:58:22,291 INFO L290 TraceCheckUtils]: 63: Hoare triple {423#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {423#false} is VALID [2022-02-20 17:58:22,291 INFO L290 TraceCheckUtils]: 64: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,291 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {423#false} {423#false} #1161#return; {423#false} is VALID [2022-02-20 17:58:22,291 INFO L290 TraceCheckUtils]: 66: Hoare triple {423#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {423#false} is VALID [2022-02-20 17:58:22,291 INFO L290 TraceCheckUtils]: 67: Hoare triple {423#false} assume 0 == sign_~privkey~1#1; {423#false} is VALID [2022-02-20 17:58:22,292 INFO L290 TraceCheckUtils]: 68: Hoare triple {423#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {423#false} is VALID [2022-02-20 17:58:22,292 INFO L272 TraceCheckUtils]: 69: Hoare triple {423#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {423#false} is VALID [2022-02-20 17:58:22,292 INFO L290 TraceCheckUtils]: 70: Hoare triple {423#false} ~handle := #in~handle;havoc ~retValue_acc~6; {423#false} is VALID [2022-02-20 17:58:22,292 INFO L290 TraceCheckUtils]: 71: Hoare triple {423#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {423#false} is VALID [2022-02-20 17:58:22,292 INFO L290 TraceCheckUtils]: 72: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,292 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {423#false} {423#false} #1163#return; {423#false} is VALID [2022-02-20 17:58:22,292 INFO L290 TraceCheckUtils]: 74: Hoare triple {423#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {423#false} is VALID [2022-02-20 17:58:22,293 INFO L290 TraceCheckUtils]: 75: Hoare triple {423#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {423#false} is VALID [2022-02-20 17:58:22,293 INFO L272 TraceCheckUtils]: 76: Hoare triple {423#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {423#false} is VALID [2022-02-20 17:58:22,293 INFO L290 TraceCheckUtils]: 77: Hoare triple {423#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {423#false} is VALID [2022-02-20 17:58:22,293 INFO L272 TraceCheckUtils]: 78: Hoare triple {423#false} call #t~ret85#1 := getEmailTo(~msg#1); {423#false} is VALID [2022-02-20 17:58:22,293 INFO L290 TraceCheckUtils]: 79: Hoare triple {423#false} ~handle := #in~handle;havoc ~retValue_acc~24; {423#false} is VALID [2022-02-20 17:58:22,293 INFO L290 TraceCheckUtils]: 80: Hoare triple {423#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {423#false} is VALID [2022-02-20 17:58:22,293 INFO L290 TraceCheckUtils]: 81: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,294 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {423#false} {423#false} #1181#return; {423#false} is VALID [2022-02-20 17:58:22,294 INFO L290 TraceCheckUtils]: 83: Hoare triple {423#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {423#false} is VALID [2022-02-20 17:58:22,294 INFO L272 TraceCheckUtils]: 84: Hoare triple {423#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {423#false} is VALID [2022-02-20 17:58:22,294 INFO L290 TraceCheckUtils]: 85: Hoare triple {423#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {423#false} is VALID [2022-02-20 17:58:22,294 INFO L290 TraceCheckUtils]: 86: Hoare triple {423#false} assume 1 == ~handle; {423#false} is VALID [2022-02-20 17:58:22,294 INFO L290 TraceCheckUtils]: 87: Hoare triple {423#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {423#false} is VALID [2022-02-20 17:58:22,294 INFO L290 TraceCheckUtils]: 88: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,295 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {423#false} {423#false} #1183#return; {423#false} is VALID [2022-02-20 17:58:22,295 INFO L290 TraceCheckUtils]: 90: Hoare triple {423#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {423#false} is VALID [2022-02-20 17:58:22,295 INFO L290 TraceCheckUtils]: 91: Hoare triple {423#false} assume !(0 != ~pubkey~0#1); {423#false} is VALID [2022-02-20 17:58:22,295 INFO L290 TraceCheckUtils]: 92: Hoare triple {423#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {423#false} is VALID [2022-02-20 17:58:22,295 INFO L290 TraceCheckUtils]: 93: Hoare triple {423#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {423#false} is VALID [2022-02-20 17:58:22,295 INFO L290 TraceCheckUtils]: 94: Hoare triple {423#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {423#false} is VALID [2022-02-20 17:58:22,296 INFO L272 TraceCheckUtils]: 95: Hoare triple {423#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {423#false} is VALID [2022-02-20 17:58:22,296 INFO L290 TraceCheckUtils]: 96: Hoare triple {423#false} ~handle := #in~handle;~value := #in~value; {423#false} is VALID [2022-02-20 17:58:22,296 INFO L290 TraceCheckUtils]: 97: Hoare triple {423#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {423#false} is VALID [2022-02-20 17:58:22,296 INFO L290 TraceCheckUtils]: 98: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,296 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {423#false} {423#false} #1189#return; {423#false} is VALID [2022-02-20 17:58:22,296 INFO L290 TraceCheckUtils]: 100: Hoare triple {423#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {423#false} is VALID [2022-02-20 17:58:22,296 INFO L272 TraceCheckUtils]: 101: Hoare triple {423#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {423#false} is VALID [2022-02-20 17:58:22,297 INFO L290 TraceCheckUtils]: 102: Hoare triple {423#false} ~handle := #in~handle;havoc ~retValue_acc~29; {423#false} is VALID [2022-02-20 17:58:22,297 INFO L290 TraceCheckUtils]: 103: Hoare triple {423#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {423#false} is VALID [2022-02-20 17:58:22,297 INFO L290 TraceCheckUtils]: 104: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,297 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {423#false} {423#false} #1191#return; {423#false} is VALID [2022-02-20 17:58:22,297 INFO L290 TraceCheckUtils]: 106: Hoare triple {423#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {423#false} is VALID [2022-02-20 17:58:22,297 INFO L290 TraceCheckUtils]: 107: Hoare triple {423#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {423#false} is VALID [2022-02-20 17:58:22,297 INFO L272 TraceCheckUtils]: 108: Hoare triple {423#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {423#false} is VALID [2022-02-20 17:58:22,298 INFO L290 TraceCheckUtils]: 109: Hoare triple {423#false} ~handle := #in~handle;havoc ~retValue_acc~24; {423#false} is VALID [2022-02-20 17:58:22,298 INFO L290 TraceCheckUtils]: 110: Hoare triple {423#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {423#false} is VALID [2022-02-20 17:58:22,298 INFO L290 TraceCheckUtils]: 111: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,298 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {423#false} {423#false} #1193#return; {423#false} is VALID [2022-02-20 17:58:22,298 INFO L290 TraceCheckUtils]: 113: Hoare triple {423#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {423#false} is VALID [2022-02-20 17:58:22,298 INFO L272 TraceCheckUtils]: 114: Hoare triple {423#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {423#false} is VALID [2022-02-20 17:58:22,298 INFO L290 TraceCheckUtils]: 115: Hoare triple {423#false} ~handle := #in~handle;havoc ~retValue_acc~12; {423#false} is VALID [2022-02-20 17:58:22,298 INFO L290 TraceCheckUtils]: 116: Hoare triple {423#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {423#false} is VALID [2022-02-20 17:58:22,299 INFO L290 TraceCheckUtils]: 117: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,299 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {423#false} {423#false} #1195#return; {423#false} is VALID [2022-02-20 17:58:22,299 INFO L290 TraceCheckUtils]: 119: Hoare triple {423#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {423#false} is VALID [2022-02-20 17:58:22,299 INFO L290 TraceCheckUtils]: 120: Hoare triple {423#false} assume !(0 != incoming_~privkey~0#1); {423#false} is VALID [2022-02-20 17:58:22,299 INFO L290 TraceCheckUtils]: 121: Hoare triple {423#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {423#false} is VALID [2022-02-20 17:58:22,299 INFO L290 TraceCheckUtils]: 122: Hoare triple {423#false} assume 1 == ~sent_signed~0; {423#false} is VALID [2022-02-20 17:58:22,299 INFO L272 TraceCheckUtils]: 123: Hoare triple {423#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {423#false} is VALID [2022-02-20 17:58:22,300 INFO L290 TraceCheckUtils]: 124: Hoare triple {423#false} ~handle := #in~handle;havoc ~retValue_acc~23; {423#false} is VALID [2022-02-20 17:58:22,300 INFO L290 TraceCheckUtils]: 125: Hoare triple {423#false} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {423#false} is VALID [2022-02-20 17:58:22,300 INFO L290 TraceCheckUtils]: 126: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,300 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {423#false} {423#false} #1207#return; {423#false} is VALID [2022-02-20 17:58:22,300 INFO L290 TraceCheckUtils]: 128: Hoare triple {423#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {423#false} is VALID [2022-02-20 17:58:22,300 INFO L272 TraceCheckUtils]: 129: Hoare triple {423#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {423#false} is VALID [2022-02-20 17:58:22,300 INFO L290 TraceCheckUtils]: 130: Hoare triple {423#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {423#false} is VALID [2022-02-20 17:58:22,301 INFO L290 TraceCheckUtils]: 131: Hoare triple {423#false} assume 1 == ~handle; {423#false} is VALID [2022-02-20 17:58:22,301 INFO L290 TraceCheckUtils]: 132: Hoare triple {423#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {423#false} is VALID [2022-02-20 17:58:22,301 INFO L290 TraceCheckUtils]: 133: Hoare triple {423#false} assume true; {423#false} is VALID [2022-02-20 17:58:22,301 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {423#false} {423#false} #1209#return; {423#false} is VALID [2022-02-20 17:58:22,301 INFO L290 TraceCheckUtils]: 135: Hoare triple {423#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {423#false} is VALID [2022-02-20 17:58:22,301 INFO L290 TraceCheckUtils]: 136: Hoare triple {423#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {423#false} is VALID [2022-02-20 17:58:22,301 INFO L272 TraceCheckUtils]: 137: Hoare triple {423#false} call __automaton_fail(); {423#false} is VALID [2022-02-20 17:58:22,302 INFO L290 TraceCheckUtils]: 138: Hoare triple {423#false} assume !false; {423#false} is VALID [2022-02-20 17:58:22,302 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:22,302 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:22,302 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [766155645] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:22,302 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:22,303 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:58:22,304 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1624682146] [2022-02-20 17:58:22,305 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:22,308 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 139 [2022-02-20 17:58:22,309 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:22,311 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:22,380 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 114 edges. 114 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:22,380 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:58:22,381 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:22,403 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:58:22,404 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:22,407 INFO L87 Difference]: Start difference. First operand has 419 states, 320 states have (on average 1.55) internal successors, (496), 327 states have internal predecessors, (496), 68 states have call successors, (68), 29 states have call predecessors, (68), 29 states have return successors, (68), 66 states have call predecessors, (68), 68 states have call successors, (68) Second operand has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:22,783 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:22,783 INFO L93 Difference]: Finished difference Result 649 states and 962 transitions. [2022-02-20 17:58:22,783 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:58:22,784 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 139 [2022-02-20 17:58:22,784 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:22,785 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:22,811 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 962 transitions. [2022-02-20 17:58:22,812 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:22,829 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 962 transitions. [2022-02-20 17:58:22,829 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 962 transitions. [2022-02-20 17:58:23,428 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 962 edges. 962 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:23,454 INFO L225 Difference]: With dead ends: 649 [2022-02-20 17:58:23,454 INFO L226 Difference]: Without dead ends: 411 [2022-02-20 17:58:23,458 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 178 GetRequests, 171 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:23,460 INFO L933 BasicCegarLoop]: 626 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 626 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:23,461 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 626 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:23,473 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 411 states. [2022-02-20 17:58:23,511 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 411 to 411. [2022-02-20 17:58:23,511 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:23,516 INFO L82 GeneralOperation]: Start isEquivalent. First operand 411 states. Second operand has 411 states, 314 states have (on average 1.5445859872611465) internal successors, (485), 319 states have internal predecessors, (485), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:58:23,520 INFO L74 IsIncluded]: Start isIncluded. First operand 411 states. Second operand has 411 states, 314 states have (on average 1.5445859872611465) internal successors, (485), 319 states have internal predecessors, (485), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:58:23,522 INFO L87 Difference]: Start difference. First operand 411 states. Second operand has 411 states, 314 states have (on average 1.5445859872611465) internal successors, (485), 319 states have internal predecessors, (485), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:58:23,542 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:23,542 INFO L93 Difference]: Finished difference Result 411 states and 618 transitions. [2022-02-20 17:58:23,542 INFO L276 IsEmpty]: Start isEmpty. Operand 411 states and 618 transitions. [2022-02-20 17:58:23,544 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:23,544 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:23,546 INFO L74 IsIncluded]: Start isIncluded. First operand has 411 states, 314 states have (on average 1.5445859872611465) internal successors, (485), 319 states have internal predecessors, (485), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 411 states. [2022-02-20 17:58:23,548 INFO L87 Difference]: Start difference. First operand has 411 states, 314 states have (on average 1.5445859872611465) internal successors, (485), 319 states have internal predecessors, (485), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 411 states. [2022-02-20 17:58:23,564 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:23,564 INFO L93 Difference]: Finished difference Result 411 states and 618 transitions. [2022-02-20 17:58:23,564 INFO L276 IsEmpty]: Start isEmpty. Operand 411 states and 618 transitions. [2022-02-20 17:58:23,567 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:23,567 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:23,567 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:23,567 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:23,568 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 411 states, 314 states have (on average 1.5445859872611465) internal successors, (485), 319 states have internal predecessors, (485), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:58:23,586 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 411 states to 411 states and 618 transitions. [2022-02-20 17:58:23,587 INFO L78 Accepts]: Start accepts. Automaton has 411 states and 618 transitions. Word has length 139 [2022-02-20 17:58:23,589 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:23,589 INFO L470 AbstractCegarLoop]: Abstraction has 411 states and 618 transitions. [2022-02-20 17:58:23,589 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:23,589 INFO L276 IsEmpty]: Start isEmpty. Operand 411 states and 618 transitions. [2022-02-20 17:58:23,596 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 160 [2022-02-20 17:58:23,596 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:23,596 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:23,616 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:23,804 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:58:23,805 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:23,805 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:23,805 INFO L85 PathProgramCache]: Analyzing trace with hash -651445051, now seen corresponding path program 1 times [2022-02-20 17:58:23,806 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:23,806 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [936863705] [2022-02-20 17:58:23,806 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:23,806 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:23,870 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:23,920 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:23,923 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:23,927 INFO L290 TraceCheckUtils]: 0: Hoare triple {3284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:23,928 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:23,928 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:23,928 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3194#true} #1245#return; {3194#true} is VALID [2022-02-20 17:58:23,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:23,935 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:23,938 INFO L290 TraceCheckUtils]: 0: Hoare triple {3285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:23,938 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:23,938 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:23,938 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3194#true} #1247#return; {3194#true} is VALID [2022-02-20 17:58:23,939 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:23,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:23,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {3284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3286#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:23,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {3286#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3287#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:23,966 INFO L290 TraceCheckUtils]: 2: Hoare triple {3287#(= |setClientId_#in~handle| 1)} assume true; {3287#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:23,967 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3287#(= |setClientId_#in~handle| 1)} {3204#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1249#return; {3195#false} is VALID [2022-02-20 17:58:23,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:23,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:23,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {3285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:23,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:23,972 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:23,976 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1251#return; {3195#false} is VALID [2022-02-20 17:58:23,977 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:23,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:23,986 INFO L290 TraceCheckUtils]: 0: Hoare triple {3284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:23,986 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:23,987 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:23,989 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1253#return; {3195#false} is VALID [2022-02-20 17:58:23,990 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:23,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:23,995 INFO L290 TraceCheckUtils]: 0: Hoare triple {3285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:23,995 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:23,995 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:23,996 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1255#return; {3195#false} is VALID [2022-02-20 17:58:24,002 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:58:24,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,004 INFO L290 TraceCheckUtils]: 0: Hoare triple {3288#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,005 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,006 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,006 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1231#return; {3195#false} is VALID [2022-02-20 17:58:24,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:58:24,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {3289#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,018 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,018 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,020 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1233#return; {3195#false} is VALID [2022-02-20 17:58:24,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:24,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~12; {3194#true} is VALID [2022-02-20 17:58:24,024 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {3194#true} is VALID [2022-02-20 17:58:24,024 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,024 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1161#return; {3195#false} is VALID [2022-02-20 17:58:24,024 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:58:24,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~6; {3194#true} is VALID [2022-02-20 17:58:24,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {3194#true} is VALID [2022-02-20 17:58:24,030 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,030 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1163#return; {3195#false} is VALID [2022-02-20 17:58:24,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:58:24,031 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,032 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,032 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,032 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1165#return; {3195#false} is VALID [2022-02-20 17:58:24,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:58:24,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {3194#true} is VALID [2022-02-20 17:58:24,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle; {3194#true} is VALID [2022-02-20 17:58:24,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {3194#true} is VALID [2022-02-20 17:58:24,040 INFO L290 TraceCheckUtils]: 3: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,040 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3194#true} {3195#false} #1167#return; {3195#false} is VALID [2022-02-20 17:58:24,040 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:58:24,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {3289#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1169#return; {3195#false} is VALID [2022-02-20 17:58:24,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:58:24,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,046 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,046 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,046 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,046 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1181#return; {3195#false} is VALID [2022-02-20 17:58:24,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:58:24,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,050 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {3194#true} is VALID [2022-02-20 17:58:24,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle; {3194#true} is VALID [2022-02-20 17:58:24,051 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {3194#true} is VALID [2022-02-20 17:58:24,051 INFO L290 TraceCheckUtils]: 3: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,051 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3194#true} {3195#false} #1183#return; {3195#false} is VALID [2022-02-20 17:58:24,051 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:24,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,053 INFO L290 TraceCheckUtils]: 0: Hoare triple {3288#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,054 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,054 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,054 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1189#return; {3195#false} is VALID [2022-02-20 17:58:24,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 17:58:24,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~29; {3194#true} is VALID [2022-02-20 17:58:24,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {3194#true} is VALID [2022-02-20 17:58:24,057 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,057 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1191#return; {3195#false} is VALID [2022-02-20 17:58:24,057 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:58:24,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,066 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,066 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,067 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,067 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1193#return; {3195#false} is VALID [2022-02-20 17:58:24,067 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 17:58:24,068 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~12; {3194#true} is VALID [2022-02-20 17:58:24,072 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {3194#true} is VALID [2022-02-20 17:58:24,072 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,073 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1195#return; {3195#false} is VALID [2022-02-20 17:58:24,073 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 17:58:24,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~23; {3194#true} is VALID [2022-02-20 17:58:24,076 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {3194#true} is VALID [2022-02-20 17:58:24,077 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,077 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3194#true} {3195#false} #1207#return; {3195#false} is VALID [2022-02-20 17:58:24,077 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 149 [2022-02-20 17:58:24,078 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,080 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {3194#true} is VALID [2022-02-20 17:58:24,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume 1 == ~handle; {3194#true} is VALID [2022-02-20 17:58:24,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {3194#true} is VALID [2022-02-20 17:58:24,081 INFO L290 TraceCheckUtils]: 3: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,081 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3194#true} {3195#false} #1209#return; {3195#false} is VALID [2022-02-20 17:58:24,081 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {3194#true} is VALID [2022-02-20 17:58:24,081 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {3194#true} is VALID [2022-02-20 17:58:24,081 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3194#true} is VALID [2022-02-20 17:58:24,082 INFO L290 TraceCheckUtils]: 3: Hoare triple {3194#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {3194#true} is VALID [2022-02-20 17:58:24,082 INFO L290 TraceCheckUtils]: 4: Hoare triple {3194#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {3194#true} is VALID [2022-02-20 17:58:24,082 INFO L290 TraceCheckUtils]: 5: Hoare triple {3194#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3194#true} is VALID [2022-02-20 17:58:24,082 INFO L272 TraceCheckUtils]: 6: Hoare triple {3194#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:24,083 INFO L290 TraceCheckUtils]: 7: Hoare triple {3284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,083 INFO L290 TraceCheckUtils]: 8: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,083 INFO L290 TraceCheckUtils]: 9: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,083 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3194#true} {3194#true} #1245#return; {3194#true} is VALID [2022-02-20 17:58:24,083 INFO L290 TraceCheckUtils]: 11: Hoare triple {3194#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3194#true} is VALID [2022-02-20 17:58:24,084 INFO L272 TraceCheckUtils]: 12: Hoare triple {3194#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:24,084 INFO L290 TraceCheckUtils]: 13: Hoare triple {3285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,084 INFO L290 TraceCheckUtils]: 14: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,084 INFO L290 TraceCheckUtils]: 15: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,084 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3194#true} {3194#true} #1247#return; {3194#true} is VALID [2022-02-20 17:58:24,085 INFO L290 TraceCheckUtils]: 17: Hoare triple {3194#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3204#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:24,085 INFO L272 TraceCheckUtils]: 18: Hoare triple {3204#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:24,085 INFO L290 TraceCheckUtils]: 19: Hoare triple {3284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3286#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:24,086 INFO L290 TraceCheckUtils]: 20: Hoare triple {3286#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3287#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:24,086 INFO L290 TraceCheckUtils]: 21: Hoare triple {3287#(= |setClientId_#in~handle| 1)} assume true; {3287#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:24,087 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3287#(= |setClientId_#in~handle| 1)} {3204#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1249#return; {3195#false} is VALID [2022-02-20 17:58:24,087 INFO L290 TraceCheckUtils]: 23: Hoare triple {3195#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3195#false} is VALID [2022-02-20 17:58:24,087 INFO L272 TraceCheckUtils]: 24: Hoare triple {3195#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:24,087 INFO L290 TraceCheckUtils]: 25: Hoare triple {3285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,087 INFO L290 TraceCheckUtils]: 26: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,087 INFO L290 TraceCheckUtils]: 27: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,087 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3194#true} {3195#false} #1251#return; {3195#false} is VALID [2022-02-20 17:58:24,089 INFO L290 TraceCheckUtils]: 29: Hoare triple {3195#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3195#false} is VALID [2022-02-20 17:58:24,089 INFO L272 TraceCheckUtils]: 30: Hoare triple {3195#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:24,089 INFO L290 TraceCheckUtils]: 31: Hoare triple {3284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,089 INFO L290 TraceCheckUtils]: 32: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,089 INFO L290 TraceCheckUtils]: 33: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,090 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3194#true} {3195#false} #1253#return; {3195#false} is VALID [2022-02-20 17:58:24,090 INFO L290 TraceCheckUtils]: 35: Hoare triple {3195#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3195#false} is VALID [2022-02-20 17:58:24,090 INFO L272 TraceCheckUtils]: 36: Hoare triple {3195#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:24,090 INFO L290 TraceCheckUtils]: 37: Hoare triple {3285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,090 INFO L290 TraceCheckUtils]: 38: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,090 INFO L290 TraceCheckUtils]: 39: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,090 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3194#true} {3195#false} #1255#return; {3195#false} is VALID [2022-02-20 17:58:24,090 INFO L290 TraceCheckUtils]: 41: Hoare triple {3195#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {3195#false} is VALID [2022-02-20 17:58:24,091 INFO L290 TraceCheckUtils]: 42: Hoare triple {3195#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3195#false} is VALID [2022-02-20 17:58:24,091 INFO L290 TraceCheckUtils]: 43: Hoare triple {3195#false} assume !false; {3195#false} is VALID [2022-02-20 17:58:24,091 INFO L290 TraceCheckUtils]: 44: Hoare triple {3195#false} assume !(test_~splverifierCounter~0#1 < 4); {3195#false} is VALID [2022-02-20 17:58:24,091 INFO L290 TraceCheckUtils]: 45: Hoare triple {3195#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {3195#false} is VALID [2022-02-20 17:58:24,091 INFO L272 TraceCheckUtils]: 46: Hoare triple {3195#false} call sendEmail(~bob~0, ~rjh~0); {3195#false} is VALID [2022-02-20 17:58:24,091 INFO L290 TraceCheckUtils]: 47: Hoare triple {3195#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3195#false} is VALID [2022-02-20 17:58:24,091 INFO L272 TraceCheckUtils]: 48: Hoare triple {3195#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3288#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:24,091 INFO L290 TraceCheckUtils]: 49: Hoare triple {3288#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,092 INFO L290 TraceCheckUtils]: 50: Hoare triple {3194#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,092 INFO L290 TraceCheckUtils]: 51: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,092 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3194#true} {3195#false} #1231#return; {3195#false} is VALID [2022-02-20 17:58:24,092 INFO L272 TraceCheckUtils]: 53: Hoare triple {3195#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3289#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:24,092 INFO L290 TraceCheckUtils]: 54: Hoare triple {3289#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,093 INFO L290 TraceCheckUtils]: 55: Hoare triple {3194#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,093 INFO L290 TraceCheckUtils]: 56: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,094 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3194#true} {3195#false} #1233#return; {3195#false} is VALID [2022-02-20 17:58:24,094 INFO L290 TraceCheckUtils]: 58: Hoare triple {3195#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {3195#false} is VALID [2022-02-20 17:58:24,095 INFO L290 TraceCheckUtils]: 59: Hoare triple {3195#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {3195#false} is VALID [2022-02-20 17:58:24,096 INFO L272 TraceCheckUtils]: 60: Hoare triple {3195#false} call outgoing(~sender#1, ~email~0#1); {3195#false} is VALID [2022-02-20 17:58:24,096 INFO L290 TraceCheckUtils]: 61: Hoare triple {3195#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {3195#false} is VALID [2022-02-20 17:58:24,096 INFO L272 TraceCheckUtils]: 62: Hoare triple {3195#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {3194#true} is VALID [2022-02-20 17:58:24,096 INFO L290 TraceCheckUtils]: 63: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~12; {3194#true} is VALID [2022-02-20 17:58:24,096 INFO L290 TraceCheckUtils]: 64: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {3194#true} is VALID [2022-02-20 17:58:24,097 INFO L290 TraceCheckUtils]: 65: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,097 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3194#true} {3195#false} #1161#return; {3195#false} is VALID [2022-02-20 17:58:24,097 INFO L290 TraceCheckUtils]: 67: Hoare triple {3195#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {3195#false} is VALID [2022-02-20 17:58:24,097 INFO L290 TraceCheckUtils]: 68: Hoare triple {3195#false} assume 0 == sign_~privkey~1#1; {3195#false} is VALID [2022-02-20 17:58:24,097 INFO L290 TraceCheckUtils]: 69: Hoare triple {3195#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {3195#false} is VALID [2022-02-20 17:58:24,097 INFO L272 TraceCheckUtils]: 70: Hoare triple {3195#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3194#true} is VALID [2022-02-20 17:58:24,097 INFO L290 TraceCheckUtils]: 71: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~6; {3194#true} is VALID [2022-02-20 17:58:24,097 INFO L290 TraceCheckUtils]: 72: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {3194#true} is VALID [2022-02-20 17:58:24,097 INFO L290 TraceCheckUtils]: 73: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,098 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3194#true} {3195#false} #1163#return; {3195#false} is VALID [2022-02-20 17:58:24,098 INFO L290 TraceCheckUtils]: 75: Hoare triple {3195#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {3195#false} is VALID [2022-02-20 17:58:24,098 INFO L290 TraceCheckUtils]: 76: Hoare triple {3195#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {3195#false} is VALID [2022-02-20 17:58:24,098 INFO L290 TraceCheckUtils]: 77: Hoare triple {3195#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret88#1 := puts(35, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret88#1; {3195#false} is VALID [2022-02-20 17:58:24,098 INFO L272 TraceCheckUtils]: 78: Hoare triple {3195#false} call outgoing__wrappee__AddressBook_#t~ret89#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {3194#true} is VALID [2022-02-20 17:58:24,098 INFO L290 TraceCheckUtils]: 79: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,098 INFO L290 TraceCheckUtils]: 80: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,098 INFO L290 TraceCheckUtils]: 81: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,099 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3194#true} {3195#false} #1165#return; {3195#false} is VALID [2022-02-20 17:58:24,099 INFO L290 TraceCheckUtils]: 83: Hoare triple {3195#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~7#1 := outgoing__wrappee__AddressBook_#t~ret89#1;havoc outgoing__wrappee__AddressBook_#t~ret89#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~7#1;call outgoing__wrappee__AddressBook_#t~ret90#1 := puts(36, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret90#1; {3195#false} is VALID [2022-02-20 17:58:24,099 INFO L272 TraceCheckUtils]: 84: Hoare triple {3195#false} call outgoing__wrappee__AddressBook_#t~ret91#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {3194#true} is VALID [2022-02-20 17:58:24,099 INFO L290 TraceCheckUtils]: 85: Hoare triple {3194#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {3194#true} is VALID [2022-02-20 17:58:24,099 INFO L290 TraceCheckUtils]: 86: Hoare triple {3194#true} assume 1 == ~handle; {3194#true} is VALID [2022-02-20 17:58:24,100 INFO L290 TraceCheckUtils]: 87: Hoare triple {3194#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {3194#true} is VALID [2022-02-20 17:58:24,100 INFO L290 TraceCheckUtils]: 88: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,100 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {3194#true} {3195#false} #1167#return; {3195#false} is VALID [2022-02-20 17:58:24,100 INFO L290 TraceCheckUtils]: 90: Hoare triple {3195#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret91#1 && outgoing__wrappee__AddressBook_#t~ret91#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~3#1 := outgoing__wrappee__AddressBook_#t~ret91#1;havoc outgoing__wrappee__AddressBook_#t~ret91#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~3#1; {3195#false} is VALID [2022-02-20 17:58:24,100 INFO L272 TraceCheckUtils]: 91: Hoare triple {3195#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {3289#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:24,100 INFO L290 TraceCheckUtils]: 92: Hoare triple {3289#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,100 INFO L290 TraceCheckUtils]: 93: Hoare triple {3194#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,101 INFO L290 TraceCheckUtils]: 94: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,101 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {3194#true} {3195#false} #1169#return; {3195#false} is VALID [2022-02-20 17:58:24,101 INFO L272 TraceCheckUtils]: 96: Hoare triple {3195#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3195#false} is VALID [2022-02-20 17:58:24,101 INFO L290 TraceCheckUtils]: 97: Hoare triple {3195#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {3195#false} is VALID [2022-02-20 17:58:24,101 INFO L272 TraceCheckUtils]: 98: Hoare triple {3195#false} call #t~ret85#1 := getEmailTo(~msg#1); {3194#true} is VALID [2022-02-20 17:58:24,101 INFO L290 TraceCheckUtils]: 99: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,101 INFO L290 TraceCheckUtils]: 100: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,101 INFO L290 TraceCheckUtils]: 101: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,101 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {3194#true} {3195#false} #1181#return; {3195#false} is VALID [2022-02-20 17:58:24,102 INFO L290 TraceCheckUtils]: 103: Hoare triple {3195#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {3195#false} is VALID [2022-02-20 17:58:24,102 INFO L272 TraceCheckUtils]: 104: Hoare triple {3195#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {3194#true} is VALID [2022-02-20 17:58:24,102 INFO L290 TraceCheckUtils]: 105: Hoare triple {3194#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {3194#true} is VALID [2022-02-20 17:58:24,102 INFO L290 TraceCheckUtils]: 106: Hoare triple {3194#true} assume 1 == ~handle; {3194#true} is VALID [2022-02-20 17:58:24,102 INFO L290 TraceCheckUtils]: 107: Hoare triple {3194#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {3194#true} is VALID [2022-02-20 17:58:24,102 INFO L290 TraceCheckUtils]: 108: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,102 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {3194#true} {3195#false} #1183#return; {3195#false} is VALID [2022-02-20 17:58:24,102 INFO L290 TraceCheckUtils]: 110: Hoare triple {3195#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {3195#false} is VALID [2022-02-20 17:58:24,102 INFO L290 TraceCheckUtils]: 111: Hoare triple {3195#false} assume !(0 != ~pubkey~0#1); {3195#false} is VALID [2022-02-20 17:58:24,103 INFO L290 TraceCheckUtils]: 112: Hoare triple {3195#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {3195#false} is VALID [2022-02-20 17:58:24,103 INFO L290 TraceCheckUtils]: 113: Hoare triple {3195#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {3195#false} is VALID [2022-02-20 17:58:24,103 INFO L290 TraceCheckUtils]: 114: Hoare triple {3195#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {3195#false} is VALID [2022-02-20 17:58:24,103 INFO L272 TraceCheckUtils]: 115: Hoare triple {3195#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {3288#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:24,103 INFO L290 TraceCheckUtils]: 116: Hoare triple {3288#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,103 INFO L290 TraceCheckUtils]: 117: Hoare triple {3194#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,103 INFO L290 TraceCheckUtils]: 118: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,103 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {3194#true} {3195#false} #1189#return; {3195#false} is VALID [2022-02-20 17:58:24,104 INFO L290 TraceCheckUtils]: 120: Hoare triple {3195#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {3195#false} is VALID [2022-02-20 17:58:24,104 INFO L272 TraceCheckUtils]: 121: Hoare triple {3195#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {3194#true} is VALID [2022-02-20 17:58:24,104 INFO L290 TraceCheckUtils]: 122: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~29; {3194#true} is VALID [2022-02-20 17:58:24,104 INFO L290 TraceCheckUtils]: 123: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {3194#true} is VALID [2022-02-20 17:58:24,104 INFO L290 TraceCheckUtils]: 124: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,104 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {3194#true} {3195#false} #1191#return; {3195#false} is VALID [2022-02-20 17:58:24,104 INFO L290 TraceCheckUtils]: 126: Hoare triple {3195#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {3195#false} is VALID [2022-02-20 17:58:24,104 INFO L290 TraceCheckUtils]: 127: Hoare triple {3195#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {3195#false} is VALID [2022-02-20 17:58:24,104 INFO L272 TraceCheckUtils]: 128: Hoare triple {3195#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {3194#true} is VALID [2022-02-20 17:58:24,105 INFO L290 TraceCheckUtils]: 129: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,105 INFO L290 TraceCheckUtils]: 130: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {3194#true} is VALID [2022-02-20 17:58:24,105 INFO L290 TraceCheckUtils]: 131: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,105 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {3194#true} {3195#false} #1193#return; {3195#false} is VALID [2022-02-20 17:58:24,105 INFO L290 TraceCheckUtils]: 133: Hoare triple {3195#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {3195#false} is VALID [2022-02-20 17:58:24,105 INFO L272 TraceCheckUtils]: 134: Hoare triple {3195#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {3194#true} is VALID [2022-02-20 17:58:24,105 INFO L290 TraceCheckUtils]: 135: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~12; {3194#true} is VALID [2022-02-20 17:58:24,105 INFO L290 TraceCheckUtils]: 136: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {3194#true} is VALID [2022-02-20 17:58:24,105 INFO L290 TraceCheckUtils]: 137: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,106 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {3194#true} {3195#false} #1195#return; {3195#false} is VALID [2022-02-20 17:58:24,106 INFO L290 TraceCheckUtils]: 139: Hoare triple {3195#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {3195#false} is VALID [2022-02-20 17:58:24,106 INFO L290 TraceCheckUtils]: 140: Hoare triple {3195#false} assume !(0 != incoming_~privkey~0#1); {3195#false} is VALID [2022-02-20 17:58:24,106 INFO L290 TraceCheckUtils]: 141: Hoare triple {3195#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {3195#false} is VALID [2022-02-20 17:58:24,106 INFO L290 TraceCheckUtils]: 142: Hoare triple {3195#false} assume 1 == ~sent_signed~0; {3195#false} is VALID [2022-02-20 17:58:24,106 INFO L272 TraceCheckUtils]: 143: Hoare triple {3195#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {3194#true} is VALID [2022-02-20 17:58:24,106 INFO L290 TraceCheckUtils]: 144: Hoare triple {3194#true} ~handle := #in~handle;havoc ~retValue_acc~23; {3194#true} is VALID [2022-02-20 17:58:24,106 INFO L290 TraceCheckUtils]: 145: Hoare triple {3194#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {3194#true} is VALID [2022-02-20 17:58:24,106 INFO L290 TraceCheckUtils]: 146: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,107 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {3194#true} {3195#false} #1207#return; {3195#false} is VALID [2022-02-20 17:58:24,107 INFO L290 TraceCheckUtils]: 148: Hoare triple {3195#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {3195#false} is VALID [2022-02-20 17:58:24,107 INFO L272 TraceCheckUtils]: 149: Hoare triple {3195#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {3194#true} is VALID [2022-02-20 17:58:24,107 INFO L290 TraceCheckUtils]: 150: Hoare triple {3194#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {3194#true} is VALID [2022-02-20 17:58:24,107 INFO L290 TraceCheckUtils]: 151: Hoare triple {3194#true} assume 1 == ~handle; {3194#true} is VALID [2022-02-20 17:58:24,107 INFO L290 TraceCheckUtils]: 152: Hoare triple {3194#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {3194#true} is VALID [2022-02-20 17:58:24,107 INFO L290 TraceCheckUtils]: 153: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,107 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {3194#true} {3195#false} #1209#return; {3195#false} is VALID [2022-02-20 17:58:24,107 INFO L290 TraceCheckUtils]: 155: Hoare triple {3195#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {3195#false} is VALID [2022-02-20 17:58:24,108 INFO L290 TraceCheckUtils]: 156: Hoare triple {3195#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {3195#false} is VALID [2022-02-20 17:58:24,108 INFO L272 TraceCheckUtils]: 157: Hoare triple {3195#false} call __automaton_fail(); {3195#false} is VALID [2022-02-20 17:58:24,108 INFO L290 TraceCheckUtils]: 158: Hoare triple {3195#false} assume !false; {3195#false} is VALID [2022-02-20 17:58:24,108 INFO L134 CoverageAnalysis]: Checked inductivity of 53 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 47 trivial. 0 not checked. [2022-02-20 17:58:24,109 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:24,109 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [936863705] [2022-02-20 17:58:24,111 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [936863705] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:24,112 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1375646541] [2022-02-20 17:58:24,112 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:24,112 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:24,112 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:24,113 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:24,133 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:58:24,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,384 INFO L263 TraceCheckSpWp]: Trace formula consists of 1327 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:58:24,450 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:24,453 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:24,759 INFO L290 TraceCheckUtils]: 0: Hoare triple {3194#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {3194#true} is VALID [2022-02-20 17:58:24,759 INFO L290 TraceCheckUtils]: 1: Hoare triple {3194#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {3194#true} is VALID [2022-02-20 17:58:24,759 INFO L290 TraceCheckUtils]: 2: Hoare triple {3194#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3194#true} is VALID [2022-02-20 17:58:24,759 INFO L290 TraceCheckUtils]: 3: Hoare triple {3194#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {3194#true} is VALID [2022-02-20 17:58:24,760 INFO L290 TraceCheckUtils]: 4: Hoare triple {3194#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {3194#true} is VALID [2022-02-20 17:58:24,760 INFO L290 TraceCheckUtils]: 5: Hoare triple {3194#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3194#true} is VALID [2022-02-20 17:58:24,760 INFO L272 TraceCheckUtils]: 6: Hoare triple {3194#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3194#true} is VALID [2022-02-20 17:58:24,760 INFO L290 TraceCheckUtils]: 7: Hoare triple {3194#true} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,760 INFO L290 TraceCheckUtils]: 8: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,760 INFO L290 TraceCheckUtils]: 9: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,760 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3194#true} {3194#true} #1245#return; {3194#true} is VALID [2022-02-20 17:58:24,760 INFO L290 TraceCheckUtils]: 11: Hoare triple {3194#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3194#true} is VALID [2022-02-20 17:58:24,760 INFO L272 TraceCheckUtils]: 12: Hoare triple {3194#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3194#true} is VALID [2022-02-20 17:58:24,761 INFO L290 TraceCheckUtils]: 13: Hoare triple {3194#true} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,761 INFO L290 TraceCheckUtils]: 14: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,761 INFO L290 TraceCheckUtils]: 15: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,761 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3194#true} {3194#true} #1247#return; {3194#true} is VALID [2022-02-20 17:58:24,761 INFO L290 TraceCheckUtils]: 17: Hoare triple {3194#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3194#true} is VALID [2022-02-20 17:58:24,761 INFO L272 TraceCheckUtils]: 18: Hoare triple {3194#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3194#true} is VALID [2022-02-20 17:58:24,761 INFO L290 TraceCheckUtils]: 19: Hoare triple {3194#true} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,761 INFO L290 TraceCheckUtils]: 20: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,761 INFO L290 TraceCheckUtils]: 21: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,762 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3194#true} {3194#true} #1249#return; {3194#true} is VALID [2022-02-20 17:58:24,762 INFO L290 TraceCheckUtils]: 23: Hoare triple {3194#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3194#true} is VALID [2022-02-20 17:58:24,762 INFO L272 TraceCheckUtils]: 24: Hoare triple {3194#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3194#true} is VALID [2022-02-20 17:58:24,762 INFO L290 TraceCheckUtils]: 25: Hoare triple {3194#true} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,762 INFO L290 TraceCheckUtils]: 26: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,762 INFO L290 TraceCheckUtils]: 27: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,762 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3194#true} {3194#true} #1251#return; {3194#true} is VALID [2022-02-20 17:58:24,762 INFO L290 TraceCheckUtils]: 29: Hoare triple {3194#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3194#true} is VALID [2022-02-20 17:58:24,763 INFO L272 TraceCheckUtils]: 30: Hoare triple {3194#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3194#true} is VALID [2022-02-20 17:58:24,763 INFO L290 TraceCheckUtils]: 31: Hoare triple {3194#true} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,763 INFO L290 TraceCheckUtils]: 32: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,763 INFO L290 TraceCheckUtils]: 33: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,763 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3194#true} {3194#true} #1253#return; {3194#true} is VALID [2022-02-20 17:58:24,763 INFO L290 TraceCheckUtils]: 35: Hoare triple {3194#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3194#true} is VALID [2022-02-20 17:58:24,763 INFO L272 TraceCheckUtils]: 36: Hoare triple {3194#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3194#true} is VALID [2022-02-20 17:58:24,763 INFO L290 TraceCheckUtils]: 37: Hoare triple {3194#true} ~handle := #in~handle;~value := #in~value; {3194#true} is VALID [2022-02-20 17:58:24,763 INFO L290 TraceCheckUtils]: 38: Hoare triple {3194#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3194#true} is VALID [2022-02-20 17:58:24,764 INFO L290 TraceCheckUtils]: 39: Hoare triple {3194#true} assume true; {3194#true} is VALID [2022-02-20 17:58:24,764 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3194#true} {3194#true} #1255#return; {3194#true} is VALID [2022-02-20 17:58:24,764 INFO L290 TraceCheckUtils]: 41: Hoare triple {3194#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {3194#true} is VALID [2022-02-20 17:58:24,764 INFO L290 TraceCheckUtils]: 42: Hoare triple {3194#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3419#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:24,765 INFO L290 TraceCheckUtils]: 43: Hoare triple {3419#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3419#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:24,765 INFO L290 TraceCheckUtils]: 44: Hoare triple {3419#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {3195#false} is VALID [2022-02-20 17:58:24,765 INFO L290 TraceCheckUtils]: 45: Hoare triple {3195#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {3195#false} is VALID [2022-02-20 17:58:24,765 INFO L272 TraceCheckUtils]: 46: Hoare triple {3195#false} call sendEmail(~bob~0, ~rjh~0); {3195#false} is VALID [2022-02-20 17:58:24,765 INFO L290 TraceCheckUtils]: 47: Hoare triple {3195#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3195#false} is VALID [2022-02-20 17:58:24,766 INFO L272 TraceCheckUtils]: 48: Hoare triple {3195#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3195#false} is VALID [2022-02-20 17:58:24,766 INFO L290 TraceCheckUtils]: 49: Hoare triple {3195#false} ~handle := #in~handle;~value := #in~value; {3195#false} is VALID [2022-02-20 17:58:24,766 INFO L290 TraceCheckUtils]: 50: Hoare triple {3195#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3195#false} is VALID [2022-02-20 17:58:24,766 INFO L290 TraceCheckUtils]: 51: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,766 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3195#false} {3195#false} #1231#return; {3195#false} is VALID [2022-02-20 17:58:24,766 INFO L272 TraceCheckUtils]: 53: Hoare triple {3195#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3195#false} is VALID [2022-02-20 17:58:24,766 INFO L290 TraceCheckUtils]: 54: Hoare triple {3195#false} ~handle := #in~handle;~value := #in~value; {3195#false} is VALID [2022-02-20 17:58:24,766 INFO L290 TraceCheckUtils]: 55: Hoare triple {3195#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3195#false} is VALID [2022-02-20 17:58:24,766 INFO L290 TraceCheckUtils]: 56: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,767 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3195#false} {3195#false} #1233#return; {3195#false} is VALID [2022-02-20 17:58:24,767 INFO L290 TraceCheckUtils]: 58: Hoare triple {3195#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {3195#false} is VALID [2022-02-20 17:58:24,767 INFO L290 TraceCheckUtils]: 59: Hoare triple {3195#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {3195#false} is VALID [2022-02-20 17:58:24,767 INFO L272 TraceCheckUtils]: 60: Hoare triple {3195#false} call outgoing(~sender#1, ~email~0#1); {3195#false} is VALID [2022-02-20 17:58:24,767 INFO L290 TraceCheckUtils]: 61: Hoare triple {3195#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {3195#false} is VALID [2022-02-20 17:58:24,767 INFO L272 TraceCheckUtils]: 62: Hoare triple {3195#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {3195#false} is VALID [2022-02-20 17:58:24,767 INFO L290 TraceCheckUtils]: 63: Hoare triple {3195#false} ~handle := #in~handle;havoc ~retValue_acc~12; {3195#false} is VALID [2022-02-20 17:58:24,767 INFO L290 TraceCheckUtils]: 64: Hoare triple {3195#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {3195#false} is VALID [2022-02-20 17:58:24,767 INFO L290 TraceCheckUtils]: 65: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,768 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3195#false} {3195#false} #1161#return; {3195#false} is VALID [2022-02-20 17:58:24,768 INFO L290 TraceCheckUtils]: 67: Hoare triple {3195#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {3195#false} is VALID [2022-02-20 17:58:24,768 INFO L290 TraceCheckUtils]: 68: Hoare triple {3195#false} assume 0 == sign_~privkey~1#1; {3195#false} is VALID [2022-02-20 17:58:24,768 INFO L290 TraceCheckUtils]: 69: Hoare triple {3195#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {3195#false} is VALID [2022-02-20 17:58:24,768 INFO L272 TraceCheckUtils]: 70: Hoare triple {3195#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3195#false} is VALID [2022-02-20 17:58:24,768 INFO L290 TraceCheckUtils]: 71: Hoare triple {3195#false} ~handle := #in~handle;havoc ~retValue_acc~6; {3195#false} is VALID [2022-02-20 17:58:24,768 INFO L290 TraceCheckUtils]: 72: Hoare triple {3195#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {3195#false} is VALID [2022-02-20 17:58:24,768 INFO L290 TraceCheckUtils]: 73: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,768 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3195#false} {3195#false} #1163#return; {3195#false} is VALID [2022-02-20 17:58:24,769 INFO L290 TraceCheckUtils]: 75: Hoare triple {3195#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {3195#false} is VALID [2022-02-20 17:58:24,769 INFO L290 TraceCheckUtils]: 76: Hoare triple {3195#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {3195#false} is VALID [2022-02-20 17:58:24,769 INFO L290 TraceCheckUtils]: 77: Hoare triple {3195#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret88#1 := puts(35, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret88#1; {3195#false} is VALID [2022-02-20 17:58:24,769 INFO L272 TraceCheckUtils]: 78: Hoare triple {3195#false} call outgoing__wrappee__AddressBook_#t~ret89#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {3195#false} is VALID [2022-02-20 17:58:24,769 INFO L290 TraceCheckUtils]: 79: Hoare triple {3195#false} ~handle := #in~handle;havoc ~retValue_acc~24; {3195#false} is VALID [2022-02-20 17:58:24,769 INFO L290 TraceCheckUtils]: 80: Hoare triple {3195#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {3195#false} is VALID [2022-02-20 17:58:24,769 INFO L290 TraceCheckUtils]: 81: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,769 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3195#false} {3195#false} #1165#return; {3195#false} is VALID [2022-02-20 17:58:24,769 INFO L290 TraceCheckUtils]: 83: Hoare triple {3195#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~7#1 := outgoing__wrappee__AddressBook_#t~ret89#1;havoc outgoing__wrappee__AddressBook_#t~ret89#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~7#1;call outgoing__wrappee__AddressBook_#t~ret90#1 := puts(36, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret90#1; {3195#false} is VALID [2022-02-20 17:58:24,770 INFO L272 TraceCheckUtils]: 84: Hoare triple {3195#false} call outgoing__wrappee__AddressBook_#t~ret91#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {3195#false} is VALID [2022-02-20 17:58:24,770 INFO L290 TraceCheckUtils]: 85: Hoare triple {3195#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {3195#false} is VALID [2022-02-20 17:58:24,770 INFO L290 TraceCheckUtils]: 86: Hoare triple {3195#false} assume 1 == ~handle; {3195#false} is VALID [2022-02-20 17:58:24,770 INFO L290 TraceCheckUtils]: 87: Hoare triple {3195#false} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {3195#false} is VALID [2022-02-20 17:58:24,770 INFO L290 TraceCheckUtils]: 88: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,770 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {3195#false} {3195#false} #1167#return; {3195#false} is VALID [2022-02-20 17:58:24,770 INFO L290 TraceCheckUtils]: 90: Hoare triple {3195#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret91#1 && outgoing__wrappee__AddressBook_#t~ret91#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~3#1 := outgoing__wrappee__AddressBook_#t~ret91#1;havoc outgoing__wrappee__AddressBook_#t~ret91#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~3#1; {3195#false} is VALID [2022-02-20 17:58:24,770 INFO L272 TraceCheckUtils]: 91: Hoare triple {3195#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {3195#false} is VALID [2022-02-20 17:58:24,770 INFO L290 TraceCheckUtils]: 92: Hoare triple {3195#false} ~handle := #in~handle;~value := #in~value; {3195#false} is VALID [2022-02-20 17:58:24,771 INFO L290 TraceCheckUtils]: 93: Hoare triple {3195#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3195#false} is VALID [2022-02-20 17:58:24,771 INFO L290 TraceCheckUtils]: 94: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,771 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {3195#false} {3195#false} #1169#return; {3195#false} is VALID [2022-02-20 17:58:24,771 INFO L272 TraceCheckUtils]: 96: Hoare triple {3195#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3195#false} is VALID [2022-02-20 17:58:24,771 INFO L290 TraceCheckUtils]: 97: Hoare triple {3195#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {3195#false} is VALID [2022-02-20 17:58:24,771 INFO L272 TraceCheckUtils]: 98: Hoare triple {3195#false} call #t~ret85#1 := getEmailTo(~msg#1); {3195#false} is VALID [2022-02-20 17:58:24,771 INFO L290 TraceCheckUtils]: 99: Hoare triple {3195#false} ~handle := #in~handle;havoc ~retValue_acc~24; {3195#false} is VALID [2022-02-20 17:58:24,771 INFO L290 TraceCheckUtils]: 100: Hoare triple {3195#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {3195#false} is VALID [2022-02-20 17:58:24,771 INFO L290 TraceCheckUtils]: 101: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,772 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {3195#false} {3195#false} #1181#return; {3195#false} is VALID [2022-02-20 17:58:24,772 INFO L290 TraceCheckUtils]: 103: Hoare triple {3195#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {3195#false} is VALID [2022-02-20 17:58:24,772 INFO L272 TraceCheckUtils]: 104: Hoare triple {3195#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {3195#false} is VALID [2022-02-20 17:58:24,772 INFO L290 TraceCheckUtils]: 105: Hoare triple {3195#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {3195#false} is VALID [2022-02-20 17:58:24,772 INFO L290 TraceCheckUtils]: 106: Hoare triple {3195#false} assume 1 == ~handle; {3195#false} is VALID [2022-02-20 17:58:24,772 INFO L290 TraceCheckUtils]: 107: Hoare triple {3195#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {3195#false} is VALID [2022-02-20 17:58:24,772 INFO L290 TraceCheckUtils]: 108: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,772 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {3195#false} {3195#false} #1183#return; {3195#false} is VALID [2022-02-20 17:58:24,772 INFO L290 TraceCheckUtils]: 110: Hoare triple {3195#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {3195#false} is VALID [2022-02-20 17:58:24,773 INFO L290 TraceCheckUtils]: 111: Hoare triple {3195#false} assume !(0 != ~pubkey~0#1); {3195#false} is VALID [2022-02-20 17:58:24,773 INFO L290 TraceCheckUtils]: 112: Hoare triple {3195#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {3195#false} is VALID [2022-02-20 17:58:24,773 INFO L290 TraceCheckUtils]: 113: Hoare triple {3195#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {3195#false} is VALID [2022-02-20 17:58:24,773 INFO L290 TraceCheckUtils]: 114: Hoare triple {3195#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {3195#false} is VALID [2022-02-20 17:58:24,773 INFO L272 TraceCheckUtils]: 115: Hoare triple {3195#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {3195#false} is VALID [2022-02-20 17:58:24,773 INFO L290 TraceCheckUtils]: 116: Hoare triple {3195#false} ~handle := #in~handle;~value := #in~value; {3195#false} is VALID [2022-02-20 17:58:24,773 INFO L290 TraceCheckUtils]: 117: Hoare triple {3195#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3195#false} is VALID [2022-02-20 17:58:24,773 INFO L290 TraceCheckUtils]: 118: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,773 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {3195#false} {3195#false} #1189#return; {3195#false} is VALID [2022-02-20 17:58:24,774 INFO L290 TraceCheckUtils]: 120: Hoare triple {3195#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {3195#false} is VALID [2022-02-20 17:58:24,774 INFO L272 TraceCheckUtils]: 121: Hoare triple {3195#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {3195#false} is VALID [2022-02-20 17:58:24,774 INFO L290 TraceCheckUtils]: 122: Hoare triple {3195#false} ~handle := #in~handle;havoc ~retValue_acc~29; {3195#false} is VALID [2022-02-20 17:58:24,774 INFO L290 TraceCheckUtils]: 123: Hoare triple {3195#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {3195#false} is VALID [2022-02-20 17:58:24,774 INFO L290 TraceCheckUtils]: 124: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,774 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {3195#false} {3195#false} #1191#return; {3195#false} is VALID [2022-02-20 17:58:24,774 INFO L290 TraceCheckUtils]: 126: Hoare triple {3195#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {3195#false} is VALID [2022-02-20 17:58:24,774 INFO L290 TraceCheckUtils]: 127: Hoare triple {3195#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {3195#false} is VALID [2022-02-20 17:58:24,774 INFO L272 TraceCheckUtils]: 128: Hoare triple {3195#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {3195#false} is VALID [2022-02-20 17:58:24,775 INFO L290 TraceCheckUtils]: 129: Hoare triple {3195#false} ~handle := #in~handle;havoc ~retValue_acc~24; {3195#false} is VALID [2022-02-20 17:58:24,775 INFO L290 TraceCheckUtils]: 130: Hoare triple {3195#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {3195#false} is VALID [2022-02-20 17:58:24,775 INFO L290 TraceCheckUtils]: 131: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,775 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {3195#false} {3195#false} #1193#return; {3195#false} is VALID [2022-02-20 17:58:24,775 INFO L290 TraceCheckUtils]: 133: Hoare triple {3195#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {3195#false} is VALID [2022-02-20 17:58:24,775 INFO L272 TraceCheckUtils]: 134: Hoare triple {3195#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {3195#false} is VALID [2022-02-20 17:58:24,775 INFO L290 TraceCheckUtils]: 135: Hoare triple {3195#false} ~handle := #in~handle;havoc ~retValue_acc~12; {3195#false} is VALID [2022-02-20 17:58:24,775 INFO L290 TraceCheckUtils]: 136: Hoare triple {3195#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {3195#false} is VALID [2022-02-20 17:58:24,775 INFO L290 TraceCheckUtils]: 137: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,776 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {3195#false} {3195#false} #1195#return; {3195#false} is VALID [2022-02-20 17:58:24,776 INFO L290 TraceCheckUtils]: 139: Hoare triple {3195#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {3195#false} is VALID [2022-02-20 17:58:24,776 INFO L290 TraceCheckUtils]: 140: Hoare triple {3195#false} assume !(0 != incoming_~privkey~0#1); {3195#false} is VALID [2022-02-20 17:58:24,776 INFO L290 TraceCheckUtils]: 141: Hoare triple {3195#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {3195#false} is VALID [2022-02-20 17:58:24,776 INFO L290 TraceCheckUtils]: 142: Hoare triple {3195#false} assume 1 == ~sent_signed~0; {3195#false} is VALID [2022-02-20 17:58:24,776 INFO L272 TraceCheckUtils]: 143: Hoare triple {3195#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {3195#false} is VALID [2022-02-20 17:58:24,776 INFO L290 TraceCheckUtils]: 144: Hoare triple {3195#false} ~handle := #in~handle;havoc ~retValue_acc~23; {3195#false} is VALID [2022-02-20 17:58:24,776 INFO L290 TraceCheckUtils]: 145: Hoare triple {3195#false} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {3195#false} is VALID [2022-02-20 17:58:24,776 INFO L290 TraceCheckUtils]: 146: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,777 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {3195#false} {3195#false} #1207#return; {3195#false} is VALID [2022-02-20 17:58:24,777 INFO L290 TraceCheckUtils]: 148: Hoare triple {3195#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {3195#false} is VALID [2022-02-20 17:58:24,777 INFO L272 TraceCheckUtils]: 149: Hoare triple {3195#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {3195#false} is VALID [2022-02-20 17:58:24,777 INFO L290 TraceCheckUtils]: 150: Hoare triple {3195#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {3195#false} is VALID [2022-02-20 17:58:24,777 INFO L290 TraceCheckUtils]: 151: Hoare triple {3195#false} assume 1 == ~handle; {3195#false} is VALID [2022-02-20 17:58:24,777 INFO L290 TraceCheckUtils]: 152: Hoare triple {3195#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {3195#false} is VALID [2022-02-20 17:58:24,777 INFO L290 TraceCheckUtils]: 153: Hoare triple {3195#false} assume true; {3195#false} is VALID [2022-02-20 17:58:24,777 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {3195#false} {3195#false} #1209#return; {3195#false} is VALID [2022-02-20 17:58:24,777 INFO L290 TraceCheckUtils]: 155: Hoare triple {3195#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {3195#false} is VALID [2022-02-20 17:58:24,778 INFO L290 TraceCheckUtils]: 156: Hoare triple {3195#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {3195#false} is VALID [2022-02-20 17:58:24,778 INFO L272 TraceCheckUtils]: 157: Hoare triple {3195#false} call __automaton_fail(); {3195#false} is VALID [2022-02-20 17:58:24,778 INFO L290 TraceCheckUtils]: 158: Hoare triple {3195#false} assume !false; {3195#false} is VALID [2022-02-20 17:58:24,778 INFO L134 CoverageAnalysis]: Checked inductivity of 53 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 53 trivial. 0 not checked. [2022-02-20 17:58:24,778 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:24,778 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1375646541] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:24,778 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:24,779 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:24,779 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1460296955] [2022-02-20 17:58:24,779 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:24,781 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 159 [2022-02-20 17:58:24,782 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:24,782 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:24,868 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 128 edges. 128 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:24,868 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:24,868 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:24,869 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:24,869 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:24,869 INFO L87 Difference]: Start difference. First operand 411 states and 618 transitions. Second operand has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:25,370 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:25,370 INFO L93 Difference]: Finished difference Result 638 states and 936 transitions. [2022-02-20 17:58:25,371 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:25,371 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 159 [2022-02-20 17:58:25,371 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:25,371 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:25,380 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 936 transitions. [2022-02-20 17:58:25,381 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:25,389 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 936 transitions. [2022-02-20 17:58:25,390 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 936 transitions. [2022-02-20 17:58:25,975 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 936 edges. 936 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:25,986 INFO L225 Difference]: With dead ends: 638 [2022-02-20 17:58:25,986 INFO L226 Difference]: Without dead ends: 414 [2022-02-20 17:58:25,987 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 204 GetRequests, 196 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:25,988 INFO L933 BasicCegarLoop]: 616 mSDtfsCounter, 1 mSDsluCounter, 614 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1230 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:25,988 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1230 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:25,989 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 414 states. [2022-02-20 17:58:26,001 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 414 to 413. [2022-02-20 17:58:26,001 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:26,002 INFO L82 GeneralOperation]: Start isEquivalent. First operand 414 states. Second operand has 413 states, 316 states have (on average 1.5411392405063291) internal successors, (487), 321 states have internal predecessors, (487), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:58:26,003 INFO L74 IsIncluded]: Start isIncluded. First operand 414 states. Second operand has 413 states, 316 states have (on average 1.5411392405063291) internal successors, (487), 321 states have internal predecessors, (487), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:58:26,003 INFO L87 Difference]: Start difference. First operand 414 states. Second operand has 413 states, 316 states have (on average 1.5411392405063291) internal successors, (487), 321 states have internal predecessors, (487), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:58:26,016 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:26,017 INFO L93 Difference]: Finished difference Result 414 states and 621 transitions. [2022-02-20 17:58:26,017 INFO L276 IsEmpty]: Start isEmpty. Operand 414 states and 621 transitions. [2022-02-20 17:58:26,018 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:26,018 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:26,019 INFO L74 IsIncluded]: Start isIncluded. First operand has 413 states, 316 states have (on average 1.5411392405063291) internal successors, (487), 321 states have internal predecessors, (487), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 414 states. [2022-02-20 17:58:26,019 INFO L87 Difference]: Start difference. First operand has 413 states, 316 states have (on average 1.5411392405063291) internal successors, (487), 321 states have internal predecessors, (487), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) Second operand 414 states. [2022-02-20 17:58:26,032 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:26,032 INFO L93 Difference]: Finished difference Result 414 states and 621 transitions. [2022-02-20 17:58:26,032 INFO L276 IsEmpty]: Start isEmpty. Operand 414 states and 621 transitions. [2022-02-20 17:58:26,034 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:26,034 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:26,034 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:26,034 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:26,035 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 413 states, 316 states have (on average 1.5411392405063291) internal successors, (487), 321 states have internal predecessors, (487), 68 states have call successors, (68), 29 states have call predecessors, (68), 28 states have return successors, (65), 64 states have call predecessors, (65), 65 states have call successors, (65) [2022-02-20 17:58:26,049 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 413 states to 413 states and 620 transitions. [2022-02-20 17:58:26,049 INFO L78 Accepts]: Start accepts. Automaton has 413 states and 620 transitions. Word has length 159 [2022-02-20 17:58:26,050 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:26,050 INFO L470 AbstractCegarLoop]: Abstraction has 413 states and 620 transitions. [2022-02-20 17:58:26,050 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:26,050 INFO L276 IsEmpty]: Start isEmpty. Operand 413 states and 620 transitions. [2022-02-20 17:58:26,052 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 147 [2022-02-20 17:58:26,052 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:26,052 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:26,074 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:26,256 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:58:26,256 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:26,257 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:26,257 INFO L85 PathProgramCache]: Analyzing trace with hash 900213485, now seen corresponding path program 1 times [2022-02-20 17:58:26,257 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:26,257 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [687727762] [2022-02-20 17:58:26,257 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:26,257 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:26,285 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:26,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,328 INFO L290 TraceCheckUtils]: 0: Hoare triple {6110#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,328 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,328 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6033#true} #1245#return; {6033#true} is VALID [2022-02-20 17:58:26,334 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:26,335 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {6111#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,338 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6033#true} #1247#return; {6033#true} is VALID [2022-02-20 17:58:26,338 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:26,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,358 INFO L290 TraceCheckUtils]: 0: Hoare triple {6110#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6112#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:26,358 INFO L290 TraceCheckUtils]: 1: Hoare triple {6112#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6113#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:26,359 INFO L290 TraceCheckUtils]: 2: Hoare triple {6113#(= |setClientId_#in~handle| 1)} assume true; {6113#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:26,359 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6113#(= |setClientId_#in~handle| 1)} {6043#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1249#return; {6034#false} is VALID [2022-02-20 17:58:26,359 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:26,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {6111#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,363 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1251#return; {6034#false} is VALID [2022-02-20 17:58:26,363 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:26,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,366 INFO L290 TraceCheckUtils]: 0: Hoare triple {6110#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,366 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,367 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,367 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1253#return; {6034#false} is VALID [2022-02-20 17:58:26,367 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:26,369 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,371 INFO L290 TraceCheckUtils]: 0: Hoare triple {6111#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,371 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,372 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,372 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1255#return; {6034#false} is VALID [2022-02-20 17:58:26,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 17:58:26,379 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,381 INFO L290 TraceCheckUtils]: 0: Hoare triple {6114#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,381 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,381 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,382 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1231#return; {6034#false} is VALID [2022-02-20 17:58:26,389 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:58:26,390 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,392 INFO L290 TraceCheckUtils]: 0: Hoare triple {6115#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,392 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,393 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,393 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1233#return; {6034#false} is VALID [2022-02-20 17:58:26,393 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:58:26,394 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,397 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~12; {6033#true} is VALID [2022-02-20 17:58:26,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {6033#true} is VALID [2022-02-20 17:58:26,398 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,398 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1161#return; {6034#false} is VALID [2022-02-20 17:58:26,398 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:58:26,399 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,402 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~6; {6033#true} is VALID [2022-02-20 17:58:26,402 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {6033#true} is VALID [2022-02-20 17:58:26,403 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,403 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1163#return; {6034#false} is VALID [2022-02-20 17:58:26,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:58:26,404 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~24; {6033#true} is VALID [2022-02-20 17:58:26,406 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {6033#true} is VALID [2022-02-20 17:58:26,406 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,406 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1181#return; {6034#false} is VALID [2022-02-20 17:58:26,406 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:58:26,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,411 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {6033#true} is VALID [2022-02-20 17:58:26,411 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle; {6033#true} is VALID [2022-02-20 17:58:26,411 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {6033#true} is VALID [2022-02-20 17:58:26,411 INFO L290 TraceCheckUtils]: 3: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,412 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {6033#true} {6034#false} #1183#return; {6034#false} is VALID [2022-02-20 17:58:26,412 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:58:26,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,415 INFO L290 TraceCheckUtils]: 0: Hoare triple {6114#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,415 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,415 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,415 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1189#return; {6034#false} is VALID [2022-02-20 17:58:26,416 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:58:26,416 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,418 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~29; {6033#true} is VALID [2022-02-20 17:58:26,418 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {6033#true} is VALID [2022-02-20 17:58:26,418 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,418 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1191#return; {6034#false} is VALID [2022-02-20 17:58:26,418 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:26,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,421 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~24; {6033#true} is VALID [2022-02-20 17:58:26,421 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {6033#true} is VALID [2022-02-20 17:58:26,421 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,421 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1193#return; {6034#false} is VALID [2022-02-20 17:58:26,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 17:58:26,422 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,423 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~12; {6033#true} is VALID [2022-02-20 17:58:26,423 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {6033#true} is VALID [2022-02-20 17:58:26,423 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,423 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1195#return; {6034#false} is VALID [2022-02-20 17:58:26,424 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 17:58:26,424 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,426 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~23; {6033#true} is VALID [2022-02-20 17:58:26,426 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {6033#true} is VALID [2022-02-20 17:58:26,426 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,426 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6033#true} {6034#false} #1207#return; {6034#false} is VALID [2022-02-20 17:58:26,426 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 17:58:26,428 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,430 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {6033#true} is VALID [2022-02-20 17:58:26,430 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume 1 == ~handle; {6033#true} is VALID [2022-02-20 17:58:26,430 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {6033#true} is VALID [2022-02-20 17:58:26,431 INFO L290 TraceCheckUtils]: 3: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,431 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {6033#true} {6034#false} #1209#return; {6034#false} is VALID [2022-02-20 17:58:26,431 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {6033#true} is VALID [2022-02-20 17:58:26,431 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {6033#true} is VALID [2022-02-20 17:58:26,431 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6033#true} is VALID [2022-02-20 17:58:26,431 INFO L290 TraceCheckUtils]: 3: Hoare triple {6033#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {6033#true} is VALID [2022-02-20 17:58:26,431 INFO L290 TraceCheckUtils]: 4: Hoare triple {6033#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {6033#true} is VALID [2022-02-20 17:58:26,432 INFO L290 TraceCheckUtils]: 5: Hoare triple {6033#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6033#true} is VALID [2022-02-20 17:58:26,432 INFO L272 TraceCheckUtils]: 6: Hoare triple {6033#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6110#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:26,433 INFO L290 TraceCheckUtils]: 7: Hoare triple {6110#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,433 INFO L290 TraceCheckUtils]: 8: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,433 INFO L290 TraceCheckUtils]: 9: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,433 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6033#true} {6033#true} #1245#return; {6033#true} is VALID [2022-02-20 17:58:26,433 INFO L290 TraceCheckUtils]: 11: Hoare triple {6033#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6033#true} is VALID [2022-02-20 17:58:26,434 INFO L272 TraceCheckUtils]: 12: Hoare triple {6033#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6111#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:26,434 INFO L290 TraceCheckUtils]: 13: Hoare triple {6111#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,434 INFO L290 TraceCheckUtils]: 14: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,434 INFO L290 TraceCheckUtils]: 15: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,434 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6033#true} {6033#true} #1247#return; {6033#true} is VALID [2022-02-20 17:58:26,435 INFO L290 TraceCheckUtils]: 17: Hoare triple {6033#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6043#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:26,435 INFO L272 TraceCheckUtils]: 18: Hoare triple {6043#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6110#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:26,436 INFO L290 TraceCheckUtils]: 19: Hoare triple {6110#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6112#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:26,436 INFO L290 TraceCheckUtils]: 20: Hoare triple {6112#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6113#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:26,436 INFO L290 TraceCheckUtils]: 21: Hoare triple {6113#(= |setClientId_#in~handle| 1)} assume true; {6113#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:26,437 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6113#(= |setClientId_#in~handle| 1)} {6043#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1249#return; {6034#false} is VALID [2022-02-20 17:58:26,437 INFO L290 TraceCheckUtils]: 23: Hoare triple {6034#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {6034#false} is VALID [2022-02-20 17:58:26,437 INFO L272 TraceCheckUtils]: 24: Hoare triple {6034#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6111#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:26,437 INFO L290 TraceCheckUtils]: 25: Hoare triple {6111#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,437 INFO L290 TraceCheckUtils]: 26: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,437 INFO L290 TraceCheckUtils]: 27: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,438 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6033#true} {6034#false} #1251#return; {6034#false} is VALID [2022-02-20 17:58:26,438 INFO L290 TraceCheckUtils]: 29: Hoare triple {6034#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6034#false} is VALID [2022-02-20 17:58:26,438 INFO L272 TraceCheckUtils]: 30: Hoare triple {6034#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6110#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:26,438 INFO L290 TraceCheckUtils]: 31: Hoare triple {6110#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,438 INFO L290 TraceCheckUtils]: 32: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,438 INFO L290 TraceCheckUtils]: 33: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,438 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6033#true} {6034#false} #1253#return; {6034#false} is VALID [2022-02-20 17:58:26,438 INFO L290 TraceCheckUtils]: 35: Hoare triple {6034#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {6034#false} is VALID [2022-02-20 17:58:26,438 INFO L272 TraceCheckUtils]: 36: Hoare triple {6034#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6111#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:26,439 INFO L290 TraceCheckUtils]: 37: Hoare triple {6111#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,439 INFO L290 TraceCheckUtils]: 38: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,439 INFO L290 TraceCheckUtils]: 39: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,439 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6033#true} {6034#false} #1255#return; {6034#false} is VALID [2022-02-20 17:58:26,439 INFO L290 TraceCheckUtils]: 41: Hoare triple {6034#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {6034#false} is VALID [2022-02-20 17:58:26,439 INFO L290 TraceCheckUtils]: 42: Hoare triple {6034#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6034#false} is VALID [2022-02-20 17:58:26,439 INFO L290 TraceCheckUtils]: 43: Hoare triple {6034#false} assume !false; {6034#false} is VALID [2022-02-20 17:58:26,439 INFO L290 TraceCheckUtils]: 44: Hoare triple {6034#false} assume test_~splverifierCounter~0#1 < 4; {6034#false} is VALID [2022-02-20 17:58:26,439 INFO L290 TraceCheckUtils]: 45: Hoare triple {6034#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6034#false} is VALID [2022-02-20 17:58:26,440 INFO L290 TraceCheckUtils]: 46: Hoare triple {6034#false} assume !(0 == test_~op1~0#1); {6034#false} is VALID [2022-02-20 17:58:26,440 INFO L290 TraceCheckUtils]: 47: Hoare triple {6034#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {6034#false} is VALID [2022-02-20 17:58:26,440 INFO L290 TraceCheckUtils]: 48: Hoare triple {6034#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {6034#false} is VALID [2022-02-20 17:58:26,440 INFO L290 TraceCheckUtils]: 49: Hoare triple {6034#false} assume !false; {6034#false} is VALID [2022-02-20 17:58:26,440 INFO L290 TraceCheckUtils]: 50: Hoare triple {6034#false} assume !(test_~splverifierCounter~0#1 < 4); {6034#false} is VALID [2022-02-20 17:58:26,440 INFO L290 TraceCheckUtils]: 51: Hoare triple {6034#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {6034#false} is VALID [2022-02-20 17:58:26,440 INFO L272 TraceCheckUtils]: 52: Hoare triple {6034#false} call sendEmail(~bob~0, ~rjh~0); {6034#false} is VALID [2022-02-20 17:58:26,440 INFO L290 TraceCheckUtils]: 53: Hoare triple {6034#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6034#false} is VALID [2022-02-20 17:58:26,440 INFO L272 TraceCheckUtils]: 54: Hoare triple {6034#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6114#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:26,441 INFO L290 TraceCheckUtils]: 55: Hoare triple {6114#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,441 INFO L290 TraceCheckUtils]: 56: Hoare triple {6033#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,441 INFO L290 TraceCheckUtils]: 57: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,441 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {6033#true} {6034#false} #1231#return; {6034#false} is VALID [2022-02-20 17:58:26,441 INFO L272 TraceCheckUtils]: 59: Hoare triple {6034#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6115#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:26,441 INFO L290 TraceCheckUtils]: 60: Hoare triple {6115#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,441 INFO L290 TraceCheckUtils]: 61: Hoare triple {6033#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,441 INFO L290 TraceCheckUtils]: 62: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,441 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {6033#true} {6034#false} #1233#return; {6034#false} is VALID [2022-02-20 17:58:26,441 INFO L290 TraceCheckUtils]: 64: Hoare triple {6034#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {6034#false} is VALID [2022-02-20 17:58:26,442 INFO L290 TraceCheckUtils]: 65: Hoare triple {6034#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {6034#false} is VALID [2022-02-20 17:58:26,442 INFO L272 TraceCheckUtils]: 66: Hoare triple {6034#false} call outgoing(~sender#1, ~email~0#1); {6034#false} is VALID [2022-02-20 17:58:26,442 INFO L290 TraceCheckUtils]: 67: Hoare triple {6034#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {6034#false} is VALID [2022-02-20 17:58:26,442 INFO L272 TraceCheckUtils]: 68: Hoare triple {6034#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {6033#true} is VALID [2022-02-20 17:58:26,442 INFO L290 TraceCheckUtils]: 69: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~12; {6033#true} is VALID [2022-02-20 17:58:26,442 INFO L290 TraceCheckUtils]: 70: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {6033#true} is VALID [2022-02-20 17:58:26,442 INFO L290 TraceCheckUtils]: 71: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,442 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {6033#true} {6034#false} #1161#return; {6034#false} is VALID [2022-02-20 17:58:26,442 INFO L290 TraceCheckUtils]: 73: Hoare triple {6034#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {6034#false} is VALID [2022-02-20 17:58:26,443 INFO L290 TraceCheckUtils]: 74: Hoare triple {6034#false} assume 0 == sign_~privkey~1#1; {6034#false} is VALID [2022-02-20 17:58:26,443 INFO L290 TraceCheckUtils]: 75: Hoare triple {6034#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {6034#false} is VALID [2022-02-20 17:58:26,443 INFO L272 TraceCheckUtils]: 76: Hoare triple {6034#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {6033#true} is VALID [2022-02-20 17:58:26,443 INFO L290 TraceCheckUtils]: 77: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~6; {6033#true} is VALID [2022-02-20 17:58:26,443 INFO L290 TraceCheckUtils]: 78: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {6033#true} is VALID [2022-02-20 17:58:26,443 INFO L290 TraceCheckUtils]: 79: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,443 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {6033#true} {6034#false} #1163#return; {6034#false} is VALID [2022-02-20 17:58:26,443 INFO L290 TraceCheckUtils]: 81: Hoare triple {6034#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {6034#false} is VALID [2022-02-20 17:58:26,443 INFO L290 TraceCheckUtils]: 82: Hoare triple {6034#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {6034#false} is VALID [2022-02-20 17:58:26,444 INFO L272 TraceCheckUtils]: 83: Hoare triple {6034#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {6034#false} is VALID [2022-02-20 17:58:26,444 INFO L290 TraceCheckUtils]: 84: Hoare triple {6034#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {6034#false} is VALID [2022-02-20 17:58:26,444 INFO L272 TraceCheckUtils]: 85: Hoare triple {6034#false} call #t~ret85#1 := getEmailTo(~msg#1); {6033#true} is VALID [2022-02-20 17:58:26,444 INFO L290 TraceCheckUtils]: 86: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~24; {6033#true} is VALID [2022-02-20 17:58:26,444 INFO L290 TraceCheckUtils]: 87: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {6033#true} is VALID [2022-02-20 17:58:26,444 INFO L290 TraceCheckUtils]: 88: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,444 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {6033#true} {6034#false} #1181#return; {6034#false} is VALID [2022-02-20 17:58:26,444 INFO L290 TraceCheckUtils]: 90: Hoare triple {6034#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {6034#false} is VALID [2022-02-20 17:58:26,444 INFO L272 TraceCheckUtils]: 91: Hoare triple {6034#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {6033#true} is VALID [2022-02-20 17:58:26,444 INFO L290 TraceCheckUtils]: 92: Hoare triple {6033#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {6033#true} is VALID [2022-02-20 17:58:26,445 INFO L290 TraceCheckUtils]: 93: Hoare triple {6033#true} assume 1 == ~handle; {6033#true} is VALID [2022-02-20 17:58:26,445 INFO L290 TraceCheckUtils]: 94: Hoare triple {6033#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {6033#true} is VALID [2022-02-20 17:58:26,445 INFO L290 TraceCheckUtils]: 95: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,445 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {6033#true} {6034#false} #1183#return; {6034#false} is VALID [2022-02-20 17:58:26,445 INFO L290 TraceCheckUtils]: 97: Hoare triple {6034#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {6034#false} is VALID [2022-02-20 17:58:26,445 INFO L290 TraceCheckUtils]: 98: Hoare triple {6034#false} assume !(0 != ~pubkey~0#1); {6034#false} is VALID [2022-02-20 17:58:26,445 INFO L290 TraceCheckUtils]: 99: Hoare triple {6034#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {6034#false} is VALID [2022-02-20 17:58:26,445 INFO L290 TraceCheckUtils]: 100: Hoare triple {6034#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {6034#false} is VALID [2022-02-20 17:58:26,445 INFO L290 TraceCheckUtils]: 101: Hoare triple {6034#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {6034#false} is VALID [2022-02-20 17:58:26,446 INFO L272 TraceCheckUtils]: 102: Hoare triple {6034#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {6114#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:26,446 INFO L290 TraceCheckUtils]: 103: Hoare triple {6114#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:26,446 INFO L290 TraceCheckUtils]: 104: Hoare triple {6033#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:26,446 INFO L290 TraceCheckUtils]: 105: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,446 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {6033#true} {6034#false} #1189#return; {6034#false} is VALID [2022-02-20 17:58:26,446 INFO L290 TraceCheckUtils]: 107: Hoare triple {6034#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {6034#false} is VALID [2022-02-20 17:58:26,446 INFO L272 TraceCheckUtils]: 108: Hoare triple {6034#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {6033#true} is VALID [2022-02-20 17:58:26,446 INFO L290 TraceCheckUtils]: 109: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~29; {6033#true} is VALID [2022-02-20 17:58:26,446 INFO L290 TraceCheckUtils]: 110: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {6033#true} is VALID [2022-02-20 17:58:26,447 INFO L290 TraceCheckUtils]: 111: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,447 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {6033#true} {6034#false} #1191#return; {6034#false} is VALID [2022-02-20 17:58:26,447 INFO L290 TraceCheckUtils]: 113: Hoare triple {6034#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {6034#false} is VALID [2022-02-20 17:58:26,447 INFO L290 TraceCheckUtils]: 114: Hoare triple {6034#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {6034#false} is VALID [2022-02-20 17:58:26,447 INFO L272 TraceCheckUtils]: 115: Hoare triple {6034#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {6033#true} is VALID [2022-02-20 17:58:26,447 INFO L290 TraceCheckUtils]: 116: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~24; {6033#true} is VALID [2022-02-20 17:58:26,447 INFO L290 TraceCheckUtils]: 117: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {6033#true} is VALID [2022-02-20 17:58:26,447 INFO L290 TraceCheckUtils]: 118: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,447 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {6033#true} {6034#false} #1193#return; {6034#false} is VALID [2022-02-20 17:58:26,447 INFO L290 TraceCheckUtils]: 120: Hoare triple {6034#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {6034#false} is VALID [2022-02-20 17:58:26,448 INFO L272 TraceCheckUtils]: 121: Hoare triple {6034#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {6033#true} is VALID [2022-02-20 17:58:26,448 INFO L290 TraceCheckUtils]: 122: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~12; {6033#true} is VALID [2022-02-20 17:58:26,448 INFO L290 TraceCheckUtils]: 123: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {6033#true} is VALID [2022-02-20 17:58:26,448 INFO L290 TraceCheckUtils]: 124: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,448 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {6033#true} {6034#false} #1195#return; {6034#false} is VALID [2022-02-20 17:58:26,448 INFO L290 TraceCheckUtils]: 126: Hoare triple {6034#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {6034#false} is VALID [2022-02-20 17:58:26,448 INFO L290 TraceCheckUtils]: 127: Hoare triple {6034#false} assume !(0 != incoming_~privkey~0#1); {6034#false} is VALID [2022-02-20 17:58:26,448 INFO L290 TraceCheckUtils]: 128: Hoare triple {6034#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {6034#false} is VALID [2022-02-20 17:58:26,448 INFO L290 TraceCheckUtils]: 129: Hoare triple {6034#false} assume 1 == ~sent_signed~0; {6034#false} is VALID [2022-02-20 17:58:26,449 INFO L272 TraceCheckUtils]: 130: Hoare triple {6034#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {6033#true} is VALID [2022-02-20 17:58:26,449 INFO L290 TraceCheckUtils]: 131: Hoare triple {6033#true} ~handle := #in~handle;havoc ~retValue_acc~23; {6033#true} is VALID [2022-02-20 17:58:26,449 INFO L290 TraceCheckUtils]: 132: Hoare triple {6033#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {6033#true} is VALID [2022-02-20 17:58:26,449 INFO L290 TraceCheckUtils]: 133: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,449 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {6033#true} {6034#false} #1207#return; {6034#false} is VALID [2022-02-20 17:58:26,449 INFO L290 TraceCheckUtils]: 135: Hoare triple {6034#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {6034#false} is VALID [2022-02-20 17:58:26,449 INFO L272 TraceCheckUtils]: 136: Hoare triple {6034#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {6033#true} is VALID [2022-02-20 17:58:26,449 INFO L290 TraceCheckUtils]: 137: Hoare triple {6033#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {6033#true} is VALID [2022-02-20 17:58:26,449 INFO L290 TraceCheckUtils]: 138: Hoare triple {6033#true} assume 1 == ~handle; {6033#true} is VALID [2022-02-20 17:58:26,450 INFO L290 TraceCheckUtils]: 139: Hoare triple {6033#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {6033#true} is VALID [2022-02-20 17:58:26,450 INFO L290 TraceCheckUtils]: 140: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:26,450 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {6033#true} {6034#false} #1209#return; {6034#false} is VALID [2022-02-20 17:58:26,450 INFO L290 TraceCheckUtils]: 142: Hoare triple {6034#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {6034#false} is VALID [2022-02-20 17:58:26,450 INFO L290 TraceCheckUtils]: 143: Hoare triple {6034#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {6034#false} is VALID [2022-02-20 17:58:26,450 INFO L272 TraceCheckUtils]: 144: Hoare triple {6034#false} call __automaton_fail(); {6034#false} is VALID [2022-02-20 17:58:26,450 INFO L290 TraceCheckUtils]: 145: Hoare triple {6034#false} assume !false; {6034#false} is VALID [2022-02-20 17:58:26,452 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:26,453 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:26,453 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [687727762] [2022-02-20 17:58:26,453 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [687727762] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:26,454 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [585964243] [2022-02-20 17:58:26,454 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:26,454 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:26,454 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:26,464 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:26,465 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:58:26,681 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,685 INFO L263 TraceCheckSpWp]: Trace formula consists of 1260 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:58:26,729 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:26,736 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:27,019 INFO L290 TraceCheckUtils]: 0: Hoare triple {6033#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {6033#true} is VALID [2022-02-20 17:58:27,019 INFO L290 TraceCheckUtils]: 1: Hoare triple {6033#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {6033#true} is VALID [2022-02-20 17:58:27,019 INFO L290 TraceCheckUtils]: 2: Hoare triple {6033#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6033#true} is VALID [2022-02-20 17:58:27,019 INFO L290 TraceCheckUtils]: 3: Hoare triple {6033#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {6033#true} is VALID [2022-02-20 17:58:27,019 INFO L290 TraceCheckUtils]: 4: Hoare triple {6033#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {6033#true} is VALID [2022-02-20 17:58:27,019 INFO L290 TraceCheckUtils]: 5: Hoare triple {6033#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6033#true} is VALID [2022-02-20 17:58:27,020 INFO L272 TraceCheckUtils]: 6: Hoare triple {6033#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6033#true} is VALID [2022-02-20 17:58:27,020 INFO L290 TraceCheckUtils]: 7: Hoare triple {6033#true} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:27,020 INFO L290 TraceCheckUtils]: 8: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:27,020 INFO L290 TraceCheckUtils]: 9: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:27,020 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6033#true} {6033#true} #1245#return; {6033#true} is VALID [2022-02-20 17:58:27,020 INFO L290 TraceCheckUtils]: 11: Hoare triple {6033#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6033#true} is VALID [2022-02-20 17:58:27,020 INFO L272 TraceCheckUtils]: 12: Hoare triple {6033#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6033#true} is VALID [2022-02-20 17:58:27,020 INFO L290 TraceCheckUtils]: 13: Hoare triple {6033#true} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:27,020 INFO L290 TraceCheckUtils]: 14: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:27,021 INFO L290 TraceCheckUtils]: 15: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:27,021 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6033#true} {6033#true} #1247#return; {6033#true} is VALID [2022-02-20 17:58:27,021 INFO L290 TraceCheckUtils]: 17: Hoare triple {6033#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6033#true} is VALID [2022-02-20 17:58:27,021 INFO L272 TraceCheckUtils]: 18: Hoare triple {6033#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6033#true} is VALID [2022-02-20 17:58:27,021 INFO L290 TraceCheckUtils]: 19: Hoare triple {6033#true} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:27,021 INFO L290 TraceCheckUtils]: 20: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:27,021 INFO L290 TraceCheckUtils]: 21: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:27,021 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6033#true} {6033#true} #1249#return; {6033#true} is VALID [2022-02-20 17:58:27,021 INFO L290 TraceCheckUtils]: 23: Hoare triple {6033#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {6033#true} is VALID [2022-02-20 17:58:27,022 INFO L272 TraceCheckUtils]: 24: Hoare triple {6033#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6033#true} is VALID [2022-02-20 17:58:27,022 INFO L290 TraceCheckUtils]: 25: Hoare triple {6033#true} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:27,022 INFO L290 TraceCheckUtils]: 26: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:27,022 INFO L290 TraceCheckUtils]: 27: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:27,022 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6033#true} {6033#true} #1251#return; {6033#true} is VALID [2022-02-20 17:58:27,022 INFO L290 TraceCheckUtils]: 29: Hoare triple {6033#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6033#true} is VALID [2022-02-20 17:58:27,022 INFO L272 TraceCheckUtils]: 30: Hoare triple {6033#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6033#true} is VALID [2022-02-20 17:58:27,022 INFO L290 TraceCheckUtils]: 31: Hoare triple {6033#true} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:27,022 INFO L290 TraceCheckUtils]: 32: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:27,023 INFO L290 TraceCheckUtils]: 33: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:27,023 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6033#true} {6033#true} #1253#return; {6033#true} is VALID [2022-02-20 17:58:27,023 INFO L290 TraceCheckUtils]: 35: Hoare triple {6033#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {6033#true} is VALID [2022-02-20 17:58:27,023 INFO L272 TraceCheckUtils]: 36: Hoare triple {6033#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6033#true} is VALID [2022-02-20 17:58:27,023 INFO L290 TraceCheckUtils]: 37: Hoare triple {6033#true} ~handle := #in~handle;~value := #in~value; {6033#true} is VALID [2022-02-20 17:58:27,023 INFO L290 TraceCheckUtils]: 38: Hoare triple {6033#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6033#true} is VALID [2022-02-20 17:58:27,023 INFO L290 TraceCheckUtils]: 39: Hoare triple {6033#true} assume true; {6033#true} is VALID [2022-02-20 17:58:27,023 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6033#true} {6033#true} #1255#return; {6033#true} is VALID [2022-02-20 17:58:27,023 INFO L290 TraceCheckUtils]: 41: Hoare triple {6033#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {6033#true} is VALID [2022-02-20 17:58:27,024 INFO L290 TraceCheckUtils]: 42: Hoare triple {6033#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6245#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:27,024 INFO L290 TraceCheckUtils]: 43: Hoare triple {6245#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {6245#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:27,024 INFO L290 TraceCheckUtils]: 44: Hoare triple {6245#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {6245#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:27,025 INFO L290 TraceCheckUtils]: 45: Hoare triple {6245#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6245#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:27,025 INFO L290 TraceCheckUtils]: 46: Hoare triple {6245#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {6034#false} is VALID [2022-02-20 17:58:27,025 INFO L290 TraceCheckUtils]: 47: Hoare triple {6034#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {6034#false} is VALID [2022-02-20 17:58:27,025 INFO L290 TraceCheckUtils]: 48: Hoare triple {6034#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {6034#false} is VALID [2022-02-20 17:58:27,025 INFO L290 TraceCheckUtils]: 49: Hoare triple {6034#false} assume !false; {6034#false} is VALID [2022-02-20 17:58:27,025 INFO L290 TraceCheckUtils]: 50: Hoare triple {6034#false} assume !(test_~splverifierCounter~0#1 < 4); {6034#false} is VALID [2022-02-20 17:58:27,025 INFO L290 TraceCheckUtils]: 51: Hoare triple {6034#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {6034#false} is VALID [2022-02-20 17:58:27,025 INFO L272 TraceCheckUtils]: 52: Hoare triple {6034#false} call sendEmail(~bob~0, ~rjh~0); {6034#false} is VALID [2022-02-20 17:58:27,026 INFO L290 TraceCheckUtils]: 53: Hoare triple {6034#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6034#false} is VALID [2022-02-20 17:58:27,026 INFO L272 TraceCheckUtils]: 54: Hoare triple {6034#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6034#false} is VALID [2022-02-20 17:58:27,026 INFO L290 TraceCheckUtils]: 55: Hoare triple {6034#false} ~handle := #in~handle;~value := #in~value; {6034#false} is VALID [2022-02-20 17:58:27,026 INFO L290 TraceCheckUtils]: 56: Hoare triple {6034#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6034#false} is VALID [2022-02-20 17:58:27,026 INFO L290 TraceCheckUtils]: 57: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,026 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {6034#false} {6034#false} #1231#return; {6034#false} is VALID [2022-02-20 17:58:27,026 INFO L272 TraceCheckUtils]: 59: Hoare triple {6034#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6034#false} is VALID [2022-02-20 17:58:27,026 INFO L290 TraceCheckUtils]: 60: Hoare triple {6034#false} ~handle := #in~handle;~value := #in~value; {6034#false} is VALID [2022-02-20 17:58:27,026 INFO L290 TraceCheckUtils]: 61: Hoare triple {6034#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6034#false} is VALID [2022-02-20 17:58:27,027 INFO L290 TraceCheckUtils]: 62: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,027 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {6034#false} {6034#false} #1233#return; {6034#false} is VALID [2022-02-20 17:58:27,027 INFO L290 TraceCheckUtils]: 64: Hoare triple {6034#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {6034#false} is VALID [2022-02-20 17:58:27,027 INFO L290 TraceCheckUtils]: 65: Hoare triple {6034#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {6034#false} is VALID [2022-02-20 17:58:27,027 INFO L272 TraceCheckUtils]: 66: Hoare triple {6034#false} call outgoing(~sender#1, ~email~0#1); {6034#false} is VALID [2022-02-20 17:58:27,027 INFO L290 TraceCheckUtils]: 67: Hoare triple {6034#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {6034#false} is VALID [2022-02-20 17:58:27,027 INFO L272 TraceCheckUtils]: 68: Hoare triple {6034#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {6034#false} is VALID [2022-02-20 17:58:27,027 INFO L290 TraceCheckUtils]: 69: Hoare triple {6034#false} ~handle := #in~handle;havoc ~retValue_acc~12; {6034#false} is VALID [2022-02-20 17:58:27,027 INFO L290 TraceCheckUtils]: 70: Hoare triple {6034#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L290 TraceCheckUtils]: 71: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {6034#false} {6034#false} #1161#return; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L290 TraceCheckUtils]: 73: Hoare triple {6034#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L290 TraceCheckUtils]: 74: Hoare triple {6034#false} assume 0 == sign_~privkey~1#1; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L290 TraceCheckUtils]: 75: Hoare triple {6034#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L272 TraceCheckUtils]: 76: Hoare triple {6034#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L290 TraceCheckUtils]: 77: Hoare triple {6034#false} ~handle := #in~handle;havoc ~retValue_acc~6; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L290 TraceCheckUtils]: 78: Hoare triple {6034#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L290 TraceCheckUtils]: 79: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {6034#false} {6034#false} #1163#return; {6034#false} is VALID [2022-02-20 17:58:27,028 INFO L290 TraceCheckUtils]: 81: Hoare triple {6034#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 82: Hoare triple {6034#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L272 TraceCheckUtils]: 83: Hoare triple {6034#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 84: Hoare triple {6034#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L272 TraceCheckUtils]: 85: Hoare triple {6034#false} call #t~ret85#1 := getEmailTo(~msg#1); {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 86: Hoare triple {6034#false} ~handle := #in~handle;havoc ~retValue_acc~24; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 87: Hoare triple {6034#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 88: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {6034#false} {6034#false} #1181#return; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 90: Hoare triple {6034#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L272 TraceCheckUtils]: 91: Hoare triple {6034#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 92: Hoare triple {6034#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 93: Hoare triple {6034#false} assume 1 == ~handle; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 94: Hoare triple {6034#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 95: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {6034#false} {6034#false} #1183#return; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 97: Hoare triple {6034#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 98: Hoare triple {6034#false} assume !(0 != ~pubkey~0#1); {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 99: Hoare triple {6034#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 100: Hoare triple {6034#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {6034#false} is VALID [2022-02-20 17:58:27,029 INFO L290 TraceCheckUtils]: 101: Hoare triple {6034#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L272 TraceCheckUtils]: 102: Hoare triple {6034#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L290 TraceCheckUtils]: 103: Hoare triple {6034#false} ~handle := #in~handle;~value := #in~value; {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L290 TraceCheckUtils]: 104: Hoare triple {6034#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L290 TraceCheckUtils]: 105: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {6034#false} {6034#false} #1189#return; {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L290 TraceCheckUtils]: 107: Hoare triple {6034#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L272 TraceCheckUtils]: 108: Hoare triple {6034#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L290 TraceCheckUtils]: 109: Hoare triple {6034#false} ~handle := #in~handle;havoc ~retValue_acc~29; {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L290 TraceCheckUtils]: 110: Hoare triple {6034#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {6034#false} is VALID [2022-02-20 17:58:27,030 INFO L290 TraceCheckUtils]: 111: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,031 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {6034#false} {6034#false} #1191#return; {6034#false} is VALID [2022-02-20 17:58:27,031 INFO L290 TraceCheckUtils]: 113: Hoare triple {6034#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {6034#false} is VALID [2022-02-20 17:58:27,031 INFO L290 TraceCheckUtils]: 114: Hoare triple {6034#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {6034#false} is VALID [2022-02-20 17:58:27,031 INFO L272 TraceCheckUtils]: 115: Hoare triple {6034#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {6034#false} is VALID [2022-02-20 17:58:27,031 INFO L290 TraceCheckUtils]: 116: Hoare triple {6034#false} ~handle := #in~handle;havoc ~retValue_acc~24; {6034#false} is VALID [2022-02-20 17:58:27,031 INFO L290 TraceCheckUtils]: 117: Hoare triple {6034#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {6034#false} is VALID [2022-02-20 17:58:27,031 INFO L290 TraceCheckUtils]: 118: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,031 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {6034#false} {6034#false} #1193#return; {6034#false} is VALID [2022-02-20 17:58:27,031 INFO L290 TraceCheckUtils]: 120: Hoare triple {6034#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {6034#false} is VALID [2022-02-20 17:58:27,032 INFO L272 TraceCheckUtils]: 121: Hoare triple {6034#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {6034#false} is VALID [2022-02-20 17:58:27,032 INFO L290 TraceCheckUtils]: 122: Hoare triple {6034#false} ~handle := #in~handle;havoc ~retValue_acc~12; {6034#false} is VALID [2022-02-20 17:58:27,032 INFO L290 TraceCheckUtils]: 123: Hoare triple {6034#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {6034#false} is VALID [2022-02-20 17:58:27,032 INFO L290 TraceCheckUtils]: 124: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,032 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {6034#false} {6034#false} #1195#return; {6034#false} is VALID [2022-02-20 17:58:27,032 INFO L290 TraceCheckUtils]: 126: Hoare triple {6034#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {6034#false} is VALID [2022-02-20 17:58:27,032 INFO L290 TraceCheckUtils]: 127: Hoare triple {6034#false} assume !(0 != incoming_~privkey~0#1); {6034#false} is VALID [2022-02-20 17:58:27,032 INFO L290 TraceCheckUtils]: 128: Hoare triple {6034#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {6034#false} is VALID [2022-02-20 17:58:27,033 INFO L290 TraceCheckUtils]: 129: Hoare triple {6034#false} assume 1 == ~sent_signed~0; {6034#false} is VALID [2022-02-20 17:58:27,033 INFO L272 TraceCheckUtils]: 130: Hoare triple {6034#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {6034#false} is VALID [2022-02-20 17:58:27,033 INFO L290 TraceCheckUtils]: 131: Hoare triple {6034#false} ~handle := #in~handle;havoc ~retValue_acc~23; {6034#false} is VALID [2022-02-20 17:58:27,033 INFO L290 TraceCheckUtils]: 132: Hoare triple {6034#false} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {6034#false} is VALID [2022-02-20 17:58:27,033 INFO L290 TraceCheckUtils]: 133: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,033 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {6034#false} {6034#false} #1207#return; {6034#false} is VALID [2022-02-20 17:58:27,033 INFO L290 TraceCheckUtils]: 135: Hoare triple {6034#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {6034#false} is VALID [2022-02-20 17:58:27,033 INFO L272 TraceCheckUtils]: 136: Hoare triple {6034#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {6034#false} is VALID [2022-02-20 17:58:27,034 INFO L290 TraceCheckUtils]: 137: Hoare triple {6034#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {6034#false} is VALID [2022-02-20 17:58:27,034 INFO L290 TraceCheckUtils]: 138: Hoare triple {6034#false} assume 1 == ~handle; {6034#false} is VALID [2022-02-20 17:58:27,034 INFO L290 TraceCheckUtils]: 139: Hoare triple {6034#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {6034#false} is VALID [2022-02-20 17:58:27,034 INFO L290 TraceCheckUtils]: 140: Hoare triple {6034#false} assume true; {6034#false} is VALID [2022-02-20 17:58:27,034 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {6034#false} {6034#false} #1209#return; {6034#false} is VALID [2022-02-20 17:58:27,034 INFO L290 TraceCheckUtils]: 142: Hoare triple {6034#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {6034#false} is VALID [2022-02-20 17:58:27,034 INFO L290 TraceCheckUtils]: 143: Hoare triple {6034#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {6034#false} is VALID [2022-02-20 17:58:27,034 INFO L272 TraceCheckUtils]: 144: Hoare triple {6034#false} call __automaton_fail(); {6034#false} is VALID [2022-02-20 17:58:27,034 INFO L290 TraceCheckUtils]: 145: Hoare triple {6034#false} assume !false; {6034#false} is VALID [2022-02-20 17:58:27,035 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:27,035 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:27,035 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [585964243] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:27,035 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:27,035 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:27,036 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1577721261] [2022-02-20 17:58:27,036 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:27,036 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 146 [2022-02-20 17:58:27,037 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:27,037 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:27,120 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 121 edges. 121 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:27,120 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:27,120 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:27,121 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:27,121 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:27,121 INFO L87 Difference]: Start difference. First operand 413 states and 620 transitions. Second operand has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:27,663 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:27,663 INFO L93 Difference]: Finished difference Result 869 states and 1324 transitions. [2022-02-20 17:58:27,663 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:27,663 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 146 [2022-02-20 17:58:27,664 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:27,664 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:27,675 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1322 transitions. [2022-02-20 17:58:27,675 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:27,686 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1322 transitions. [2022-02-20 17:58:27,686 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1322 transitions. [2022-02-20 17:58:28,494 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1322 edges. 1322 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:28,507 INFO L225 Difference]: With dead ends: 869 [2022-02-20 17:58:28,507 INFO L226 Difference]: Without dead ends: 483 [2022-02-20 17:58:28,508 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 185 GetRequests, 177 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:28,508 INFO L933 BasicCegarLoop]: 641 mSDtfsCounter, 126 mSDsluCounter, 571 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1212 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:28,509 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1212 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:28,510 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 483 states. [2022-02-20 17:58:28,521 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 483 to 475. [2022-02-20 17:58:28,521 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:28,522 INFO L82 GeneralOperation]: Start isEquivalent. First operand 483 states. Second operand has 475 states, 364 states have (on average 1.5604395604395604) internal successors, (568), 369 states have internal predecessors, (568), 82 states have call successors, (82), 29 states have call predecessors, (82), 28 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) [2022-02-20 17:58:28,523 INFO L74 IsIncluded]: Start isIncluded. First operand 483 states. Second operand has 475 states, 364 states have (on average 1.5604395604395604) internal successors, (568), 369 states have internal predecessors, (568), 82 states have call successors, (82), 29 states have call predecessors, (82), 28 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) [2022-02-20 17:58:28,524 INFO L87 Difference]: Start difference. First operand 483 states. Second operand has 475 states, 364 states have (on average 1.5604395604395604) internal successors, (568), 369 states have internal predecessors, (568), 82 states have call successors, (82), 29 states have call predecessors, (82), 28 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) [2022-02-20 17:58:28,537 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:28,539 INFO L93 Difference]: Finished difference Result 483 states and 738 transitions. [2022-02-20 17:58:28,539 INFO L276 IsEmpty]: Start isEmpty. Operand 483 states and 738 transitions. [2022-02-20 17:58:28,545 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:28,546 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:28,547 INFO L74 IsIncluded]: Start isIncluded. First operand has 475 states, 364 states have (on average 1.5604395604395604) internal successors, (568), 369 states have internal predecessors, (568), 82 states have call successors, (82), 29 states have call predecessors, (82), 28 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) Second operand 483 states. [2022-02-20 17:58:28,548 INFO L87 Difference]: Start difference. First operand has 475 states, 364 states have (on average 1.5604395604395604) internal successors, (568), 369 states have internal predecessors, (568), 82 states have call successors, (82), 29 states have call predecessors, (82), 28 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) Second operand 483 states. [2022-02-20 17:58:28,562 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:28,563 INFO L93 Difference]: Finished difference Result 483 states and 738 transitions. [2022-02-20 17:58:28,563 INFO L276 IsEmpty]: Start isEmpty. Operand 483 states and 738 transitions. [2022-02-20 17:58:28,564 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:28,564 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:28,564 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:28,564 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:28,566 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 475 states, 364 states have (on average 1.5604395604395604) internal successors, (568), 369 states have internal predecessors, (568), 82 states have call successors, (82), 29 states have call predecessors, (82), 28 states have return successors, (79), 78 states have call predecessors, (79), 79 states have call successors, (79) [2022-02-20 17:58:28,581 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 475 states to 475 states and 729 transitions. [2022-02-20 17:58:28,582 INFO L78 Accepts]: Start accepts. Automaton has 475 states and 729 transitions. Word has length 146 [2022-02-20 17:58:28,582 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:28,582 INFO L470 AbstractCegarLoop]: Abstraction has 475 states and 729 transitions. [2022-02-20 17:58:28,583 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:28,583 INFO L276 IsEmpty]: Start isEmpty. Operand 475 states and 729 transitions. [2022-02-20 17:58:28,585 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 167 [2022-02-20 17:58:28,585 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:28,585 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:28,605 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:28,799 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:28,799 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:28,800 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:28,800 INFO L85 PathProgramCache]: Analyzing trace with hash 836825631, now seen corresponding path program 1 times [2022-02-20 17:58:28,800 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:28,800 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [815745501] [2022-02-20 17:58:28,800 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:28,800 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:28,835 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,875 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:28,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,879 INFO L290 TraceCheckUtils]: 0: Hoare triple {9462#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,879 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,879 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,879 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9372#true} #1245#return; {9372#true} is VALID [2022-02-20 17:58:28,884 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:28,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,888 INFO L290 TraceCheckUtils]: 0: Hoare triple {9463#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,888 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,888 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,889 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9372#true} #1247#return; {9372#true} is VALID [2022-02-20 17:58:28,889 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:28,891 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,902 INFO L290 TraceCheckUtils]: 0: Hoare triple {9462#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9464#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:28,903 INFO L290 TraceCheckUtils]: 1: Hoare triple {9464#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9465#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:28,903 INFO L290 TraceCheckUtils]: 2: Hoare triple {9465#(= |setClientId_#in~handle| 1)} assume true; {9465#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:28,904 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9465#(= |setClientId_#in~handle| 1)} {9382#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1249#return; {9373#false} is VALID [2022-02-20 17:58:28,904 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:28,906 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,908 INFO L290 TraceCheckUtils]: 0: Hoare triple {9463#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,908 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,908 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,908 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1251#return; {9373#false} is VALID [2022-02-20 17:58:28,908 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:28,910 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {9462#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,911 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,911 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,912 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1253#return; {9373#false} is VALID [2022-02-20 17:58:28,912 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:28,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,914 INFO L290 TraceCheckUtils]: 0: Hoare triple {9463#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,914 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,914 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,915 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1255#return; {9373#false} is VALID [2022-02-20 17:58:28,920 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:58:28,922 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {9466#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,925 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,925 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,926 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1231#return; {9373#false} is VALID [2022-02-20 17:58:28,932 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:58:28,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {9467#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,936 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,936 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1233#return; {9373#false} is VALID [2022-02-20 17:58:28,936 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:58:28,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,938 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~12; {9372#true} is VALID [2022-02-20 17:58:28,938 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {9372#true} is VALID [2022-02-20 17:58:28,938 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,938 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1161#return; {9373#false} is VALID [2022-02-20 17:58:28,938 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:58:28,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,940 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~6; {9372#true} is VALID [2022-02-20 17:58:28,940 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {9372#true} is VALID [2022-02-20 17:58:28,940 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,941 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1163#return; {9373#false} is VALID [2022-02-20 17:58:28,941 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:58:28,942 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,943 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,944 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,944 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,944 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1165#return; {9373#false} is VALID [2022-02-20 17:58:28,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:58:28,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,946 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {9372#true} is VALID [2022-02-20 17:58:28,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle; {9372#true} is VALID [2022-02-20 17:58:28,946 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {9372#true} is VALID [2022-02-20 17:58:28,946 INFO L290 TraceCheckUtils]: 3: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,947 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9372#true} {9373#false} #1167#return; {9373#false} is VALID [2022-02-20 17:58:28,947 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:58:28,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,950 INFO L290 TraceCheckUtils]: 0: Hoare triple {9467#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,951 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,951 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,951 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1169#return; {9373#false} is VALID [2022-02-20 17:58:28,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:58:28,952 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,954 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,954 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,954 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,954 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1181#return; {9373#false} is VALID [2022-02-20 17:58:28,954 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:58:28,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,956 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {9372#true} is VALID [2022-02-20 17:58:28,957 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle; {9372#true} is VALID [2022-02-20 17:58:28,957 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {9372#true} is VALID [2022-02-20 17:58:28,957 INFO L290 TraceCheckUtils]: 3: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,957 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9372#true} {9373#false} #1183#return; {9373#false} is VALID [2022-02-20 17:58:28,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 17:58:28,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,960 INFO L290 TraceCheckUtils]: 0: Hoare triple {9466#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,960 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,960 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,960 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1189#return; {9373#false} is VALID [2022-02-20 17:58:28,960 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:58:28,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,963 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~29; {9372#true} is VALID [2022-02-20 17:58:28,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {9372#true} is VALID [2022-02-20 17:58:28,963 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,963 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1191#return; {9373#false} is VALID [2022-02-20 17:58:28,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 17:58:28,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,966 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,966 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1193#return; {9373#false} is VALID [2022-02-20 17:58:28,966 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 17:58:28,967 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~12; {9372#true} is VALID [2022-02-20 17:58:28,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {9372#true} is VALID [2022-02-20 17:58:28,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,969 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1195#return; {9373#false} is VALID [2022-02-20 17:58:28,969 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 150 [2022-02-20 17:58:28,970 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,971 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~23; {9372#true} is VALID [2022-02-20 17:58:28,971 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {9372#true} is VALID [2022-02-20 17:58:28,971 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,971 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9372#true} {9373#false} #1207#return; {9373#false} is VALID [2022-02-20 17:58:28,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 156 [2022-02-20 17:58:28,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,974 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {9372#true} is VALID [2022-02-20 17:58:28,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume 1 == ~handle; {9372#true} is VALID [2022-02-20 17:58:28,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {9372#true} is VALID [2022-02-20 17:58:28,975 INFO L290 TraceCheckUtils]: 3: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,975 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {9372#true} {9373#false} #1209#return; {9373#false} is VALID [2022-02-20 17:58:28,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {9372#true} is VALID [2022-02-20 17:58:28,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {9372#true} is VALID [2022-02-20 17:58:28,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9372#true} is VALID [2022-02-20 17:58:28,975 INFO L290 TraceCheckUtils]: 3: Hoare triple {9372#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {9372#true} is VALID [2022-02-20 17:58:28,976 INFO L290 TraceCheckUtils]: 4: Hoare triple {9372#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {9372#true} is VALID [2022-02-20 17:58:28,976 INFO L290 TraceCheckUtils]: 5: Hoare triple {9372#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9372#true} is VALID [2022-02-20 17:58:28,976 INFO L272 TraceCheckUtils]: 6: Hoare triple {9372#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9462#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:28,976 INFO L290 TraceCheckUtils]: 7: Hoare triple {9462#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,977 INFO L290 TraceCheckUtils]: 8: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,977 INFO L290 TraceCheckUtils]: 9: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,977 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9372#true} {9372#true} #1245#return; {9372#true} is VALID [2022-02-20 17:58:28,977 INFO L290 TraceCheckUtils]: 11: Hoare triple {9372#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9372#true} is VALID [2022-02-20 17:58:28,978 INFO L272 TraceCheckUtils]: 12: Hoare triple {9372#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9463#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:28,978 INFO L290 TraceCheckUtils]: 13: Hoare triple {9463#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,978 INFO L290 TraceCheckUtils]: 14: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,978 INFO L290 TraceCheckUtils]: 15: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,978 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9372#true} {9372#true} #1247#return; {9372#true} is VALID [2022-02-20 17:58:28,978 INFO L290 TraceCheckUtils]: 17: Hoare triple {9372#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9382#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:28,979 INFO L272 TraceCheckUtils]: 18: Hoare triple {9382#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9462#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:28,979 INFO L290 TraceCheckUtils]: 19: Hoare triple {9462#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9464#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:28,980 INFO L290 TraceCheckUtils]: 20: Hoare triple {9464#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9465#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:28,980 INFO L290 TraceCheckUtils]: 21: Hoare triple {9465#(= |setClientId_#in~handle| 1)} assume true; {9465#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:28,980 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9465#(= |setClientId_#in~handle| 1)} {9382#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1249#return; {9373#false} is VALID [2022-02-20 17:58:28,980 INFO L290 TraceCheckUtils]: 23: Hoare triple {9373#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9373#false} is VALID [2022-02-20 17:58:28,981 INFO L272 TraceCheckUtils]: 24: Hoare triple {9373#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9463#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:28,981 INFO L290 TraceCheckUtils]: 25: Hoare triple {9463#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,981 INFO L290 TraceCheckUtils]: 26: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,981 INFO L290 TraceCheckUtils]: 27: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,981 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9372#true} {9373#false} #1251#return; {9373#false} is VALID [2022-02-20 17:58:28,981 INFO L290 TraceCheckUtils]: 29: Hoare triple {9373#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9373#false} is VALID [2022-02-20 17:58:28,981 INFO L272 TraceCheckUtils]: 30: Hoare triple {9373#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9462#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:28,981 INFO L290 TraceCheckUtils]: 31: Hoare triple {9462#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,981 INFO L290 TraceCheckUtils]: 32: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,982 INFO L290 TraceCheckUtils]: 33: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,982 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9372#true} {9373#false} #1253#return; {9373#false} is VALID [2022-02-20 17:58:28,982 INFO L290 TraceCheckUtils]: 35: Hoare triple {9373#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9373#false} is VALID [2022-02-20 17:58:28,982 INFO L272 TraceCheckUtils]: 36: Hoare triple {9373#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9463#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:28,982 INFO L290 TraceCheckUtils]: 37: Hoare triple {9463#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,982 INFO L290 TraceCheckUtils]: 38: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,982 INFO L290 TraceCheckUtils]: 39: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,982 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9372#true} {9373#false} #1255#return; {9373#false} is VALID [2022-02-20 17:58:28,982 INFO L290 TraceCheckUtils]: 41: Hoare triple {9373#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {9373#false} is VALID [2022-02-20 17:58:28,982 INFO L290 TraceCheckUtils]: 42: Hoare triple {9373#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9373#false} is VALID [2022-02-20 17:58:28,983 INFO L290 TraceCheckUtils]: 43: Hoare triple {9373#false} assume !false; {9373#false} is VALID [2022-02-20 17:58:28,983 INFO L290 TraceCheckUtils]: 44: Hoare triple {9373#false} assume test_~splverifierCounter~0#1 < 4; {9373#false} is VALID [2022-02-20 17:58:28,983 INFO L290 TraceCheckUtils]: 45: Hoare triple {9373#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9373#false} is VALID [2022-02-20 17:58:28,983 INFO L290 TraceCheckUtils]: 46: Hoare triple {9373#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {9373#false} is VALID [2022-02-20 17:58:28,983 INFO L290 TraceCheckUtils]: 47: Hoare triple {9373#false} assume !(0 != test_~tmp___9~0#1); {9373#false} is VALID [2022-02-20 17:58:28,983 INFO L290 TraceCheckUtils]: 48: Hoare triple {9373#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {9373#false} is VALID [2022-02-20 17:58:28,983 INFO L290 TraceCheckUtils]: 49: Hoare triple {9373#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9373#false} is VALID [2022-02-20 17:58:28,983 INFO L290 TraceCheckUtils]: 50: Hoare triple {9373#false} assume !false; {9373#false} is VALID [2022-02-20 17:58:28,984 INFO L290 TraceCheckUtils]: 51: Hoare triple {9373#false} assume !(test_~splverifierCounter~0#1 < 4); {9373#false} is VALID [2022-02-20 17:58:28,991 INFO L290 TraceCheckUtils]: 52: Hoare triple {9373#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {9373#false} is VALID [2022-02-20 17:58:28,992 INFO L272 TraceCheckUtils]: 53: Hoare triple {9373#false} call sendEmail(~bob~0, ~rjh~0); {9373#false} is VALID [2022-02-20 17:58:28,992 INFO L290 TraceCheckUtils]: 54: Hoare triple {9373#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9373#false} is VALID [2022-02-20 17:58:28,992 INFO L272 TraceCheckUtils]: 55: Hoare triple {9373#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9466#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:28,992 INFO L290 TraceCheckUtils]: 56: Hoare triple {9466#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,992 INFO L290 TraceCheckUtils]: 57: Hoare triple {9372#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,992 INFO L290 TraceCheckUtils]: 58: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,993 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {9372#true} {9373#false} #1231#return; {9373#false} is VALID [2022-02-20 17:58:28,993 INFO L272 TraceCheckUtils]: 60: Hoare triple {9373#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9467#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:28,993 INFO L290 TraceCheckUtils]: 61: Hoare triple {9467#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,993 INFO L290 TraceCheckUtils]: 62: Hoare triple {9372#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,993 INFO L290 TraceCheckUtils]: 63: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,993 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {9372#true} {9373#false} #1233#return; {9373#false} is VALID [2022-02-20 17:58:28,993 INFO L290 TraceCheckUtils]: 65: Hoare triple {9373#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {9373#false} is VALID [2022-02-20 17:58:28,993 INFO L290 TraceCheckUtils]: 66: Hoare triple {9373#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {9373#false} is VALID [2022-02-20 17:58:28,993 INFO L272 TraceCheckUtils]: 67: Hoare triple {9373#false} call outgoing(~sender#1, ~email~0#1); {9373#false} is VALID [2022-02-20 17:58:28,994 INFO L290 TraceCheckUtils]: 68: Hoare triple {9373#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {9373#false} is VALID [2022-02-20 17:58:28,994 INFO L272 TraceCheckUtils]: 69: Hoare triple {9373#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {9372#true} is VALID [2022-02-20 17:58:28,994 INFO L290 TraceCheckUtils]: 70: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~12; {9372#true} is VALID [2022-02-20 17:58:28,994 INFO L290 TraceCheckUtils]: 71: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {9372#true} is VALID [2022-02-20 17:58:28,994 INFO L290 TraceCheckUtils]: 72: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,994 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {9372#true} {9373#false} #1161#return; {9373#false} is VALID [2022-02-20 17:58:28,994 INFO L290 TraceCheckUtils]: 74: Hoare triple {9373#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {9373#false} is VALID [2022-02-20 17:58:28,994 INFO L290 TraceCheckUtils]: 75: Hoare triple {9373#false} assume 0 == sign_~privkey~1#1; {9373#false} is VALID [2022-02-20 17:58:28,994 INFO L290 TraceCheckUtils]: 76: Hoare triple {9373#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {9373#false} is VALID [2022-02-20 17:58:28,994 INFO L272 TraceCheckUtils]: 77: Hoare triple {9373#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {9372#true} is VALID [2022-02-20 17:58:28,995 INFO L290 TraceCheckUtils]: 78: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~6; {9372#true} is VALID [2022-02-20 17:58:28,995 INFO L290 TraceCheckUtils]: 79: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {9372#true} is VALID [2022-02-20 17:58:28,995 INFO L290 TraceCheckUtils]: 80: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,995 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {9372#true} {9373#false} #1163#return; {9373#false} is VALID [2022-02-20 17:58:28,995 INFO L290 TraceCheckUtils]: 82: Hoare triple {9373#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {9373#false} is VALID [2022-02-20 17:58:28,995 INFO L290 TraceCheckUtils]: 83: Hoare triple {9373#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {9373#false} is VALID [2022-02-20 17:58:28,995 INFO L290 TraceCheckUtils]: 84: Hoare triple {9373#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret88#1 := puts(35, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret88#1; {9373#false} is VALID [2022-02-20 17:58:28,995 INFO L272 TraceCheckUtils]: 85: Hoare triple {9373#false} call outgoing__wrappee__AddressBook_#t~ret89#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {9372#true} is VALID [2022-02-20 17:58:28,995 INFO L290 TraceCheckUtils]: 86: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,996 INFO L290 TraceCheckUtils]: 87: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,996 INFO L290 TraceCheckUtils]: 88: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,996 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {9372#true} {9373#false} #1165#return; {9373#false} is VALID [2022-02-20 17:58:28,996 INFO L290 TraceCheckUtils]: 90: Hoare triple {9373#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~7#1 := outgoing__wrappee__AddressBook_#t~ret89#1;havoc outgoing__wrappee__AddressBook_#t~ret89#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~7#1;call outgoing__wrappee__AddressBook_#t~ret90#1 := puts(36, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret90#1; {9373#false} is VALID [2022-02-20 17:58:28,996 INFO L272 TraceCheckUtils]: 91: Hoare triple {9373#false} call outgoing__wrappee__AddressBook_#t~ret91#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {9372#true} is VALID [2022-02-20 17:58:28,996 INFO L290 TraceCheckUtils]: 92: Hoare triple {9372#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {9372#true} is VALID [2022-02-20 17:58:28,996 INFO L290 TraceCheckUtils]: 93: Hoare triple {9372#true} assume 1 == ~handle; {9372#true} is VALID [2022-02-20 17:58:28,996 INFO L290 TraceCheckUtils]: 94: Hoare triple {9372#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {9372#true} is VALID [2022-02-20 17:58:28,996 INFO L290 TraceCheckUtils]: 95: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,997 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {9372#true} {9373#false} #1167#return; {9373#false} is VALID [2022-02-20 17:58:28,997 INFO L290 TraceCheckUtils]: 97: Hoare triple {9373#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret91#1 && outgoing__wrappee__AddressBook_#t~ret91#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~3#1 := outgoing__wrappee__AddressBook_#t~ret91#1;havoc outgoing__wrappee__AddressBook_#t~ret91#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~3#1; {9373#false} is VALID [2022-02-20 17:58:28,997 INFO L272 TraceCheckUtils]: 98: Hoare triple {9373#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {9467#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:28,997 INFO L290 TraceCheckUtils]: 99: Hoare triple {9467#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:28,997 INFO L290 TraceCheckUtils]: 100: Hoare triple {9372#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:28,997 INFO L290 TraceCheckUtils]: 101: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,997 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {9372#true} {9373#false} #1169#return; {9373#false} is VALID [2022-02-20 17:58:28,997 INFO L272 TraceCheckUtils]: 103: Hoare triple {9373#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {9373#false} is VALID [2022-02-20 17:58:28,997 INFO L290 TraceCheckUtils]: 104: Hoare triple {9373#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {9373#false} is VALID [2022-02-20 17:58:28,997 INFO L272 TraceCheckUtils]: 105: Hoare triple {9373#false} call #t~ret85#1 := getEmailTo(~msg#1); {9372#true} is VALID [2022-02-20 17:58:28,998 INFO L290 TraceCheckUtils]: 106: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,998 INFO L290 TraceCheckUtils]: 107: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:28,998 INFO L290 TraceCheckUtils]: 108: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,998 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {9372#true} {9373#false} #1181#return; {9373#false} is VALID [2022-02-20 17:58:28,998 INFO L290 TraceCheckUtils]: 110: Hoare triple {9373#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {9373#false} is VALID [2022-02-20 17:58:28,998 INFO L272 TraceCheckUtils]: 111: Hoare triple {9373#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {9372#true} is VALID [2022-02-20 17:58:28,998 INFO L290 TraceCheckUtils]: 112: Hoare triple {9372#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {9372#true} is VALID [2022-02-20 17:58:28,998 INFO L290 TraceCheckUtils]: 113: Hoare triple {9372#true} assume 1 == ~handle; {9372#true} is VALID [2022-02-20 17:58:28,998 INFO L290 TraceCheckUtils]: 114: Hoare triple {9372#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {9372#true} is VALID [2022-02-20 17:58:28,999 INFO L290 TraceCheckUtils]: 115: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:28,999 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {9372#true} {9373#false} #1183#return; {9373#false} is VALID [2022-02-20 17:58:28,999 INFO L290 TraceCheckUtils]: 117: Hoare triple {9373#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {9373#false} is VALID [2022-02-20 17:58:28,999 INFO L290 TraceCheckUtils]: 118: Hoare triple {9373#false} assume !(0 != ~pubkey~0#1); {9373#false} is VALID [2022-02-20 17:58:28,999 INFO L290 TraceCheckUtils]: 119: Hoare triple {9373#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {9373#false} is VALID [2022-02-20 17:58:28,999 INFO L290 TraceCheckUtils]: 120: Hoare triple {9373#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {9373#false} is VALID [2022-02-20 17:58:28,999 INFO L290 TraceCheckUtils]: 121: Hoare triple {9373#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {9373#false} is VALID [2022-02-20 17:58:28,999 INFO L272 TraceCheckUtils]: 122: Hoare triple {9373#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {9466#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:28,999 INFO L290 TraceCheckUtils]: 123: Hoare triple {9466#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:29,000 INFO L290 TraceCheckUtils]: 124: Hoare triple {9372#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:29,000 INFO L290 TraceCheckUtils]: 125: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:29,000 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {9372#true} {9373#false} #1189#return; {9373#false} is VALID [2022-02-20 17:58:29,000 INFO L290 TraceCheckUtils]: 127: Hoare triple {9373#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {9373#false} is VALID [2022-02-20 17:58:29,000 INFO L272 TraceCheckUtils]: 128: Hoare triple {9373#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {9372#true} is VALID [2022-02-20 17:58:29,000 INFO L290 TraceCheckUtils]: 129: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~29; {9372#true} is VALID [2022-02-20 17:58:29,000 INFO L290 TraceCheckUtils]: 130: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {9372#true} is VALID [2022-02-20 17:58:29,000 INFO L290 TraceCheckUtils]: 131: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:29,000 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {9372#true} {9373#false} #1191#return; {9373#false} is VALID [2022-02-20 17:58:29,001 INFO L290 TraceCheckUtils]: 133: Hoare triple {9373#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {9373#false} is VALID [2022-02-20 17:58:29,001 INFO L290 TraceCheckUtils]: 134: Hoare triple {9373#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {9373#false} is VALID [2022-02-20 17:58:29,001 INFO L272 TraceCheckUtils]: 135: Hoare triple {9373#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {9372#true} is VALID [2022-02-20 17:58:29,001 INFO L290 TraceCheckUtils]: 136: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:29,001 INFO L290 TraceCheckUtils]: 137: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {9372#true} is VALID [2022-02-20 17:58:29,001 INFO L290 TraceCheckUtils]: 138: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:29,001 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {9372#true} {9373#false} #1193#return; {9373#false} is VALID [2022-02-20 17:58:29,001 INFO L290 TraceCheckUtils]: 140: Hoare triple {9373#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {9373#false} is VALID [2022-02-20 17:58:29,001 INFO L272 TraceCheckUtils]: 141: Hoare triple {9373#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {9372#true} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 142: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~12; {9372#true} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 143: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {9372#true} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 144: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:29,002 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {9372#true} {9373#false} #1195#return; {9373#false} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 146: Hoare triple {9373#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {9373#false} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 147: Hoare triple {9373#false} assume !(0 != incoming_~privkey~0#1); {9373#false} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 148: Hoare triple {9373#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {9373#false} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 149: Hoare triple {9373#false} assume 1 == ~sent_signed~0; {9373#false} is VALID [2022-02-20 17:58:29,002 INFO L272 TraceCheckUtils]: 150: Hoare triple {9373#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {9372#true} is VALID [2022-02-20 17:58:29,003 INFO L290 TraceCheckUtils]: 151: Hoare triple {9372#true} ~handle := #in~handle;havoc ~retValue_acc~23; {9372#true} is VALID [2022-02-20 17:58:29,003 INFO L290 TraceCheckUtils]: 152: Hoare triple {9372#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {9372#true} is VALID [2022-02-20 17:58:29,003 INFO L290 TraceCheckUtils]: 153: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:29,003 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {9372#true} {9373#false} #1207#return; {9373#false} is VALID [2022-02-20 17:58:29,003 INFO L290 TraceCheckUtils]: 155: Hoare triple {9373#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {9373#false} is VALID [2022-02-20 17:58:29,003 INFO L272 TraceCheckUtils]: 156: Hoare triple {9373#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {9372#true} is VALID [2022-02-20 17:58:29,003 INFO L290 TraceCheckUtils]: 157: Hoare triple {9372#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {9372#true} is VALID [2022-02-20 17:58:29,003 INFO L290 TraceCheckUtils]: 158: Hoare triple {9372#true} assume 1 == ~handle; {9372#true} is VALID [2022-02-20 17:58:29,003 INFO L290 TraceCheckUtils]: 159: Hoare triple {9372#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {9372#true} is VALID [2022-02-20 17:58:29,004 INFO L290 TraceCheckUtils]: 160: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:29,004 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {9372#true} {9373#false} #1209#return; {9373#false} is VALID [2022-02-20 17:58:29,004 INFO L290 TraceCheckUtils]: 162: Hoare triple {9373#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {9373#false} is VALID [2022-02-20 17:58:29,004 INFO L290 TraceCheckUtils]: 163: Hoare triple {9373#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {9373#false} is VALID [2022-02-20 17:58:29,004 INFO L272 TraceCheckUtils]: 164: Hoare triple {9373#false} call __automaton_fail(); {9373#false} is VALID [2022-02-20 17:58:29,004 INFO L290 TraceCheckUtils]: 165: Hoare triple {9373#false} assume !false; {9373#false} is VALID [2022-02-20 17:58:29,004 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 49 trivial. 0 not checked. [2022-02-20 17:58:29,005 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:29,005 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [815745501] [2022-02-20 17:58:29,005 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [815745501] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:29,005 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1930887173] [2022-02-20 17:58:29,005 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:29,005 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:29,005 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:29,006 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:29,007 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:58:29,243 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:29,248 INFO L263 TraceCheckSpWp]: Trace formula consists of 1348 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:58:29,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:29,301 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:29,598 INFO L290 TraceCheckUtils]: 0: Hoare triple {9372#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {9372#true} is VALID [2022-02-20 17:58:29,598 INFO L290 TraceCheckUtils]: 1: Hoare triple {9372#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {9372#true} is VALID [2022-02-20 17:58:29,599 INFO L290 TraceCheckUtils]: 2: Hoare triple {9372#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9372#true} is VALID [2022-02-20 17:58:29,599 INFO L290 TraceCheckUtils]: 3: Hoare triple {9372#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {9372#true} is VALID [2022-02-20 17:58:29,599 INFO L290 TraceCheckUtils]: 4: Hoare triple {9372#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {9372#true} is VALID [2022-02-20 17:58:29,599 INFO L290 TraceCheckUtils]: 5: Hoare triple {9372#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {9372#true} is VALID [2022-02-20 17:58:29,599 INFO L272 TraceCheckUtils]: 6: Hoare triple {9372#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {9372#true} is VALID [2022-02-20 17:58:29,599 INFO L290 TraceCheckUtils]: 7: Hoare triple {9372#true} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:29,599 INFO L290 TraceCheckUtils]: 8: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:29,599 INFO L290 TraceCheckUtils]: 9: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:29,600 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9372#true} {9372#true} #1245#return; {9372#true} is VALID [2022-02-20 17:58:29,600 INFO L290 TraceCheckUtils]: 11: Hoare triple {9372#true} assume { :end_inline_setup_bob__wrappee__Base } true; {9372#true} is VALID [2022-02-20 17:58:29,600 INFO L272 TraceCheckUtils]: 12: Hoare triple {9372#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {9372#true} is VALID [2022-02-20 17:58:29,600 INFO L290 TraceCheckUtils]: 13: Hoare triple {9372#true} ~handle := #in~handle;~value := #in~value; {9372#true} is VALID [2022-02-20 17:58:29,600 INFO L290 TraceCheckUtils]: 14: Hoare triple {9372#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9372#true} is VALID [2022-02-20 17:58:29,600 INFO L290 TraceCheckUtils]: 15: Hoare triple {9372#true} assume true; {9372#true} is VALID [2022-02-20 17:58:29,600 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {9372#true} {9372#true} #1247#return; {9372#true} is VALID [2022-02-20 17:58:29,601 INFO L290 TraceCheckUtils]: 17: Hoare triple {9372#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {9522#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:29,601 INFO L272 TraceCheckUtils]: 18: Hoare triple {9522#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {9372#true} is VALID [2022-02-20 17:58:29,601 INFO L290 TraceCheckUtils]: 19: Hoare triple {9372#true} ~handle := #in~handle;~value := #in~value; {9529#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:58:29,601 INFO L290 TraceCheckUtils]: 20: Hoare triple {9529#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9533#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:29,602 INFO L290 TraceCheckUtils]: 21: Hoare triple {9533#(<= |setClientId_#in~handle| 1)} assume true; {9533#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:29,602 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {9533#(<= |setClientId_#in~handle| 1)} {9522#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1249#return; {9373#false} is VALID [2022-02-20 17:58:29,602 INFO L290 TraceCheckUtils]: 23: Hoare triple {9373#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {9373#false} is VALID [2022-02-20 17:58:29,602 INFO L272 TraceCheckUtils]: 24: Hoare triple {9373#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {9373#false} is VALID [2022-02-20 17:58:29,603 INFO L290 TraceCheckUtils]: 25: Hoare triple {9373#false} ~handle := #in~handle;~value := #in~value; {9373#false} is VALID [2022-02-20 17:58:29,603 INFO L290 TraceCheckUtils]: 26: Hoare triple {9373#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9373#false} is VALID [2022-02-20 17:58:29,603 INFO L290 TraceCheckUtils]: 27: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,603 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9373#false} {9373#false} #1251#return; {9373#false} is VALID [2022-02-20 17:58:29,603 INFO L290 TraceCheckUtils]: 29: Hoare triple {9373#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {9373#false} is VALID [2022-02-20 17:58:29,603 INFO L272 TraceCheckUtils]: 30: Hoare triple {9373#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {9373#false} is VALID [2022-02-20 17:58:29,603 INFO L290 TraceCheckUtils]: 31: Hoare triple {9373#false} ~handle := #in~handle;~value := #in~value; {9373#false} is VALID [2022-02-20 17:58:29,603 INFO L290 TraceCheckUtils]: 32: Hoare triple {9373#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {9373#false} is VALID [2022-02-20 17:58:29,603 INFO L290 TraceCheckUtils]: 33: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,604 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9373#false} {9373#false} #1253#return; {9373#false} is VALID [2022-02-20 17:58:29,604 INFO L290 TraceCheckUtils]: 35: Hoare triple {9373#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {9373#false} is VALID [2022-02-20 17:58:29,604 INFO L272 TraceCheckUtils]: 36: Hoare triple {9373#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {9373#false} is VALID [2022-02-20 17:58:29,604 INFO L290 TraceCheckUtils]: 37: Hoare triple {9373#false} ~handle := #in~handle;~value := #in~value; {9373#false} is VALID [2022-02-20 17:58:29,604 INFO L290 TraceCheckUtils]: 38: Hoare triple {9373#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {9373#false} is VALID [2022-02-20 17:58:29,604 INFO L290 TraceCheckUtils]: 39: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,604 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {9373#false} {9373#false} #1255#return; {9373#false} is VALID [2022-02-20 17:58:29,604 INFO L290 TraceCheckUtils]: 41: Hoare triple {9373#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {9373#false} is VALID [2022-02-20 17:58:29,605 INFO L290 TraceCheckUtils]: 42: Hoare triple {9373#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {9373#false} is VALID [2022-02-20 17:58:29,605 INFO L290 TraceCheckUtils]: 43: Hoare triple {9373#false} assume !false; {9373#false} is VALID [2022-02-20 17:58:29,605 INFO L290 TraceCheckUtils]: 44: Hoare triple {9373#false} assume test_~splverifierCounter~0#1 < 4; {9373#false} is VALID [2022-02-20 17:58:29,605 INFO L290 TraceCheckUtils]: 45: Hoare triple {9373#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {9373#false} is VALID [2022-02-20 17:58:29,605 INFO L290 TraceCheckUtils]: 46: Hoare triple {9373#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {9373#false} is VALID [2022-02-20 17:58:29,605 INFO L290 TraceCheckUtils]: 47: Hoare triple {9373#false} assume !(0 != test_~tmp___9~0#1); {9373#false} is VALID [2022-02-20 17:58:29,605 INFO L290 TraceCheckUtils]: 48: Hoare triple {9373#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {9373#false} is VALID [2022-02-20 17:58:29,605 INFO L290 TraceCheckUtils]: 49: Hoare triple {9373#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {9373#false} is VALID [2022-02-20 17:58:29,606 INFO L290 TraceCheckUtils]: 50: Hoare triple {9373#false} assume !false; {9373#false} is VALID [2022-02-20 17:58:29,606 INFO L290 TraceCheckUtils]: 51: Hoare triple {9373#false} assume !(test_~splverifierCounter~0#1 < 4); {9373#false} is VALID [2022-02-20 17:58:29,606 INFO L290 TraceCheckUtils]: 52: Hoare triple {9373#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {9373#false} is VALID [2022-02-20 17:58:29,606 INFO L272 TraceCheckUtils]: 53: Hoare triple {9373#false} call sendEmail(~bob~0, ~rjh~0); {9373#false} is VALID [2022-02-20 17:58:29,606 INFO L290 TraceCheckUtils]: 54: Hoare triple {9373#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {9373#false} is VALID [2022-02-20 17:58:29,606 INFO L272 TraceCheckUtils]: 55: Hoare triple {9373#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {9373#false} is VALID [2022-02-20 17:58:29,606 INFO L290 TraceCheckUtils]: 56: Hoare triple {9373#false} ~handle := #in~handle;~value := #in~value; {9373#false} is VALID [2022-02-20 17:58:29,606 INFO L290 TraceCheckUtils]: 57: Hoare triple {9373#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9373#false} is VALID [2022-02-20 17:58:29,606 INFO L290 TraceCheckUtils]: 58: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,607 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {9373#false} {9373#false} #1231#return; {9373#false} is VALID [2022-02-20 17:58:29,607 INFO L272 TraceCheckUtils]: 60: Hoare triple {9373#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {9373#false} is VALID [2022-02-20 17:58:29,607 INFO L290 TraceCheckUtils]: 61: Hoare triple {9373#false} ~handle := #in~handle;~value := #in~value; {9373#false} is VALID [2022-02-20 17:58:29,607 INFO L290 TraceCheckUtils]: 62: Hoare triple {9373#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9373#false} is VALID [2022-02-20 17:58:29,607 INFO L290 TraceCheckUtils]: 63: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,607 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {9373#false} {9373#false} #1233#return; {9373#false} is VALID [2022-02-20 17:58:29,607 INFO L290 TraceCheckUtils]: 65: Hoare triple {9373#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {9373#false} is VALID [2022-02-20 17:58:29,607 INFO L290 TraceCheckUtils]: 66: Hoare triple {9373#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {9373#false} is VALID [2022-02-20 17:58:29,607 INFO L272 TraceCheckUtils]: 67: Hoare triple {9373#false} call outgoing(~sender#1, ~email~0#1); {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L290 TraceCheckUtils]: 68: Hoare triple {9373#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L272 TraceCheckUtils]: 69: Hoare triple {9373#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L290 TraceCheckUtils]: 70: Hoare triple {9373#false} ~handle := #in~handle;havoc ~retValue_acc~12; {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L290 TraceCheckUtils]: 71: Hoare triple {9373#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L290 TraceCheckUtils]: 72: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {9373#false} {9373#false} #1161#return; {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L290 TraceCheckUtils]: 74: Hoare triple {9373#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L290 TraceCheckUtils]: 75: Hoare triple {9373#false} assume 0 == sign_~privkey~1#1; {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L290 TraceCheckUtils]: 76: Hoare triple {9373#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {9373#false} is VALID [2022-02-20 17:58:29,608 INFO L272 TraceCheckUtils]: 77: Hoare triple {9373#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {9373#false} is VALID [2022-02-20 17:58:29,609 INFO L290 TraceCheckUtils]: 78: Hoare triple {9373#false} ~handle := #in~handle;havoc ~retValue_acc~6; {9373#false} is VALID [2022-02-20 17:58:29,609 INFO L290 TraceCheckUtils]: 79: Hoare triple {9373#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {9373#false} is VALID [2022-02-20 17:58:29,609 INFO L290 TraceCheckUtils]: 80: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,609 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {9373#false} {9373#false} #1163#return; {9373#false} is VALID [2022-02-20 17:58:29,609 INFO L290 TraceCheckUtils]: 82: Hoare triple {9373#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {9373#false} is VALID [2022-02-20 17:58:29,609 INFO L290 TraceCheckUtils]: 83: Hoare triple {9373#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {9373#false} is VALID [2022-02-20 17:58:29,609 INFO L290 TraceCheckUtils]: 84: Hoare triple {9373#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret88#1 := puts(35, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret88#1; {9373#false} is VALID [2022-02-20 17:58:29,609 INFO L272 TraceCheckUtils]: 85: Hoare triple {9373#false} call outgoing__wrappee__AddressBook_#t~ret89#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {9373#false} is VALID [2022-02-20 17:58:29,609 INFO L290 TraceCheckUtils]: 86: Hoare triple {9373#false} ~handle := #in~handle;havoc ~retValue_acc~24; {9373#false} is VALID [2022-02-20 17:58:29,610 INFO L290 TraceCheckUtils]: 87: Hoare triple {9373#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {9373#false} is VALID [2022-02-20 17:58:29,610 INFO L290 TraceCheckUtils]: 88: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,610 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {9373#false} {9373#false} #1165#return; {9373#false} is VALID [2022-02-20 17:58:29,610 INFO L290 TraceCheckUtils]: 90: Hoare triple {9373#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~7#1 := outgoing__wrappee__AddressBook_#t~ret89#1;havoc outgoing__wrappee__AddressBook_#t~ret89#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~7#1;call outgoing__wrappee__AddressBook_#t~ret90#1 := puts(36, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret90#1; {9373#false} is VALID [2022-02-20 17:58:29,610 INFO L272 TraceCheckUtils]: 91: Hoare triple {9373#false} call outgoing__wrappee__AddressBook_#t~ret91#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {9373#false} is VALID [2022-02-20 17:58:29,610 INFO L290 TraceCheckUtils]: 92: Hoare triple {9373#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {9373#false} is VALID [2022-02-20 17:58:29,610 INFO L290 TraceCheckUtils]: 93: Hoare triple {9373#false} assume 1 == ~handle; {9373#false} is VALID [2022-02-20 17:58:29,610 INFO L290 TraceCheckUtils]: 94: Hoare triple {9373#false} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {9373#false} is VALID [2022-02-20 17:58:29,610 INFO L290 TraceCheckUtils]: 95: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,611 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {9373#false} {9373#false} #1167#return; {9373#false} is VALID [2022-02-20 17:58:29,611 INFO L290 TraceCheckUtils]: 97: Hoare triple {9373#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret91#1 && outgoing__wrappee__AddressBook_#t~ret91#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~3#1 := outgoing__wrappee__AddressBook_#t~ret91#1;havoc outgoing__wrappee__AddressBook_#t~ret91#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~3#1; {9373#false} is VALID [2022-02-20 17:58:29,611 INFO L272 TraceCheckUtils]: 98: Hoare triple {9373#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {9373#false} is VALID [2022-02-20 17:58:29,611 INFO L290 TraceCheckUtils]: 99: Hoare triple {9373#false} ~handle := #in~handle;~value := #in~value; {9373#false} is VALID [2022-02-20 17:58:29,611 INFO L290 TraceCheckUtils]: 100: Hoare triple {9373#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {9373#false} is VALID [2022-02-20 17:58:29,611 INFO L290 TraceCheckUtils]: 101: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,611 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {9373#false} {9373#false} #1169#return; {9373#false} is VALID [2022-02-20 17:58:29,611 INFO L272 TraceCheckUtils]: 103: Hoare triple {9373#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {9373#false} is VALID [2022-02-20 17:58:29,611 INFO L290 TraceCheckUtils]: 104: Hoare triple {9373#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {9373#false} is VALID [2022-02-20 17:58:29,612 INFO L272 TraceCheckUtils]: 105: Hoare triple {9373#false} call #t~ret85#1 := getEmailTo(~msg#1); {9373#false} is VALID [2022-02-20 17:58:29,612 INFO L290 TraceCheckUtils]: 106: Hoare triple {9373#false} ~handle := #in~handle;havoc ~retValue_acc~24; {9373#false} is VALID [2022-02-20 17:58:29,612 INFO L290 TraceCheckUtils]: 107: Hoare triple {9373#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {9373#false} is VALID [2022-02-20 17:58:29,612 INFO L290 TraceCheckUtils]: 108: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,612 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {9373#false} {9373#false} #1181#return; {9373#false} is VALID [2022-02-20 17:58:29,612 INFO L290 TraceCheckUtils]: 110: Hoare triple {9373#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {9373#false} is VALID [2022-02-20 17:58:29,612 INFO L272 TraceCheckUtils]: 111: Hoare triple {9373#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {9373#false} is VALID [2022-02-20 17:58:29,612 INFO L290 TraceCheckUtils]: 112: Hoare triple {9373#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {9373#false} is VALID [2022-02-20 17:58:29,612 INFO L290 TraceCheckUtils]: 113: Hoare triple {9373#false} assume 1 == ~handle; {9373#false} is VALID [2022-02-20 17:58:29,613 INFO L290 TraceCheckUtils]: 114: Hoare triple {9373#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {9373#false} is VALID [2022-02-20 17:58:29,613 INFO L290 TraceCheckUtils]: 115: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,613 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {9373#false} {9373#false} #1183#return; {9373#false} is VALID [2022-02-20 17:58:29,613 INFO L290 TraceCheckUtils]: 117: Hoare triple {9373#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {9373#false} is VALID [2022-02-20 17:58:29,613 INFO L290 TraceCheckUtils]: 118: Hoare triple {9373#false} assume !(0 != ~pubkey~0#1); {9373#false} is VALID [2022-02-20 17:58:29,613 INFO L290 TraceCheckUtils]: 119: Hoare triple {9373#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {9373#false} is VALID [2022-02-20 17:58:29,613 INFO L290 TraceCheckUtils]: 120: Hoare triple {9373#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {9373#false} is VALID [2022-02-20 17:58:29,613 INFO L290 TraceCheckUtils]: 121: Hoare triple {9373#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {9373#false} is VALID [2022-02-20 17:58:29,613 INFO L272 TraceCheckUtils]: 122: Hoare triple {9373#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {9373#false} is VALID [2022-02-20 17:58:29,614 INFO L290 TraceCheckUtils]: 123: Hoare triple {9373#false} ~handle := #in~handle;~value := #in~value; {9373#false} is VALID [2022-02-20 17:58:29,614 INFO L290 TraceCheckUtils]: 124: Hoare triple {9373#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {9373#false} is VALID [2022-02-20 17:58:29,614 INFO L290 TraceCheckUtils]: 125: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,614 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {9373#false} {9373#false} #1189#return; {9373#false} is VALID [2022-02-20 17:58:29,614 INFO L290 TraceCheckUtils]: 127: Hoare triple {9373#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {9373#false} is VALID [2022-02-20 17:58:29,614 INFO L272 TraceCheckUtils]: 128: Hoare triple {9373#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {9373#false} is VALID [2022-02-20 17:58:29,614 INFO L290 TraceCheckUtils]: 129: Hoare triple {9373#false} ~handle := #in~handle;havoc ~retValue_acc~29; {9373#false} is VALID [2022-02-20 17:58:29,614 INFO L290 TraceCheckUtils]: 130: Hoare triple {9373#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {9373#false} is VALID [2022-02-20 17:58:29,614 INFO L290 TraceCheckUtils]: 131: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,615 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {9373#false} {9373#false} #1191#return; {9373#false} is VALID [2022-02-20 17:58:29,615 INFO L290 TraceCheckUtils]: 133: Hoare triple {9373#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {9373#false} is VALID [2022-02-20 17:58:29,615 INFO L290 TraceCheckUtils]: 134: Hoare triple {9373#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {9373#false} is VALID [2022-02-20 17:58:29,615 INFO L272 TraceCheckUtils]: 135: Hoare triple {9373#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {9373#false} is VALID [2022-02-20 17:58:29,615 INFO L290 TraceCheckUtils]: 136: Hoare triple {9373#false} ~handle := #in~handle;havoc ~retValue_acc~24; {9373#false} is VALID [2022-02-20 17:58:29,615 INFO L290 TraceCheckUtils]: 137: Hoare triple {9373#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {9373#false} is VALID [2022-02-20 17:58:29,615 INFO L290 TraceCheckUtils]: 138: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,615 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {9373#false} {9373#false} #1193#return; {9373#false} is VALID [2022-02-20 17:58:29,615 INFO L290 TraceCheckUtils]: 140: Hoare triple {9373#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {9373#false} is VALID [2022-02-20 17:58:29,616 INFO L272 TraceCheckUtils]: 141: Hoare triple {9373#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {9373#false} is VALID [2022-02-20 17:58:29,616 INFO L290 TraceCheckUtils]: 142: Hoare triple {9373#false} ~handle := #in~handle;havoc ~retValue_acc~12; {9373#false} is VALID [2022-02-20 17:58:29,616 INFO L290 TraceCheckUtils]: 143: Hoare triple {9373#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {9373#false} is VALID [2022-02-20 17:58:29,616 INFO L290 TraceCheckUtils]: 144: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,616 INFO L284 TraceCheckUtils]: 145: Hoare quadruple {9373#false} {9373#false} #1195#return; {9373#false} is VALID [2022-02-20 17:58:29,616 INFO L290 TraceCheckUtils]: 146: Hoare triple {9373#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {9373#false} is VALID [2022-02-20 17:58:29,616 INFO L290 TraceCheckUtils]: 147: Hoare triple {9373#false} assume !(0 != incoming_~privkey~0#1); {9373#false} is VALID [2022-02-20 17:58:29,616 INFO L290 TraceCheckUtils]: 148: Hoare triple {9373#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {9373#false} is VALID [2022-02-20 17:58:29,616 INFO L290 TraceCheckUtils]: 149: Hoare triple {9373#false} assume 1 == ~sent_signed~0; {9373#false} is VALID [2022-02-20 17:58:29,617 INFO L272 TraceCheckUtils]: 150: Hoare triple {9373#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {9373#false} is VALID [2022-02-20 17:58:29,617 INFO L290 TraceCheckUtils]: 151: Hoare triple {9373#false} ~handle := #in~handle;havoc ~retValue_acc~23; {9373#false} is VALID [2022-02-20 17:58:29,617 INFO L290 TraceCheckUtils]: 152: Hoare triple {9373#false} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {9373#false} is VALID [2022-02-20 17:58:29,617 INFO L290 TraceCheckUtils]: 153: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,617 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {9373#false} {9373#false} #1207#return; {9373#false} is VALID [2022-02-20 17:58:29,617 INFO L290 TraceCheckUtils]: 155: Hoare triple {9373#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {9373#false} is VALID [2022-02-20 17:58:29,617 INFO L272 TraceCheckUtils]: 156: Hoare triple {9373#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {9373#false} is VALID [2022-02-20 17:58:29,617 INFO L290 TraceCheckUtils]: 157: Hoare triple {9373#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {9373#false} is VALID [2022-02-20 17:58:29,617 INFO L290 TraceCheckUtils]: 158: Hoare triple {9373#false} assume 1 == ~handle; {9373#false} is VALID [2022-02-20 17:58:29,618 INFO L290 TraceCheckUtils]: 159: Hoare triple {9373#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {9373#false} is VALID [2022-02-20 17:58:29,618 INFO L290 TraceCheckUtils]: 160: Hoare triple {9373#false} assume true; {9373#false} is VALID [2022-02-20 17:58:29,618 INFO L284 TraceCheckUtils]: 161: Hoare quadruple {9373#false} {9373#false} #1209#return; {9373#false} is VALID [2022-02-20 17:58:29,618 INFO L290 TraceCheckUtils]: 162: Hoare triple {9373#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {9373#false} is VALID [2022-02-20 17:58:29,618 INFO L290 TraceCheckUtils]: 163: Hoare triple {9373#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {9373#false} is VALID [2022-02-20 17:58:29,618 INFO L272 TraceCheckUtils]: 164: Hoare triple {9373#false} call __automaton_fail(); {9373#false} is VALID [2022-02-20 17:58:29,618 INFO L290 TraceCheckUtils]: 165: Hoare triple {9373#false} assume !false; {9373#false} is VALID [2022-02-20 17:58:29,619 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 17:58:29,619 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:29,619 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1930887173] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:29,619 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:29,619 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:58:29,619 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [989327969] [2022-02-20 17:58:29,619 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:29,620 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 24.25) internal successors, (97), 5 states have internal predecessors, (97), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) Word has length 166 [2022-02-20 17:58:29,620 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:29,620 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 24.25) internal successors, (97), 5 states have internal predecessors, (97), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:29,699 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 143 edges. 143 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:29,699 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:29,700 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:29,700 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:29,700 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:29,700 INFO L87 Difference]: Start difference. First operand 475 states and 729 transitions. Second operand has 5 states, 4 states have (on average 24.25) internal successors, (97), 5 states have internal predecessors, (97), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:30,694 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:30,694 INFO L93 Difference]: Finished difference Result 941 states and 1448 transitions. [2022-02-20 17:58:30,694 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:58:30,695 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 24.25) internal successors, (97), 5 states have internal predecessors, (97), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) Word has length 166 [2022-02-20 17:58:30,695 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:30,695 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 24.25) internal successors, (97), 5 states have internal predecessors, (97), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:30,704 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1226 transitions. [2022-02-20 17:58:30,704 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 24.25) internal successors, (97), 5 states have internal predecessors, (97), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:30,712 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1226 transitions. [2022-02-20 17:58:30,713 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1226 transitions. [2022-02-20 17:58:31,426 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1226 edges. 1226 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:31,439 INFO L225 Difference]: With dead ends: 941 [2022-02-20 17:58:31,439 INFO L226 Difference]: Without dead ends: 477 [2022-02-20 17:58:31,441 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 212 GetRequests, 201 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:58:31,441 INFO L933 BasicCegarLoop]: 609 mSDtfsCounter, 144 mSDsluCounter, 1661 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 167 SdHoareTripleChecker+Valid, 2270 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:31,441 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [167 Valid, 2270 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:31,442 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 477 states. [2022-02-20 17:58:31,499 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 477 to 477. [2022-02-20 17:58:31,500 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:31,501 INFO L82 GeneralOperation]: Start isEquivalent. First operand 477 states. Second operand has 477 states, 365 states have (on average 1.558904109589041) internal successors, (569), 371 states have internal predecessors, (569), 82 states have call successors, (82), 29 states have call predecessors, (82), 29 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) [2022-02-20 17:58:31,502 INFO L74 IsIncluded]: Start isIncluded. First operand 477 states. Second operand has 477 states, 365 states have (on average 1.558904109589041) internal successors, (569), 371 states have internal predecessors, (569), 82 states have call successors, (82), 29 states have call predecessors, (82), 29 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) [2022-02-20 17:58:31,503 INFO L87 Difference]: Start difference. First operand 477 states. Second operand has 477 states, 365 states have (on average 1.558904109589041) internal successors, (569), 371 states have internal predecessors, (569), 82 states have call successors, (82), 29 states have call predecessors, (82), 29 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) [2022-02-20 17:58:31,515 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:31,515 INFO L93 Difference]: Finished difference Result 477 states and 732 transitions. [2022-02-20 17:58:31,515 INFO L276 IsEmpty]: Start isEmpty. Operand 477 states and 732 transitions. [2022-02-20 17:58:31,516 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:31,517 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:31,518 INFO L74 IsIncluded]: Start isIncluded. First operand has 477 states, 365 states have (on average 1.558904109589041) internal successors, (569), 371 states have internal predecessors, (569), 82 states have call successors, (82), 29 states have call predecessors, (82), 29 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) Second operand 477 states. [2022-02-20 17:58:31,518 INFO L87 Difference]: Start difference. First operand has 477 states, 365 states have (on average 1.558904109589041) internal successors, (569), 371 states have internal predecessors, (569), 82 states have call successors, (82), 29 states have call predecessors, (82), 29 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) Second operand 477 states. [2022-02-20 17:58:31,531 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:31,531 INFO L93 Difference]: Finished difference Result 477 states and 732 transitions. [2022-02-20 17:58:31,531 INFO L276 IsEmpty]: Start isEmpty. Operand 477 states and 732 transitions. [2022-02-20 17:58:31,532 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:31,533 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:31,533 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:31,533 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:31,534 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 477 states, 365 states have (on average 1.558904109589041) internal successors, (569), 371 states have internal predecessors, (569), 82 states have call successors, (82), 29 states have call predecessors, (82), 29 states have return successors, (81), 78 states have call predecessors, (81), 79 states have call successors, (81) [2022-02-20 17:58:31,548 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 477 states to 477 states and 732 transitions. [2022-02-20 17:58:31,549 INFO L78 Accepts]: Start accepts. Automaton has 477 states and 732 transitions. Word has length 166 [2022-02-20 17:58:31,549 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:31,549 INFO L470 AbstractCegarLoop]: Abstraction has 477 states and 732 transitions. [2022-02-20 17:58:31,549 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 24.25) internal successors, (97), 5 states have internal predecessors, (97), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:31,549 INFO L276 IsEmpty]: Start isEmpty. Operand 477 states and 732 transitions. [2022-02-20 17:58:31,551 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 168 [2022-02-20 17:58:31,551 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:31,551 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:31,569 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2022-02-20 17:58:31,767 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:31,767 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:31,768 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:31,768 INFO L85 PathProgramCache]: Analyzing trace with hash 1410910107, now seen corresponding path program 1 times [2022-02-20 17:58:31,768 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:31,768 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1841262819] [2022-02-20 17:58:31,768 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:31,768 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:31,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,845 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:31,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,848 INFO L290 TraceCheckUtils]: 0: Hoare triple {12978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,848 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,848 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,848 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12886#true} #1245#return; {12886#true} is VALID [2022-02-20 17:58:31,853 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:31,854 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,855 INFO L290 TraceCheckUtils]: 0: Hoare triple {12979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,856 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,856 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,856 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12886#true} #1247#return; {12886#true} is VALID [2022-02-20 17:58:31,856 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:31,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,870 INFO L290 TraceCheckUtils]: 0: Hoare triple {12978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,870 INFO L290 TraceCheckUtils]: 1: Hoare triple {12980#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,871 INFO L290 TraceCheckUtils]: 2: Hoare triple {12980#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12981#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,871 INFO L290 TraceCheckUtils]: 3: Hoare triple {12981#(= 2 |setClientId_#in~handle|)} assume true; {12981#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,872 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12981#(= 2 |setClientId_#in~handle|)} {12896#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1249#return; {12902#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:31,872 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:31,874 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,900 INFO L290 TraceCheckUtils]: 0: Hoare triple {12979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12982#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:31,901 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12983#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:31,901 INFO L290 TraceCheckUtils]: 2: Hoare triple {12983#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12983#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:31,902 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12983#(= |setClientPrivateKey_#in~handle| 1)} {12902#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1251#return; {12887#false} is VALID [2022-02-20 17:58:31,902 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:58:31,903 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,905 INFO L290 TraceCheckUtils]: 0: Hoare triple {12978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,905 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,905 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,905 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1253#return; {12887#false} is VALID [2022-02-20 17:58:31,905 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:58:31,906 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,908 INFO L290 TraceCheckUtils]: 0: Hoare triple {12979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,908 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,908 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,908 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1255#return; {12887#false} is VALID [2022-02-20 17:58:31,916 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 17:58:31,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,919 INFO L290 TraceCheckUtils]: 0: Hoare triple {12984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,919 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,919 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,919 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1231#return; {12887#false} is VALID [2022-02-20 17:58:31,927 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:31,927 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,930 INFO L290 TraceCheckUtils]: 0: Hoare triple {12985#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,930 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,930 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,930 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1233#return; {12887#false} is VALID [2022-02-20 17:58:31,930 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:58:31,931 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~12; {12886#true} is VALID [2022-02-20 17:58:31,932 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {12886#true} is VALID [2022-02-20 17:58:31,933 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,933 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1161#return; {12887#false} is VALID [2022-02-20 17:58:31,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:58:31,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~6; {12886#true} is VALID [2022-02-20 17:58:31,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {12886#true} is VALID [2022-02-20 17:58:31,935 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,935 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1163#return; {12887#false} is VALID [2022-02-20 17:58:31,935 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:58:31,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,937 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,937 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,937 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,937 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1165#return; {12887#false} is VALID [2022-02-20 17:58:31,937 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:58:31,938 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,939 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {12886#true} is VALID [2022-02-20 17:58:31,939 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle; {12886#true} is VALID [2022-02-20 17:58:31,940 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {12886#true} is VALID [2022-02-20 17:58:31,940 INFO L290 TraceCheckUtils]: 3: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,940 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12886#true} {12887#false} #1167#return; {12887#false} is VALID [2022-02-20 17:58:31,940 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:58:31,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,942 INFO L290 TraceCheckUtils]: 0: Hoare triple {12985#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,942 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,942 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,942 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1169#return; {12887#false} is VALID [2022-02-20 17:58:31,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:58:31,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,945 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,945 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,945 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1181#return; {12887#false} is VALID [2022-02-20 17:58:31,945 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:58:31,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {12886#true} is VALID [2022-02-20 17:58:31,949 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle; {12886#true} is VALID [2022-02-20 17:58:31,949 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {12886#true} is VALID [2022-02-20 17:58:31,949 INFO L290 TraceCheckUtils]: 3: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,949 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12886#true} {12887#false} #1183#return; {12887#false} is VALID [2022-02-20 17:58:31,949 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:58:31,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {12984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,953 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,953 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1189#return; {12887#false} is VALID [2022-02-20 17:58:31,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:58:31,954 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,955 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~29; {12886#true} is VALID [2022-02-20 17:58:31,955 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {12886#true} is VALID [2022-02-20 17:58:31,956 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,956 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1191#return; {12887#false} is VALID [2022-02-20 17:58:31,956 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 17:58:31,956 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,959 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,959 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,960 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,960 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1193#return; {12887#false} is VALID [2022-02-20 17:58:31,960 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 17:58:31,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,964 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~12; {12886#true} is VALID [2022-02-20 17:58:31,964 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {12886#true} is VALID [2022-02-20 17:58:31,964 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,964 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1195#return; {12887#false} is VALID [2022-02-20 17:58:31,965 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 151 [2022-02-20 17:58:31,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~23; {12886#true} is VALID [2022-02-20 17:58:31,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {12886#true} is VALID [2022-02-20 17:58:31,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,967 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12886#true} {12887#false} #1207#return; {12887#false} is VALID [2022-02-20 17:58:31,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-02-20 17:58:31,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,971 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {12886#true} is VALID [2022-02-20 17:58:31,971 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume 1 == ~handle; {12886#true} is VALID [2022-02-20 17:58:31,971 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {12886#true} is VALID [2022-02-20 17:58:31,971 INFO L290 TraceCheckUtils]: 3: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,972 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {12886#true} {12887#false} #1209#return; {12887#false} is VALID [2022-02-20 17:58:31,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {12886#true} is VALID [2022-02-20 17:58:31,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {12886#true} is VALID [2022-02-20 17:58:31,972 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12886#true} is VALID [2022-02-20 17:58:31,972 INFO L290 TraceCheckUtils]: 3: Hoare triple {12886#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {12886#true} is VALID [2022-02-20 17:58:31,972 INFO L290 TraceCheckUtils]: 4: Hoare triple {12886#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {12886#true} is VALID [2022-02-20 17:58:31,972 INFO L290 TraceCheckUtils]: 5: Hoare triple {12886#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12886#true} is VALID [2022-02-20 17:58:31,973 INFO L272 TraceCheckUtils]: 6: Hoare triple {12886#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,973 INFO L290 TraceCheckUtils]: 7: Hoare triple {12978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,973 INFO L290 TraceCheckUtils]: 8: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,973 INFO L290 TraceCheckUtils]: 9: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,974 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12886#true} {12886#true} #1245#return; {12886#true} is VALID [2022-02-20 17:58:31,974 INFO L290 TraceCheckUtils]: 11: Hoare triple {12886#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12886#true} is VALID [2022-02-20 17:58:31,974 INFO L272 TraceCheckUtils]: 12: Hoare triple {12886#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:31,975 INFO L290 TraceCheckUtils]: 13: Hoare triple {12979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,975 INFO L290 TraceCheckUtils]: 14: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,975 INFO L290 TraceCheckUtils]: 15: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,975 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12886#true} {12886#true} #1247#return; {12886#true} is VALID [2022-02-20 17:58:31,975 INFO L290 TraceCheckUtils]: 17: Hoare triple {12886#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {12896#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:31,976 INFO L272 TraceCheckUtils]: 18: Hoare triple {12896#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,976 INFO L290 TraceCheckUtils]: 19: Hoare triple {12978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,976 INFO L290 TraceCheckUtils]: 20: Hoare triple {12980#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {12980#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,977 INFO L290 TraceCheckUtils]: 21: Hoare triple {12980#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12981#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,977 INFO L290 TraceCheckUtils]: 22: Hoare triple {12981#(= 2 |setClientId_#in~handle|)} assume true; {12981#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,977 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12981#(= 2 |setClientId_#in~handle|)} {12896#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1249#return; {12902#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:31,978 INFO L290 TraceCheckUtils]: 24: Hoare triple {12902#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {12902#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:31,978 INFO L272 TraceCheckUtils]: 25: Hoare triple {12902#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:31,979 INFO L290 TraceCheckUtils]: 26: Hoare triple {12979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12982#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:31,979 INFO L290 TraceCheckUtils]: 27: Hoare triple {12982#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12983#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:31,979 INFO L290 TraceCheckUtils]: 28: Hoare triple {12983#(= |setClientPrivateKey_#in~handle| 1)} assume true; {12983#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:31,980 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {12983#(= |setClientPrivateKey_#in~handle| 1)} {12902#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1251#return; {12887#false} is VALID [2022-02-20 17:58:31,980 INFO L290 TraceCheckUtils]: 30: Hoare triple {12887#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12887#false} is VALID [2022-02-20 17:58:31,980 INFO L272 TraceCheckUtils]: 31: Hoare triple {12887#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,980 INFO L290 TraceCheckUtils]: 32: Hoare triple {12978#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,980 INFO L290 TraceCheckUtils]: 33: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,980 INFO L290 TraceCheckUtils]: 34: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,980 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12886#true} {12887#false} #1253#return; {12887#false} is VALID [2022-02-20 17:58:31,980 INFO L290 TraceCheckUtils]: 36: Hoare triple {12887#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12887#false} is VALID [2022-02-20 17:58:31,980 INFO L272 TraceCheckUtils]: 37: Hoare triple {12887#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:31,981 INFO L290 TraceCheckUtils]: 38: Hoare triple {12979#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,981 INFO L290 TraceCheckUtils]: 39: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,981 INFO L290 TraceCheckUtils]: 40: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,981 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12886#true} {12887#false} #1255#return; {12887#false} is VALID [2022-02-20 17:58:31,981 INFO L290 TraceCheckUtils]: 42: Hoare triple {12887#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {12887#false} is VALID [2022-02-20 17:58:31,981 INFO L290 TraceCheckUtils]: 43: Hoare triple {12887#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12887#false} is VALID [2022-02-20 17:58:31,981 INFO L290 TraceCheckUtils]: 44: Hoare triple {12887#false} assume !false; {12887#false} is VALID [2022-02-20 17:58:31,981 INFO L290 TraceCheckUtils]: 45: Hoare triple {12887#false} assume test_~splverifierCounter~0#1 < 4; {12887#false} is VALID [2022-02-20 17:58:31,981 INFO L290 TraceCheckUtils]: 46: Hoare triple {12887#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12887#false} is VALID [2022-02-20 17:58:31,981 INFO L290 TraceCheckUtils]: 47: Hoare triple {12887#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {12887#false} is VALID [2022-02-20 17:58:31,982 INFO L290 TraceCheckUtils]: 48: Hoare triple {12887#false} assume !(0 != test_~tmp___9~0#1); {12887#false} is VALID [2022-02-20 17:58:31,982 INFO L290 TraceCheckUtils]: 49: Hoare triple {12887#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {12887#false} is VALID [2022-02-20 17:58:31,982 INFO L290 TraceCheckUtils]: 50: Hoare triple {12887#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {12887#false} is VALID [2022-02-20 17:58:31,982 INFO L290 TraceCheckUtils]: 51: Hoare triple {12887#false} assume !false; {12887#false} is VALID [2022-02-20 17:58:31,982 INFO L290 TraceCheckUtils]: 52: Hoare triple {12887#false} assume !(test_~splverifierCounter~0#1 < 4); {12887#false} is VALID [2022-02-20 17:58:31,982 INFO L290 TraceCheckUtils]: 53: Hoare triple {12887#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {12887#false} is VALID [2022-02-20 17:58:31,982 INFO L272 TraceCheckUtils]: 54: Hoare triple {12887#false} call sendEmail(~bob~0, ~rjh~0); {12887#false} is VALID [2022-02-20 17:58:31,982 INFO L290 TraceCheckUtils]: 55: Hoare triple {12887#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12887#false} is VALID [2022-02-20 17:58:31,982 INFO L272 TraceCheckUtils]: 56: Hoare triple {12887#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:31,983 INFO L290 TraceCheckUtils]: 57: Hoare triple {12984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,983 INFO L290 TraceCheckUtils]: 58: Hoare triple {12886#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,983 INFO L290 TraceCheckUtils]: 59: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,983 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {12886#true} {12887#false} #1231#return; {12887#false} is VALID [2022-02-20 17:58:31,983 INFO L272 TraceCheckUtils]: 61: Hoare triple {12887#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12985#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:31,983 INFO L290 TraceCheckUtils]: 62: Hoare triple {12985#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,983 INFO L290 TraceCheckUtils]: 63: Hoare triple {12886#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,983 INFO L290 TraceCheckUtils]: 64: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,983 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {12886#true} {12887#false} #1233#return; {12887#false} is VALID [2022-02-20 17:58:31,984 INFO L290 TraceCheckUtils]: 66: Hoare triple {12887#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {12887#false} is VALID [2022-02-20 17:58:31,984 INFO L290 TraceCheckUtils]: 67: Hoare triple {12887#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {12887#false} is VALID [2022-02-20 17:58:31,984 INFO L272 TraceCheckUtils]: 68: Hoare triple {12887#false} call outgoing(~sender#1, ~email~0#1); {12887#false} is VALID [2022-02-20 17:58:31,984 INFO L290 TraceCheckUtils]: 69: Hoare triple {12887#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {12887#false} is VALID [2022-02-20 17:58:31,984 INFO L272 TraceCheckUtils]: 70: Hoare triple {12887#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {12886#true} is VALID [2022-02-20 17:58:31,984 INFO L290 TraceCheckUtils]: 71: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~12; {12886#true} is VALID [2022-02-20 17:58:31,984 INFO L290 TraceCheckUtils]: 72: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {12886#true} is VALID [2022-02-20 17:58:31,984 INFO L290 TraceCheckUtils]: 73: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,984 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12886#true} {12887#false} #1161#return; {12887#false} is VALID [2022-02-20 17:58:31,984 INFO L290 TraceCheckUtils]: 75: Hoare triple {12887#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {12887#false} is VALID [2022-02-20 17:58:31,985 INFO L290 TraceCheckUtils]: 76: Hoare triple {12887#false} assume 0 == sign_~privkey~1#1; {12887#false} is VALID [2022-02-20 17:58:31,985 INFO L290 TraceCheckUtils]: 77: Hoare triple {12887#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {12887#false} is VALID [2022-02-20 17:58:31,985 INFO L272 TraceCheckUtils]: 78: Hoare triple {12887#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {12886#true} is VALID [2022-02-20 17:58:31,985 INFO L290 TraceCheckUtils]: 79: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~6; {12886#true} is VALID [2022-02-20 17:58:31,985 INFO L290 TraceCheckUtils]: 80: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {12886#true} is VALID [2022-02-20 17:58:31,985 INFO L290 TraceCheckUtils]: 81: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,985 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {12886#true} {12887#false} #1163#return; {12887#false} is VALID [2022-02-20 17:58:31,985 INFO L290 TraceCheckUtils]: 83: Hoare triple {12887#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {12887#false} is VALID [2022-02-20 17:58:31,985 INFO L290 TraceCheckUtils]: 84: Hoare triple {12887#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {12887#false} is VALID [2022-02-20 17:58:31,986 INFO L290 TraceCheckUtils]: 85: Hoare triple {12887#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret88#1 := puts(35, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret88#1; {12887#false} is VALID [2022-02-20 17:58:31,986 INFO L272 TraceCheckUtils]: 86: Hoare triple {12887#false} call outgoing__wrappee__AddressBook_#t~ret89#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {12886#true} is VALID [2022-02-20 17:58:31,986 INFO L290 TraceCheckUtils]: 87: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,986 INFO L290 TraceCheckUtils]: 88: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,986 INFO L290 TraceCheckUtils]: 89: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,986 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {12886#true} {12887#false} #1165#return; {12887#false} is VALID [2022-02-20 17:58:31,986 INFO L290 TraceCheckUtils]: 91: Hoare triple {12887#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~7#1 := outgoing__wrappee__AddressBook_#t~ret89#1;havoc outgoing__wrappee__AddressBook_#t~ret89#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~7#1;call outgoing__wrappee__AddressBook_#t~ret90#1 := puts(36, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret90#1; {12887#false} is VALID [2022-02-20 17:58:31,986 INFO L272 TraceCheckUtils]: 92: Hoare triple {12887#false} call outgoing__wrappee__AddressBook_#t~ret91#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {12886#true} is VALID [2022-02-20 17:58:31,986 INFO L290 TraceCheckUtils]: 93: Hoare triple {12886#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {12886#true} is VALID [2022-02-20 17:58:31,987 INFO L290 TraceCheckUtils]: 94: Hoare triple {12886#true} assume 1 == ~handle; {12886#true} is VALID [2022-02-20 17:58:31,987 INFO L290 TraceCheckUtils]: 95: Hoare triple {12886#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {12886#true} is VALID [2022-02-20 17:58:31,987 INFO L290 TraceCheckUtils]: 96: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,987 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {12886#true} {12887#false} #1167#return; {12887#false} is VALID [2022-02-20 17:58:31,987 INFO L290 TraceCheckUtils]: 98: Hoare triple {12887#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret91#1 && outgoing__wrappee__AddressBook_#t~ret91#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~3#1 := outgoing__wrappee__AddressBook_#t~ret91#1;havoc outgoing__wrappee__AddressBook_#t~ret91#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~3#1; {12887#false} is VALID [2022-02-20 17:58:31,987 INFO L272 TraceCheckUtils]: 99: Hoare triple {12887#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {12985#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:31,987 INFO L290 TraceCheckUtils]: 100: Hoare triple {12985#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,987 INFO L290 TraceCheckUtils]: 101: Hoare triple {12886#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,987 INFO L290 TraceCheckUtils]: 102: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,987 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {12886#true} {12887#false} #1169#return; {12887#false} is VALID [2022-02-20 17:58:31,988 INFO L272 TraceCheckUtils]: 104: Hoare triple {12887#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {12887#false} is VALID [2022-02-20 17:58:31,988 INFO L290 TraceCheckUtils]: 105: Hoare triple {12887#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {12887#false} is VALID [2022-02-20 17:58:31,988 INFO L272 TraceCheckUtils]: 106: Hoare triple {12887#false} call #t~ret85#1 := getEmailTo(~msg#1); {12886#true} is VALID [2022-02-20 17:58:31,988 INFO L290 TraceCheckUtils]: 107: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,988 INFO L290 TraceCheckUtils]: 108: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,988 INFO L290 TraceCheckUtils]: 109: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,988 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {12886#true} {12887#false} #1181#return; {12887#false} is VALID [2022-02-20 17:58:31,988 INFO L290 TraceCheckUtils]: 111: Hoare triple {12887#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {12887#false} is VALID [2022-02-20 17:58:31,988 INFO L272 TraceCheckUtils]: 112: Hoare triple {12887#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {12886#true} is VALID [2022-02-20 17:58:31,989 INFO L290 TraceCheckUtils]: 113: Hoare triple {12886#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {12886#true} is VALID [2022-02-20 17:58:31,989 INFO L290 TraceCheckUtils]: 114: Hoare triple {12886#true} assume 1 == ~handle; {12886#true} is VALID [2022-02-20 17:58:31,989 INFO L290 TraceCheckUtils]: 115: Hoare triple {12886#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {12886#true} is VALID [2022-02-20 17:58:31,989 INFO L290 TraceCheckUtils]: 116: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,989 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {12886#true} {12887#false} #1183#return; {12887#false} is VALID [2022-02-20 17:58:31,989 INFO L290 TraceCheckUtils]: 118: Hoare triple {12887#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {12887#false} is VALID [2022-02-20 17:58:31,989 INFO L290 TraceCheckUtils]: 119: Hoare triple {12887#false} assume !(0 != ~pubkey~0#1); {12887#false} is VALID [2022-02-20 17:58:31,989 INFO L290 TraceCheckUtils]: 120: Hoare triple {12887#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {12887#false} is VALID [2022-02-20 17:58:31,989 INFO L290 TraceCheckUtils]: 121: Hoare triple {12887#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {12887#false} is VALID [2022-02-20 17:58:31,990 INFO L290 TraceCheckUtils]: 122: Hoare triple {12887#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {12887#false} is VALID [2022-02-20 17:58:31,990 INFO L272 TraceCheckUtils]: 123: Hoare triple {12887#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {12984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:31,990 INFO L290 TraceCheckUtils]: 124: Hoare triple {12984#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:31,990 INFO L290 TraceCheckUtils]: 125: Hoare triple {12886#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:31,990 INFO L290 TraceCheckUtils]: 126: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,990 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {12886#true} {12887#false} #1189#return; {12887#false} is VALID [2022-02-20 17:58:31,990 INFO L290 TraceCheckUtils]: 128: Hoare triple {12887#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {12887#false} is VALID [2022-02-20 17:58:31,990 INFO L272 TraceCheckUtils]: 129: Hoare triple {12887#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {12886#true} is VALID [2022-02-20 17:58:31,990 INFO L290 TraceCheckUtils]: 130: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~29; {12886#true} is VALID [2022-02-20 17:58:31,990 INFO L290 TraceCheckUtils]: 131: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {12886#true} is VALID [2022-02-20 17:58:31,991 INFO L290 TraceCheckUtils]: 132: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,991 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {12886#true} {12887#false} #1191#return; {12887#false} is VALID [2022-02-20 17:58:31,991 INFO L290 TraceCheckUtils]: 134: Hoare triple {12887#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {12887#false} is VALID [2022-02-20 17:58:31,991 INFO L290 TraceCheckUtils]: 135: Hoare triple {12887#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {12887#false} is VALID [2022-02-20 17:58:31,991 INFO L272 TraceCheckUtils]: 136: Hoare triple {12887#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {12886#true} is VALID [2022-02-20 17:58:31,991 INFO L290 TraceCheckUtils]: 137: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,991 INFO L290 TraceCheckUtils]: 138: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {12886#true} is VALID [2022-02-20 17:58:31,991 INFO L290 TraceCheckUtils]: 139: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,991 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {12886#true} {12887#false} #1193#return; {12887#false} is VALID [2022-02-20 17:58:31,992 INFO L290 TraceCheckUtils]: 141: Hoare triple {12887#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {12887#false} is VALID [2022-02-20 17:58:31,992 INFO L272 TraceCheckUtils]: 142: Hoare triple {12887#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {12886#true} is VALID [2022-02-20 17:58:31,992 INFO L290 TraceCheckUtils]: 143: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~12; {12886#true} is VALID [2022-02-20 17:58:31,992 INFO L290 TraceCheckUtils]: 144: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {12886#true} is VALID [2022-02-20 17:58:31,992 INFO L290 TraceCheckUtils]: 145: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,992 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {12886#true} {12887#false} #1195#return; {12887#false} is VALID [2022-02-20 17:58:31,992 INFO L290 TraceCheckUtils]: 147: Hoare triple {12887#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {12887#false} is VALID [2022-02-20 17:58:31,992 INFO L290 TraceCheckUtils]: 148: Hoare triple {12887#false} assume !(0 != incoming_~privkey~0#1); {12887#false} is VALID [2022-02-20 17:58:31,992 INFO L290 TraceCheckUtils]: 149: Hoare triple {12887#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {12887#false} is VALID [2022-02-20 17:58:31,993 INFO L290 TraceCheckUtils]: 150: Hoare triple {12887#false} assume 1 == ~sent_signed~0; {12887#false} is VALID [2022-02-20 17:58:31,993 INFO L272 TraceCheckUtils]: 151: Hoare triple {12887#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {12886#true} is VALID [2022-02-20 17:58:31,993 INFO L290 TraceCheckUtils]: 152: Hoare triple {12886#true} ~handle := #in~handle;havoc ~retValue_acc~23; {12886#true} is VALID [2022-02-20 17:58:31,993 INFO L290 TraceCheckUtils]: 153: Hoare triple {12886#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {12886#true} is VALID [2022-02-20 17:58:31,993 INFO L290 TraceCheckUtils]: 154: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,993 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {12886#true} {12887#false} #1207#return; {12887#false} is VALID [2022-02-20 17:58:31,993 INFO L290 TraceCheckUtils]: 156: Hoare triple {12887#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {12887#false} is VALID [2022-02-20 17:58:31,993 INFO L272 TraceCheckUtils]: 157: Hoare triple {12887#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {12886#true} is VALID [2022-02-20 17:58:31,993 INFO L290 TraceCheckUtils]: 158: Hoare triple {12886#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {12886#true} is VALID [2022-02-20 17:58:31,994 INFO L290 TraceCheckUtils]: 159: Hoare triple {12886#true} assume 1 == ~handle; {12886#true} is VALID [2022-02-20 17:58:31,994 INFO L290 TraceCheckUtils]: 160: Hoare triple {12886#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {12886#true} is VALID [2022-02-20 17:58:31,994 INFO L290 TraceCheckUtils]: 161: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:31,994 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {12886#true} {12887#false} #1209#return; {12887#false} is VALID [2022-02-20 17:58:31,994 INFO L290 TraceCheckUtils]: 163: Hoare triple {12887#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {12887#false} is VALID [2022-02-20 17:58:31,994 INFO L290 TraceCheckUtils]: 164: Hoare triple {12887#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {12887#false} is VALID [2022-02-20 17:58:31,994 INFO L272 TraceCheckUtils]: 165: Hoare triple {12887#false} call __automaton_fail(); {12887#false} is VALID [2022-02-20 17:58:31,994 INFO L290 TraceCheckUtils]: 166: Hoare triple {12887#false} assume !false; {12887#false} is VALID [2022-02-20 17:58:31,995 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 43 trivial. 0 not checked. [2022-02-20 17:58:31,995 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:31,995 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1841262819] [2022-02-20 17:58:31,995 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1841262819] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:31,995 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1891873603] [2022-02-20 17:58:31,995 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:31,995 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:31,996 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:31,996 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:31,997 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:58:32,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:32,240 INFO L263 TraceCheckSpWp]: Trace formula consists of 1349 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:58:32,287 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:32,290 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:32,603 INFO L290 TraceCheckUtils]: 0: Hoare triple {12886#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {12886#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {12886#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 3: Hoare triple {12886#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 4: Hoare triple {12886#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 5: Hoare triple {12886#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L272 TraceCheckUtils]: 6: Hoare triple {12886#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 7: Hoare triple {12886#true} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 8: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 9: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12886#true} {12886#true} #1245#return; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 11: Hoare triple {12886#true} assume { :end_inline_setup_bob__wrappee__Base } true; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L272 TraceCheckUtils]: 12: Hoare triple {12886#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 13: Hoare triple {12886#true} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 14: Hoare triple {12886#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L290 TraceCheckUtils]: 15: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:32,604 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {12886#true} {12886#true} #1247#return; {12886#true} is VALID [2022-02-20 17:58:32,606 INFO L290 TraceCheckUtils]: 17: Hoare triple {12886#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13040#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:32,606 INFO L272 TraceCheckUtils]: 18: Hoare triple {13040#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {12886#true} is VALID [2022-02-20 17:58:32,607 INFO L290 TraceCheckUtils]: 19: Hoare triple {12886#true} ~handle := #in~handle;~value := #in~value; {12886#true} is VALID [2022-02-20 17:58:32,607 INFO L290 TraceCheckUtils]: 20: Hoare triple {12886#true} assume !(1 == ~handle); {12886#true} is VALID [2022-02-20 17:58:32,607 INFO L290 TraceCheckUtils]: 21: Hoare triple {12886#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {12886#true} is VALID [2022-02-20 17:58:32,607 INFO L290 TraceCheckUtils]: 22: Hoare triple {12886#true} assume true; {12886#true} is VALID [2022-02-20 17:58:32,607 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12886#true} {13040#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1249#return; {13040#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:32,607 INFO L290 TraceCheckUtils]: 24: Hoare triple {13040#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {13040#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:32,607 INFO L272 TraceCheckUtils]: 25: Hoare triple {13040#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {12886#true} is VALID [2022-02-20 17:58:32,608 INFO L290 TraceCheckUtils]: 26: Hoare triple {12886#true} ~handle := #in~handle;~value := #in~value; {13068#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:58:32,608 INFO L290 TraceCheckUtils]: 27: Hoare triple {13068#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13072#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:32,608 INFO L290 TraceCheckUtils]: 28: Hoare triple {13072#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {13072#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:32,609 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {13072#(<= |setClientPrivateKey_#in~handle| 1)} {13040#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1251#return; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L290 TraceCheckUtils]: 30: Hoare triple {12887#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L272 TraceCheckUtils]: 31: Hoare triple {12887#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L290 TraceCheckUtils]: 32: Hoare triple {12887#false} ~handle := #in~handle;~value := #in~value; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L290 TraceCheckUtils]: 33: Hoare triple {12887#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L290 TraceCheckUtils]: 34: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {12887#false} {12887#false} #1253#return; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L290 TraceCheckUtils]: 36: Hoare triple {12887#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L272 TraceCheckUtils]: 37: Hoare triple {12887#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L290 TraceCheckUtils]: 38: Hoare triple {12887#false} ~handle := #in~handle;~value := #in~value; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L290 TraceCheckUtils]: 39: Hoare triple {12887#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L290 TraceCheckUtils]: 40: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {12887#false} {12887#false} #1255#return; {12887#false} is VALID [2022-02-20 17:58:32,609 INFO L290 TraceCheckUtils]: 42: Hoare triple {12887#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {12887#false} is VALID [2022-02-20 17:58:32,610 INFO L290 TraceCheckUtils]: 43: Hoare triple {12887#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {12887#false} is VALID [2022-02-20 17:58:32,626 INFO L290 TraceCheckUtils]: 44: Hoare triple {12887#false} assume !false; {12887#false} is VALID [2022-02-20 17:58:32,626 INFO L290 TraceCheckUtils]: 45: Hoare triple {12887#false} assume test_~splverifierCounter~0#1 < 4; {12887#false} is VALID [2022-02-20 17:58:32,626 INFO L290 TraceCheckUtils]: 46: Hoare triple {12887#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {12887#false} is VALID [2022-02-20 17:58:32,631 INFO L290 TraceCheckUtils]: 47: Hoare triple {12887#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {12887#false} is VALID [2022-02-20 17:58:32,631 INFO L290 TraceCheckUtils]: 48: Hoare triple {12887#false} assume !(0 != test_~tmp___9~0#1); {12887#false} is VALID [2022-02-20 17:58:32,631 INFO L290 TraceCheckUtils]: 49: Hoare triple {12887#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {12887#false} is VALID [2022-02-20 17:58:32,631 INFO L290 TraceCheckUtils]: 50: Hoare triple {12887#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {12887#false} is VALID [2022-02-20 17:58:32,631 INFO L290 TraceCheckUtils]: 51: Hoare triple {12887#false} assume !false; {12887#false} is VALID [2022-02-20 17:58:32,631 INFO L290 TraceCheckUtils]: 52: Hoare triple {12887#false} assume !(test_~splverifierCounter~0#1 < 4); {12887#false} is VALID [2022-02-20 17:58:32,632 INFO L290 TraceCheckUtils]: 53: Hoare triple {12887#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {12887#false} is VALID [2022-02-20 17:58:32,632 INFO L272 TraceCheckUtils]: 54: Hoare triple {12887#false} call sendEmail(~bob~0, ~rjh~0); {12887#false} is VALID [2022-02-20 17:58:32,632 INFO L290 TraceCheckUtils]: 55: Hoare triple {12887#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {12887#false} is VALID [2022-02-20 17:58:32,632 INFO L272 TraceCheckUtils]: 56: Hoare triple {12887#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {12887#false} is VALID [2022-02-20 17:58:32,632 INFO L290 TraceCheckUtils]: 57: Hoare triple {12887#false} ~handle := #in~handle;~value := #in~value; {12887#false} is VALID [2022-02-20 17:58:32,632 INFO L290 TraceCheckUtils]: 58: Hoare triple {12887#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12887#false} is VALID [2022-02-20 17:58:32,632 INFO L290 TraceCheckUtils]: 59: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,632 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {12887#false} {12887#false} #1231#return; {12887#false} is VALID [2022-02-20 17:58:32,632 INFO L272 TraceCheckUtils]: 61: Hoare triple {12887#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L290 TraceCheckUtils]: 62: Hoare triple {12887#false} ~handle := #in~handle;~value := #in~value; {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L290 TraceCheckUtils]: 63: Hoare triple {12887#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L290 TraceCheckUtils]: 64: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {12887#false} {12887#false} #1233#return; {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L290 TraceCheckUtils]: 66: Hoare triple {12887#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L290 TraceCheckUtils]: 67: Hoare triple {12887#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L272 TraceCheckUtils]: 68: Hoare triple {12887#false} call outgoing(~sender#1, ~email~0#1); {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L290 TraceCheckUtils]: 69: Hoare triple {12887#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L272 TraceCheckUtils]: 70: Hoare triple {12887#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {12887#false} is VALID [2022-02-20 17:58:32,633 INFO L290 TraceCheckUtils]: 71: Hoare triple {12887#false} ~handle := #in~handle;havoc ~retValue_acc~12; {12887#false} is VALID [2022-02-20 17:58:32,634 INFO L290 TraceCheckUtils]: 72: Hoare triple {12887#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {12887#false} is VALID [2022-02-20 17:58:32,634 INFO L290 TraceCheckUtils]: 73: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,634 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {12887#false} {12887#false} #1161#return; {12887#false} is VALID [2022-02-20 17:58:32,634 INFO L290 TraceCheckUtils]: 75: Hoare triple {12887#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {12887#false} is VALID [2022-02-20 17:58:32,634 INFO L290 TraceCheckUtils]: 76: Hoare triple {12887#false} assume 0 == sign_~privkey~1#1; {12887#false} is VALID [2022-02-20 17:58:32,634 INFO L290 TraceCheckUtils]: 77: Hoare triple {12887#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {12887#false} is VALID [2022-02-20 17:58:32,634 INFO L272 TraceCheckUtils]: 78: Hoare triple {12887#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {12887#false} is VALID [2022-02-20 17:58:32,634 INFO L290 TraceCheckUtils]: 79: Hoare triple {12887#false} ~handle := #in~handle;havoc ~retValue_acc~6; {12887#false} is VALID [2022-02-20 17:58:32,634 INFO L290 TraceCheckUtils]: 80: Hoare triple {12887#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {12887#false} is VALID [2022-02-20 17:58:32,635 INFO L290 TraceCheckUtils]: 81: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,635 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {12887#false} {12887#false} #1163#return; {12887#false} is VALID [2022-02-20 17:58:32,635 INFO L290 TraceCheckUtils]: 83: Hoare triple {12887#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {12887#false} is VALID [2022-02-20 17:58:32,635 INFO L290 TraceCheckUtils]: 84: Hoare triple {12887#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {12887#false} is VALID [2022-02-20 17:58:32,635 INFO L290 TraceCheckUtils]: 85: Hoare triple {12887#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret88#1 := puts(35, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret88#1; {12887#false} is VALID [2022-02-20 17:58:32,635 INFO L272 TraceCheckUtils]: 86: Hoare triple {12887#false} call outgoing__wrappee__AddressBook_#t~ret89#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {12887#false} is VALID [2022-02-20 17:58:32,635 INFO L290 TraceCheckUtils]: 87: Hoare triple {12887#false} ~handle := #in~handle;havoc ~retValue_acc~24; {12887#false} is VALID [2022-02-20 17:58:32,635 INFO L290 TraceCheckUtils]: 88: Hoare triple {12887#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {12887#false} is VALID [2022-02-20 17:58:32,635 INFO L290 TraceCheckUtils]: 89: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,636 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {12887#false} {12887#false} #1165#return; {12887#false} is VALID [2022-02-20 17:58:32,636 INFO L290 TraceCheckUtils]: 91: Hoare triple {12887#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~7#1 := outgoing__wrappee__AddressBook_#t~ret89#1;havoc outgoing__wrappee__AddressBook_#t~ret89#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~7#1;call outgoing__wrappee__AddressBook_#t~ret90#1 := puts(36, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret90#1; {12887#false} is VALID [2022-02-20 17:58:32,636 INFO L272 TraceCheckUtils]: 92: Hoare triple {12887#false} call outgoing__wrappee__AddressBook_#t~ret91#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {12887#false} is VALID [2022-02-20 17:58:32,636 INFO L290 TraceCheckUtils]: 93: Hoare triple {12887#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {12887#false} is VALID [2022-02-20 17:58:32,636 INFO L290 TraceCheckUtils]: 94: Hoare triple {12887#false} assume 1 == ~handle; {12887#false} is VALID [2022-02-20 17:58:32,636 INFO L290 TraceCheckUtils]: 95: Hoare triple {12887#false} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {12887#false} is VALID [2022-02-20 17:58:32,636 INFO L290 TraceCheckUtils]: 96: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,636 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {12887#false} {12887#false} #1167#return; {12887#false} is VALID [2022-02-20 17:58:32,636 INFO L290 TraceCheckUtils]: 98: Hoare triple {12887#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret91#1 && outgoing__wrappee__AddressBook_#t~ret91#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~3#1 := outgoing__wrappee__AddressBook_#t~ret91#1;havoc outgoing__wrappee__AddressBook_#t~ret91#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~3#1; {12887#false} is VALID [2022-02-20 17:58:32,637 INFO L272 TraceCheckUtils]: 99: Hoare triple {12887#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {12887#false} is VALID [2022-02-20 17:58:32,637 INFO L290 TraceCheckUtils]: 100: Hoare triple {12887#false} ~handle := #in~handle;~value := #in~value; {12887#false} is VALID [2022-02-20 17:58:32,637 INFO L290 TraceCheckUtils]: 101: Hoare triple {12887#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {12887#false} is VALID [2022-02-20 17:58:32,637 INFO L290 TraceCheckUtils]: 102: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,637 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {12887#false} {12887#false} #1169#return; {12887#false} is VALID [2022-02-20 17:58:32,637 INFO L272 TraceCheckUtils]: 104: Hoare triple {12887#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {12887#false} is VALID [2022-02-20 17:58:32,637 INFO L290 TraceCheckUtils]: 105: Hoare triple {12887#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {12887#false} is VALID [2022-02-20 17:58:32,637 INFO L272 TraceCheckUtils]: 106: Hoare triple {12887#false} call #t~ret85#1 := getEmailTo(~msg#1); {12887#false} is VALID [2022-02-20 17:58:32,637 INFO L290 TraceCheckUtils]: 107: Hoare triple {12887#false} ~handle := #in~handle;havoc ~retValue_acc~24; {12887#false} is VALID [2022-02-20 17:58:32,638 INFO L290 TraceCheckUtils]: 108: Hoare triple {12887#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {12887#false} is VALID [2022-02-20 17:58:32,638 INFO L290 TraceCheckUtils]: 109: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,638 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {12887#false} {12887#false} #1181#return; {12887#false} is VALID [2022-02-20 17:58:32,638 INFO L290 TraceCheckUtils]: 111: Hoare triple {12887#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {12887#false} is VALID [2022-02-20 17:58:32,638 INFO L272 TraceCheckUtils]: 112: Hoare triple {12887#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {12887#false} is VALID [2022-02-20 17:58:32,638 INFO L290 TraceCheckUtils]: 113: Hoare triple {12887#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {12887#false} is VALID [2022-02-20 17:58:32,638 INFO L290 TraceCheckUtils]: 114: Hoare triple {12887#false} assume 1 == ~handle; {12887#false} is VALID [2022-02-20 17:58:32,638 INFO L290 TraceCheckUtils]: 115: Hoare triple {12887#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {12887#false} is VALID [2022-02-20 17:58:32,638 INFO L290 TraceCheckUtils]: 116: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {12887#false} {12887#false} #1183#return; {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L290 TraceCheckUtils]: 118: Hoare triple {12887#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L290 TraceCheckUtils]: 119: Hoare triple {12887#false} assume !(0 != ~pubkey~0#1); {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L290 TraceCheckUtils]: 120: Hoare triple {12887#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L290 TraceCheckUtils]: 121: Hoare triple {12887#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L290 TraceCheckUtils]: 122: Hoare triple {12887#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L272 TraceCheckUtils]: 123: Hoare triple {12887#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L290 TraceCheckUtils]: 124: Hoare triple {12887#false} ~handle := #in~handle;~value := #in~value; {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L290 TraceCheckUtils]: 125: Hoare triple {12887#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {12887#false} is VALID [2022-02-20 17:58:32,639 INFO L290 TraceCheckUtils]: 126: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,640 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {12887#false} {12887#false} #1189#return; {12887#false} is VALID [2022-02-20 17:58:32,640 INFO L290 TraceCheckUtils]: 128: Hoare triple {12887#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {12887#false} is VALID [2022-02-20 17:58:32,640 INFO L272 TraceCheckUtils]: 129: Hoare triple {12887#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {12887#false} is VALID [2022-02-20 17:58:32,640 INFO L290 TraceCheckUtils]: 130: Hoare triple {12887#false} ~handle := #in~handle;havoc ~retValue_acc~29; {12887#false} is VALID [2022-02-20 17:58:32,640 INFO L290 TraceCheckUtils]: 131: Hoare triple {12887#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {12887#false} is VALID [2022-02-20 17:58:32,640 INFO L290 TraceCheckUtils]: 132: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,640 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {12887#false} {12887#false} #1191#return; {12887#false} is VALID [2022-02-20 17:58:32,640 INFO L290 TraceCheckUtils]: 134: Hoare triple {12887#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {12887#false} is VALID [2022-02-20 17:58:32,640 INFO L290 TraceCheckUtils]: 135: Hoare triple {12887#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {12887#false} is VALID [2022-02-20 17:58:32,641 INFO L272 TraceCheckUtils]: 136: Hoare triple {12887#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {12887#false} is VALID [2022-02-20 17:58:32,641 INFO L290 TraceCheckUtils]: 137: Hoare triple {12887#false} ~handle := #in~handle;havoc ~retValue_acc~24; {12887#false} is VALID [2022-02-20 17:58:32,641 INFO L290 TraceCheckUtils]: 138: Hoare triple {12887#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {12887#false} is VALID [2022-02-20 17:58:32,641 INFO L290 TraceCheckUtils]: 139: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,641 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {12887#false} {12887#false} #1193#return; {12887#false} is VALID [2022-02-20 17:58:32,641 INFO L290 TraceCheckUtils]: 141: Hoare triple {12887#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {12887#false} is VALID [2022-02-20 17:58:32,641 INFO L272 TraceCheckUtils]: 142: Hoare triple {12887#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {12887#false} is VALID [2022-02-20 17:58:32,641 INFO L290 TraceCheckUtils]: 143: Hoare triple {12887#false} ~handle := #in~handle;havoc ~retValue_acc~12; {12887#false} is VALID [2022-02-20 17:58:32,641 INFO L290 TraceCheckUtils]: 144: Hoare triple {12887#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {12887#false} is VALID [2022-02-20 17:58:32,642 INFO L290 TraceCheckUtils]: 145: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,642 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {12887#false} {12887#false} #1195#return; {12887#false} is VALID [2022-02-20 17:58:32,642 INFO L290 TraceCheckUtils]: 147: Hoare triple {12887#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {12887#false} is VALID [2022-02-20 17:58:32,642 INFO L290 TraceCheckUtils]: 148: Hoare triple {12887#false} assume !(0 != incoming_~privkey~0#1); {12887#false} is VALID [2022-02-20 17:58:32,642 INFO L290 TraceCheckUtils]: 149: Hoare triple {12887#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {12887#false} is VALID [2022-02-20 17:58:32,642 INFO L290 TraceCheckUtils]: 150: Hoare triple {12887#false} assume 1 == ~sent_signed~0; {12887#false} is VALID [2022-02-20 17:58:32,642 INFO L272 TraceCheckUtils]: 151: Hoare triple {12887#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {12887#false} is VALID [2022-02-20 17:58:32,642 INFO L290 TraceCheckUtils]: 152: Hoare triple {12887#false} ~handle := #in~handle;havoc ~retValue_acc~23; {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L290 TraceCheckUtils]: 153: Hoare triple {12887#false} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L290 TraceCheckUtils]: 154: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {12887#false} {12887#false} #1207#return; {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L290 TraceCheckUtils]: 156: Hoare triple {12887#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L272 TraceCheckUtils]: 157: Hoare triple {12887#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L290 TraceCheckUtils]: 158: Hoare triple {12887#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L290 TraceCheckUtils]: 159: Hoare triple {12887#false} assume 1 == ~handle; {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L290 TraceCheckUtils]: 160: Hoare triple {12887#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L290 TraceCheckUtils]: 161: Hoare triple {12887#false} assume true; {12887#false} is VALID [2022-02-20 17:58:32,643 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {12887#false} {12887#false} #1209#return; {12887#false} is VALID [2022-02-20 17:58:32,644 INFO L290 TraceCheckUtils]: 163: Hoare triple {12887#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {12887#false} is VALID [2022-02-20 17:58:32,644 INFO L290 TraceCheckUtils]: 164: Hoare triple {12887#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {12887#false} is VALID [2022-02-20 17:58:32,644 INFO L272 TraceCheckUtils]: 165: Hoare triple {12887#false} call __automaton_fail(); {12887#false} is VALID [2022-02-20 17:58:32,644 INFO L290 TraceCheckUtils]: 166: Hoare triple {12887#false} assume !false; {12887#false} is VALID [2022-02-20 17:58:32,644 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 17:58:32,644 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:32,645 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1891873603] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:32,645 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:32,645 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:58:32,645 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1055144846] [2022-02-20 17:58:32,645 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:32,646 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) Word has length 167 [2022-02-20 17:58:32,646 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:32,646 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:32,734 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 145 edges. 145 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:32,734 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:32,735 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:32,735 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:32,735 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:58:32,736 INFO L87 Difference]: Start difference. First operand 477 states and 732 transitions. Second operand has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:33,805 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:33,805 INFO L93 Difference]: Finished difference Result 943 states and 1453 transitions. [2022-02-20 17:58:33,805 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:58:33,805 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) Word has length 167 [2022-02-20 17:58:33,805 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:33,805 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:33,815 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1225 transitions. [2022-02-20 17:58:33,816 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:33,826 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1225 transitions. [2022-02-20 17:58:33,826 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1225 transitions. [2022-02-20 17:58:34,504 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1225 edges. 1225 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:34,532 INFO L225 Difference]: With dead ends: 943 [2022-02-20 17:58:34,532 INFO L226 Difference]: Without dead ends: 479 [2022-02-20 17:58:34,533 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 215 GetRequests, 201 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:58:34,534 INFO L933 BasicCegarLoop]: 607 mSDtfsCounter, 143 mSDsluCounter, 1652 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 166 SdHoareTripleChecker+Valid, 2259 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:34,534 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [166 Valid, 2259 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:34,535 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 479 states. [2022-02-20 17:58:34,618 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 479 to 479. [2022-02-20 17:58:34,618 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:34,619 INFO L82 GeneralOperation]: Start isEquivalent. First operand 479 states. Second operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 17:58:34,620 INFO L74 IsIncluded]: Start isIncluded. First operand 479 states. Second operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 17:58:34,621 INFO L87 Difference]: Start difference. First operand 479 states. Second operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 17:58:34,634 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:34,634 INFO L93 Difference]: Finished difference Result 479 states and 738 transitions. [2022-02-20 17:58:34,634 INFO L276 IsEmpty]: Start isEmpty. Operand 479 states and 738 transitions. [2022-02-20 17:58:34,635 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:34,635 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:34,636 INFO L74 IsIncluded]: Start isIncluded. First operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) Second operand 479 states. [2022-02-20 17:58:34,637 INFO L87 Difference]: Start difference. First operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) Second operand 479 states. [2022-02-20 17:58:34,651 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:34,651 INFO L93 Difference]: Finished difference Result 479 states and 738 transitions. [2022-02-20 17:58:34,651 INFO L276 IsEmpty]: Start isEmpty. Operand 479 states and 738 transitions. [2022-02-20 17:58:34,652 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:34,652 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:34,652 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:34,652 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:34,653 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 17:58:34,676 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 479 states to 479 states and 738 transitions. [2022-02-20 17:58:34,677 INFO L78 Accepts]: Start accepts. Automaton has 479 states and 738 transitions. Word has length 167 [2022-02-20 17:58:34,677 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:34,678 INFO L470 AbstractCegarLoop]: Abstraction has 479 states and 738 transitions. [2022-02-20 17:58:34,678 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:34,678 INFO L276 IsEmpty]: Start isEmpty. Operand 479 states and 738 transitions. [2022-02-20 17:58:34,680 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 150 [2022-02-20 17:58:34,680 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:34,680 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:34,698 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:34,895 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:34,895 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:34,896 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:34,896 INFO L85 PathProgramCache]: Analyzing trace with hash 1115232386, now seen corresponding path program 1 times [2022-02-20 17:58:34,896 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:34,896 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1830013868] [2022-02-20 17:58:34,896 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:34,896 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:34,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,963 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:34,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {16492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:34,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:34,966 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:34,966 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16413#true} #1245#return; {16413#true} is VALID [2022-02-20 17:58:34,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:34,972 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {16493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:34,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:34,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:34,974 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16413#true} #1247#return; {16413#true} is VALID [2022-02-20 17:58:34,974 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:34,975 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 0: Hoare triple {16492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume !(1 == ~handle); {16413#true} is VALID [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 3: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:34,978 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16413#true} {16413#true} #1249#return; {16413#true} is VALID [2022-02-20 17:58:34,978 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:34,979 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {16493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:34,981 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume !(1 == ~handle); {16413#true} is VALID [2022-02-20 17:58:34,981 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:34,981 INFO L290 TraceCheckUtils]: 3: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:34,981 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16413#true} {16413#true} #1251#return; {16413#true} is VALID [2022-02-20 17:58:34,981 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:34,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {16492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16494#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:34,994 INFO L290 TraceCheckUtils]: 1: Hoare triple {16494#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16495#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,995 INFO L290 TraceCheckUtils]: 2: Hoare triple {16495#(= |setClientId_#in~handle| 1)} assume true; {16495#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,995 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16495#(= |setClientId_#in~handle| 1)} {16433#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1253#return; {16414#false} is VALID [2022-02-20 17:58:34,995 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:34,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,998 INFO L290 TraceCheckUtils]: 0: Hoare triple {16493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:34,999 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:34,999 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:34,999 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1255#return; {16414#false} is VALID [2022-02-20 17:58:35,004 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:58:35,005 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,006 INFO L290 TraceCheckUtils]: 0: Hoare triple {16496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,006 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,007 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,007 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1231#return; {16414#false} is VALID [2022-02-20 17:58:35,012 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:35,013 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {16497#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,014 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,015 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,015 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1233#return; {16414#false} is VALID [2022-02-20 17:58:35,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:58:35,015 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~12; {16413#true} is VALID [2022-02-20 17:58:35,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {16413#true} is VALID [2022-02-20 17:58:35,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,017 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1161#return; {16414#false} is VALID [2022-02-20 17:58:35,017 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:58:35,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,019 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~6; {16413#true} is VALID [2022-02-20 17:58:35,019 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {16413#true} is VALID [2022-02-20 17:58:35,019 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,020 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1163#return; {16414#false} is VALID [2022-02-20 17:58:35,020 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:58:35,021 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,022 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~24; {16413#true} is VALID [2022-02-20 17:58:35,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {16413#true} is VALID [2022-02-20 17:58:35,023 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,023 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1181#return; {16414#false} is VALID [2022-02-20 17:58:35,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:58:35,023 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {16413#true} is VALID [2022-02-20 17:58:35,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle; {16413#true} is VALID [2022-02-20 17:58:35,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {16413#true} is VALID [2022-02-20 17:58:35,025 INFO L290 TraceCheckUtils]: 3: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,025 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16413#true} {16414#false} #1183#return; {16414#false} is VALID [2022-02-20 17:58:35,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:58:35,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {16496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,036 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1189#return; {16414#false} is VALID [2022-02-20 17:58:35,036 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:58:35,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~29; {16413#true} is VALID [2022-02-20 17:58:35,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {16413#true} is VALID [2022-02-20 17:58:35,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,038 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1191#return; {16414#false} is VALID [2022-02-20 17:58:35,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:58:35,039 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~24; {16413#true} is VALID [2022-02-20 17:58:35,040 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {16413#true} is VALID [2022-02-20 17:58:35,040 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,041 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1193#return; {16414#false} is VALID [2022-02-20 17:58:35,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:58:35,041 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,043 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~12; {16413#true} is VALID [2022-02-20 17:58:35,043 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {16413#true} is VALID [2022-02-20 17:58:35,043 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,043 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1195#return; {16414#false} is VALID [2022-02-20 17:58:35,043 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 17:58:35,044 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,046 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~23; {16413#true} is VALID [2022-02-20 17:58:35,046 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {16413#true} is VALID [2022-02-20 17:58:35,046 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,046 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16413#true} {16414#false} #1207#return; {16414#false} is VALID [2022-02-20 17:58:35,046 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 139 [2022-02-20 17:58:35,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:35,048 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {16413#true} is VALID [2022-02-20 17:58:35,049 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume 1 == ~handle; {16413#true} is VALID [2022-02-20 17:58:35,049 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {16413#true} is VALID [2022-02-20 17:58:35,049 INFO L290 TraceCheckUtils]: 3: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,049 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {16413#true} {16414#false} #1209#return; {16414#false} is VALID [2022-02-20 17:58:35,050 INFO L290 TraceCheckUtils]: 0: Hoare triple {16413#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {16413#true} is VALID [2022-02-20 17:58:35,050 INFO L290 TraceCheckUtils]: 1: Hoare triple {16413#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {16413#true} is VALID [2022-02-20 17:58:35,050 INFO L290 TraceCheckUtils]: 2: Hoare triple {16413#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {16413#true} is VALID [2022-02-20 17:58:35,050 INFO L290 TraceCheckUtils]: 3: Hoare triple {16413#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {16413#true} is VALID [2022-02-20 17:58:35,050 INFO L290 TraceCheckUtils]: 4: Hoare triple {16413#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {16413#true} is VALID [2022-02-20 17:58:35,050 INFO L290 TraceCheckUtils]: 5: Hoare triple {16413#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {16413#true} is VALID [2022-02-20 17:58:35,051 INFO L272 TraceCheckUtils]: 6: Hoare triple {16413#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {16492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:35,051 INFO L290 TraceCheckUtils]: 7: Hoare triple {16492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,051 INFO L290 TraceCheckUtils]: 8: Hoare triple {16413#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,051 INFO L290 TraceCheckUtils]: 9: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,051 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {16413#true} {16413#true} #1245#return; {16413#true} is VALID [2022-02-20 17:58:35,051 INFO L290 TraceCheckUtils]: 11: Hoare triple {16413#true} assume { :end_inline_setup_bob__wrappee__Base } true; {16413#true} is VALID [2022-02-20 17:58:35,052 INFO L272 TraceCheckUtils]: 12: Hoare triple {16413#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {16493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:35,052 INFO L290 TraceCheckUtils]: 13: Hoare triple {16493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,052 INFO L290 TraceCheckUtils]: 14: Hoare triple {16413#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,052 INFO L290 TraceCheckUtils]: 15: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,052 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {16413#true} {16413#true} #1247#return; {16413#true} is VALID [2022-02-20 17:58:35,052 INFO L290 TraceCheckUtils]: 17: Hoare triple {16413#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {16413#true} is VALID [2022-02-20 17:58:35,053 INFO L272 TraceCheckUtils]: 18: Hoare triple {16413#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {16492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:35,053 INFO L290 TraceCheckUtils]: 19: Hoare triple {16492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,053 INFO L290 TraceCheckUtils]: 20: Hoare triple {16413#true} assume !(1 == ~handle); {16413#true} is VALID [2022-02-20 17:58:35,053 INFO L290 TraceCheckUtils]: 21: Hoare triple {16413#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,053 INFO L290 TraceCheckUtils]: 22: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,053 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {16413#true} {16413#true} #1249#return; {16413#true} is VALID [2022-02-20 17:58:35,054 INFO L290 TraceCheckUtils]: 24: Hoare triple {16413#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {16413#true} is VALID [2022-02-20 17:58:35,054 INFO L272 TraceCheckUtils]: 25: Hoare triple {16413#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {16493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:35,054 INFO L290 TraceCheckUtils]: 26: Hoare triple {16493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,054 INFO L290 TraceCheckUtils]: 27: Hoare triple {16413#true} assume !(1 == ~handle); {16413#true} is VALID [2022-02-20 17:58:35,054 INFO L290 TraceCheckUtils]: 28: Hoare triple {16413#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,054 INFO L290 TraceCheckUtils]: 29: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,055 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16413#true} {16413#true} #1251#return; {16413#true} is VALID [2022-02-20 17:58:35,055 INFO L290 TraceCheckUtils]: 31: Hoare triple {16413#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {16433#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:35,055 INFO L272 TraceCheckUtils]: 32: Hoare triple {16433#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {16492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:35,056 INFO L290 TraceCheckUtils]: 33: Hoare triple {16492#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {16494#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:35,056 INFO L290 TraceCheckUtils]: 34: Hoare triple {16494#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {16495#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:35,056 INFO L290 TraceCheckUtils]: 35: Hoare triple {16495#(= |setClientId_#in~handle| 1)} assume true; {16495#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:35,057 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {16495#(= |setClientId_#in~handle| 1)} {16433#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1253#return; {16414#false} is VALID [2022-02-20 17:58:35,057 INFO L290 TraceCheckUtils]: 37: Hoare triple {16414#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {16414#false} is VALID [2022-02-20 17:58:35,057 INFO L272 TraceCheckUtils]: 38: Hoare triple {16414#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {16493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:35,057 INFO L290 TraceCheckUtils]: 39: Hoare triple {16493#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,057 INFO L290 TraceCheckUtils]: 40: Hoare triple {16413#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,057 INFO L290 TraceCheckUtils]: 41: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,057 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {16413#true} {16414#false} #1255#return; {16414#false} is VALID [2022-02-20 17:58:35,057 INFO L290 TraceCheckUtils]: 43: Hoare triple {16414#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {16414#false} is VALID [2022-02-20 17:58:35,057 INFO L290 TraceCheckUtils]: 44: Hoare triple {16414#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 45: Hoare triple {16414#false} assume !false; {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 46: Hoare triple {16414#false} assume test_~splverifierCounter~0#1 < 4; {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 47: Hoare triple {16414#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 48: Hoare triple {16414#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 49: Hoare triple {16414#false} assume !(0 != test_~tmp___9~0#1); {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 50: Hoare triple {16414#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 51: Hoare triple {16414#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 52: Hoare triple {16414#false} assume !false; {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 53: Hoare triple {16414#false} assume !(test_~splverifierCounter~0#1 < 4); {16414#false} is VALID [2022-02-20 17:58:35,058 INFO L290 TraceCheckUtils]: 54: Hoare triple {16414#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {16414#false} is VALID [2022-02-20 17:58:35,059 INFO L272 TraceCheckUtils]: 55: Hoare triple {16414#false} call sendEmail(~bob~0, ~rjh~0); {16414#false} is VALID [2022-02-20 17:58:35,059 INFO L290 TraceCheckUtils]: 56: Hoare triple {16414#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {16414#false} is VALID [2022-02-20 17:58:35,059 INFO L272 TraceCheckUtils]: 57: Hoare triple {16414#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {16496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:35,059 INFO L290 TraceCheckUtils]: 58: Hoare triple {16496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,059 INFO L290 TraceCheckUtils]: 59: Hoare triple {16413#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,059 INFO L290 TraceCheckUtils]: 60: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,059 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {16413#true} {16414#false} #1231#return; {16414#false} is VALID [2022-02-20 17:58:35,059 INFO L272 TraceCheckUtils]: 62: Hoare triple {16414#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {16497#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:35,059 INFO L290 TraceCheckUtils]: 63: Hoare triple {16497#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,059 INFO L290 TraceCheckUtils]: 64: Hoare triple {16413#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,060 INFO L290 TraceCheckUtils]: 65: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,060 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {16413#true} {16414#false} #1233#return; {16414#false} is VALID [2022-02-20 17:58:35,060 INFO L290 TraceCheckUtils]: 67: Hoare triple {16414#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {16414#false} is VALID [2022-02-20 17:58:35,060 INFO L290 TraceCheckUtils]: 68: Hoare triple {16414#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {16414#false} is VALID [2022-02-20 17:58:35,060 INFO L272 TraceCheckUtils]: 69: Hoare triple {16414#false} call outgoing(~sender#1, ~email~0#1); {16414#false} is VALID [2022-02-20 17:58:35,060 INFO L290 TraceCheckUtils]: 70: Hoare triple {16414#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {16414#false} is VALID [2022-02-20 17:58:35,060 INFO L272 TraceCheckUtils]: 71: Hoare triple {16414#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {16413#true} is VALID [2022-02-20 17:58:35,060 INFO L290 TraceCheckUtils]: 72: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~12; {16413#true} is VALID [2022-02-20 17:58:35,060 INFO L290 TraceCheckUtils]: 73: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {16413#true} is VALID [2022-02-20 17:58:35,060 INFO L290 TraceCheckUtils]: 74: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,061 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {16413#true} {16414#false} #1161#return; {16414#false} is VALID [2022-02-20 17:58:35,061 INFO L290 TraceCheckUtils]: 76: Hoare triple {16414#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {16414#false} is VALID [2022-02-20 17:58:35,061 INFO L290 TraceCheckUtils]: 77: Hoare triple {16414#false} assume 0 == sign_~privkey~1#1; {16414#false} is VALID [2022-02-20 17:58:35,061 INFO L290 TraceCheckUtils]: 78: Hoare triple {16414#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {16414#false} is VALID [2022-02-20 17:58:35,061 INFO L272 TraceCheckUtils]: 79: Hoare triple {16414#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {16413#true} is VALID [2022-02-20 17:58:35,061 INFO L290 TraceCheckUtils]: 80: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~6; {16413#true} is VALID [2022-02-20 17:58:35,063 INFO L290 TraceCheckUtils]: 81: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {16413#true} is VALID [2022-02-20 17:58:35,064 INFO L290 TraceCheckUtils]: 82: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,064 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {16413#true} {16414#false} #1163#return; {16414#false} is VALID [2022-02-20 17:58:35,064 INFO L290 TraceCheckUtils]: 84: Hoare triple {16414#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {16414#false} is VALID [2022-02-20 17:58:35,064 INFO L290 TraceCheckUtils]: 85: Hoare triple {16414#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {16414#false} is VALID [2022-02-20 17:58:35,064 INFO L272 TraceCheckUtils]: 86: Hoare triple {16414#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {16414#false} is VALID [2022-02-20 17:58:35,064 INFO L290 TraceCheckUtils]: 87: Hoare triple {16414#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {16414#false} is VALID [2022-02-20 17:58:35,064 INFO L272 TraceCheckUtils]: 88: Hoare triple {16414#false} call #t~ret85#1 := getEmailTo(~msg#1); {16413#true} is VALID [2022-02-20 17:58:35,064 INFO L290 TraceCheckUtils]: 89: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~24; {16413#true} is VALID [2022-02-20 17:58:35,064 INFO L290 TraceCheckUtils]: 90: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {16413#true} is VALID [2022-02-20 17:58:35,065 INFO L290 TraceCheckUtils]: 91: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,065 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {16413#true} {16414#false} #1181#return; {16414#false} is VALID [2022-02-20 17:58:35,065 INFO L290 TraceCheckUtils]: 93: Hoare triple {16414#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {16414#false} is VALID [2022-02-20 17:58:35,065 INFO L272 TraceCheckUtils]: 94: Hoare triple {16414#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {16413#true} is VALID [2022-02-20 17:58:35,065 INFO L290 TraceCheckUtils]: 95: Hoare triple {16413#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {16413#true} is VALID [2022-02-20 17:58:35,065 INFO L290 TraceCheckUtils]: 96: Hoare triple {16413#true} assume 1 == ~handle; {16413#true} is VALID [2022-02-20 17:58:35,065 INFO L290 TraceCheckUtils]: 97: Hoare triple {16413#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {16413#true} is VALID [2022-02-20 17:58:35,065 INFO L290 TraceCheckUtils]: 98: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,065 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {16413#true} {16414#false} #1183#return; {16414#false} is VALID [2022-02-20 17:58:35,065 INFO L290 TraceCheckUtils]: 100: Hoare triple {16414#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {16414#false} is VALID [2022-02-20 17:58:35,066 INFO L290 TraceCheckUtils]: 101: Hoare triple {16414#false} assume !(0 != ~pubkey~0#1); {16414#false} is VALID [2022-02-20 17:58:35,066 INFO L290 TraceCheckUtils]: 102: Hoare triple {16414#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {16414#false} is VALID [2022-02-20 17:58:35,066 INFO L290 TraceCheckUtils]: 103: Hoare triple {16414#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {16414#false} is VALID [2022-02-20 17:58:35,066 INFO L290 TraceCheckUtils]: 104: Hoare triple {16414#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {16414#false} is VALID [2022-02-20 17:58:35,066 INFO L272 TraceCheckUtils]: 105: Hoare triple {16414#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {16496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:35,066 INFO L290 TraceCheckUtils]: 106: Hoare triple {16496#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {16413#true} is VALID [2022-02-20 17:58:35,066 INFO L290 TraceCheckUtils]: 107: Hoare triple {16413#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {16413#true} is VALID [2022-02-20 17:58:35,066 INFO L290 TraceCheckUtils]: 108: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,066 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {16413#true} {16414#false} #1189#return; {16414#false} is VALID [2022-02-20 17:58:35,066 INFO L290 TraceCheckUtils]: 110: Hoare triple {16414#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {16414#false} is VALID [2022-02-20 17:58:35,067 INFO L272 TraceCheckUtils]: 111: Hoare triple {16414#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {16413#true} is VALID [2022-02-20 17:58:35,067 INFO L290 TraceCheckUtils]: 112: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~29; {16413#true} is VALID [2022-02-20 17:58:35,067 INFO L290 TraceCheckUtils]: 113: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {16413#true} is VALID [2022-02-20 17:58:35,067 INFO L290 TraceCheckUtils]: 114: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,067 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {16413#true} {16414#false} #1191#return; {16414#false} is VALID [2022-02-20 17:58:35,067 INFO L290 TraceCheckUtils]: 116: Hoare triple {16414#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {16414#false} is VALID [2022-02-20 17:58:35,067 INFO L290 TraceCheckUtils]: 117: Hoare triple {16414#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {16414#false} is VALID [2022-02-20 17:58:35,068 INFO L272 TraceCheckUtils]: 118: Hoare triple {16414#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {16413#true} is VALID [2022-02-20 17:58:35,068 INFO L290 TraceCheckUtils]: 119: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~24; {16413#true} is VALID [2022-02-20 17:58:35,068 INFO L290 TraceCheckUtils]: 120: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {16413#true} is VALID [2022-02-20 17:58:35,068 INFO L290 TraceCheckUtils]: 121: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,068 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {16413#true} {16414#false} #1193#return; {16414#false} is VALID [2022-02-20 17:58:35,068 INFO L290 TraceCheckUtils]: 123: Hoare triple {16414#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {16414#false} is VALID [2022-02-20 17:58:35,068 INFO L272 TraceCheckUtils]: 124: Hoare triple {16414#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {16413#true} is VALID [2022-02-20 17:58:35,068 INFO L290 TraceCheckUtils]: 125: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~12; {16413#true} is VALID [2022-02-20 17:58:35,069 INFO L290 TraceCheckUtils]: 126: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {16413#true} is VALID [2022-02-20 17:58:35,069 INFO L290 TraceCheckUtils]: 127: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,069 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {16413#true} {16414#false} #1195#return; {16414#false} is VALID [2022-02-20 17:58:35,069 INFO L290 TraceCheckUtils]: 129: Hoare triple {16414#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {16414#false} is VALID [2022-02-20 17:58:35,069 INFO L290 TraceCheckUtils]: 130: Hoare triple {16414#false} assume !(0 != incoming_~privkey~0#1); {16414#false} is VALID [2022-02-20 17:58:35,069 INFO L290 TraceCheckUtils]: 131: Hoare triple {16414#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {16414#false} is VALID [2022-02-20 17:58:35,069 INFO L290 TraceCheckUtils]: 132: Hoare triple {16414#false} assume 1 == ~sent_signed~0; {16414#false} is VALID [2022-02-20 17:58:35,069 INFO L272 TraceCheckUtils]: 133: Hoare triple {16414#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {16413#true} is VALID [2022-02-20 17:58:35,069 INFO L290 TraceCheckUtils]: 134: Hoare triple {16413#true} ~handle := #in~handle;havoc ~retValue_acc~23; {16413#true} is VALID [2022-02-20 17:58:35,069 INFO L290 TraceCheckUtils]: 135: Hoare triple {16413#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {16413#true} is VALID [2022-02-20 17:58:35,070 INFO L290 TraceCheckUtils]: 136: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,070 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {16413#true} {16414#false} #1207#return; {16414#false} is VALID [2022-02-20 17:58:35,070 INFO L290 TraceCheckUtils]: 138: Hoare triple {16414#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {16414#false} is VALID [2022-02-20 17:58:35,070 INFO L272 TraceCheckUtils]: 139: Hoare triple {16414#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {16413#true} is VALID [2022-02-20 17:58:35,070 INFO L290 TraceCheckUtils]: 140: Hoare triple {16413#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {16413#true} is VALID [2022-02-20 17:58:35,070 INFO L290 TraceCheckUtils]: 141: Hoare triple {16413#true} assume 1 == ~handle; {16413#true} is VALID [2022-02-20 17:58:35,070 INFO L290 TraceCheckUtils]: 142: Hoare triple {16413#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {16413#true} is VALID [2022-02-20 17:58:35,070 INFO L290 TraceCheckUtils]: 143: Hoare triple {16413#true} assume true; {16413#true} is VALID [2022-02-20 17:58:35,070 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {16413#true} {16414#false} #1209#return; {16414#false} is VALID [2022-02-20 17:58:35,071 INFO L290 TraceCheckUtils]: 145: Hoare triple {16414#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {16414#false} is VALID [2022-02-20 17:58:35,071 INFO L290 TraceCheckUtils]: 146: Hoare triple {16414#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {16414#false} is VALID [2022-02-20 17:58:35,071 INFO L272 TraceCheckUtils]: 147: Hoare triple {16414#false} call __automaton_fail(); {16414#false} is VALID [2022-02-20 17:58:35,071 INFO L290 TraceCheckUtils]: 148: Hoare triple {16414#false} assume !false; {16414#false} is VALID [2022-02-20 17:58:35,072 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:35,072 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:35,072 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1830013868] [2022-02-20 17:58:35,072 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1830013868] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:35,072 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:35,072 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:58:35,073 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1746187851] [2022-02-20 17:58:35,073 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:35,073 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) Word has length 149 [2022-02-20 17:58:35,073 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:35,074 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:35,143 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 128 edges. 128 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:35,143 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:58:35,143 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:35,144 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:58:35,144 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:35,144 INFO L87 Difference]: Start difference. First operand 479 states and 738 transitions. Second operand has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:42,048 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:42,049 INFO L93 Difference]: Finished difference Result 1045 states and 1630 transitions. [2022-02-20 17:58:42,049 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:58:42,049 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) Word has length 149 [2022-02-20 17:58:42,050 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:42,050 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:42,063 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1394 transitions. [2022-02-20 17:58:42,063 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:42,074 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1394 transitions. [2022-02-20 17:58:42,075 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1394 transitions. [2022-02-20 17:58:43,195 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1394 edges. 1394 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:43,214 INFO L225 Difference]: With dead ends: 1045 [2022-02-20 17:58:43,215 INFO L226 Difference]: Without dead ends: 589 [2022-02-20 17:58:43,216 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 54 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:58:43,219 INFO L933 BasicCegarLoop]: 665 mSDtfsCounter, 1501 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 2192 mSolverCounterSat, 566 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1522 SdHoareTripleChecker+Valid, 1603 SdHoareTripleChecker+Invalid, 2758 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 566 IncrementalHoareTripleChecker+Valid, 2192 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:43,219 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1522 Valid, 1603 Invalid, 2758 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [566 Valid, 2192 Invalid, 0 Unknown, 0 Unchecked, 3.1s Time] [2022-02-20 17:58:43,220 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 589 states. [2022-02-20 17:58:43,323 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 589 to 479. [2022-02-20 17:58:43,323 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:43,325 INFO L82 GeneralOperation]: Start isEquivalent. First operand 589 states. Second operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) [2022-02-20 17:58:43,326 INFO L74 IsIncluded]: Start isIncluded. First operand 589 states. Second operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) [2022-02-20 17:58:43,327 INFO L87 Difference]: Start difference. First operand 589 states. Second operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) [2022-02-20 17:58:43,344 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:43,344 INFO L93 Difference]: Finished difference Result 589 states and 923 transitions. [2022-02-20 17:58:43,344 INFO L276 IsEmpty]: Start isEmpty. Operand 589 states and 923 transitions. [2022-02-20 17:58:43,347 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:43,347 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:43,348 INFO L74 IsIncluded]: Start isIncluded. First operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) Second operand 589 states. [2022-02-20 17:58:43,364 INFO L87 Difference]: Start difference. First operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) Second operand 589 states. [2022-02-20 17:58:43,381 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:43,381 INFO L93 Difference]: Finished difference Result 589 states and 923 transitions. [2022-02-20 17:58:43,382 INFO L276 IsEmpty]: Start isEmpty. Operand 589 states and 923 transitions. [2022-02-20 17:58:43,384 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:43,384 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:43,384 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:43,385 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:43,387 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 479 states, 366 states have (on average 1.5573770491803278) internal successors, (570), 373 states have internal predecessors, (570), 82 states have call successors, (82), 29 states have call predecessors, (82), 30 states have return successors, (85), 78 states have call predecessors, (85), 79 states have call successors, (85) [2022-02-20 17:58:43,401 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 479 states to 479 states and 737 transitions. [2022-02-20 17:58:43,402 INFO L78 Accepts]: Start accepts. Automaton has 479 states and 737 transitions. Word has length 149 [2022-02-20 17:58:43,402 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:43,402 INFO L470 AbstractCegarLoop]: Abstraction has 479 states and 737 transitions. [2022-02-20 17:58:43,402 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:43,403 INFO L276 IsEmpty]: Start isEmpty. Operand 479 states and 737 transitions. [2022-02-20 17:58:43,405 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 170 [2022-02-20 17:58:43,405 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:43,405 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:43,405 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:58:43,406 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:43,406 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:43,406 INFO L85 PathProgramCache]: Analyzing trace with hash -348459963, now seen corresponding path program 1 times [2022-02-20 17:58:43,406 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:43,406 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [863236820] [2022-02-20 17:58:43,406 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:43,406 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:43,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:43,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {19906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,477 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,477 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,477 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19813#true} #1245#return; {19813#true} is VALID [2022-02-20 17:58:43,481 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:43,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {19907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,485 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,485 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,485 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19813#true} #1247#return; {19813#true} is VALID [2022-02-20 17:58:43,485 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:43,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,488 INFO L290 TraceCheckUtils]: 0: Hoare triple {19906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,488 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume !(1 == ~handle); {19813#true} is VALID [2022-02-20 17:58:43,488 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,488 INFO L290 TraceCheckUtils]: 3: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,488 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19813#true} {19813#true} #1249#return; {19813#true} is VALID [2022-02-20 17:58:43,488 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:43,489 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {19907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume !(1 == ~handle); {19813#true} is VALID [2022-02-20 17:58:43,491 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,491 INFO L290 TraceCheckUtils]: 3: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,491 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19813#true} {19813#true} #1251#return; {19813#true} is VALID [2022-02-20 17:58:43,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:43,493 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,507 INFO L290 TraceCheckUtils]: 0: Hoare triple {19906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19908#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,508 INFO L290 TraceCheckUtils]: 1: Hoare triple {19908#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19908#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,508 INFO L290 TraceCheckUtils]: 2: Hoare triple {19908#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19909#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,508 INFO L290 TraceCheckUtils]: 3: Hoare triple {19909#(= 2 |setClientId_#in~handle|)} assume true; {19909#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,509 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19909#(= 2 |setClientId_#in~handle|)} {19833#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1253#return; {19814#false} is VALID [2022-02-20 17:58:43,509 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:58:43,510 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,512 INFO L290 TraceCheckUtils]: 0: Hoare triple {19907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,512 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,512 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,512 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1255#return; {19814#false} is VALID [2022-02-20 17:58:43,517 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:58:43,518 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,520 INFO L290 TraceCheckUtils]: 0: Hoare triple {19910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,520 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,521 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,521 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1231#return; {19814#false} is VALID [2022-02-20 17:58:43,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:58:43,529 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,531 INFO L290 TraceCheckUtils]: 0: Hoare triple {19911#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,531 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,531 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,531 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1233#return; {19814#false} is VALID [2022-02-20 17:58:43,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:58:43,532 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,533 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~12; {19813#true} is VALID [2022-02-20 17:58:43,533 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {19813#true} is VALID [2022-02-20 17:58:43,533 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,533 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1161#return; {19814#false} is VALID [2022-02-20 17:58:43,533 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:58:43,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~6; {19813#true} is VALID [2022-02-20 17:58:43,535 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {19813#true} is VALID [2022-02-20 17:58:43,535 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,535 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1163#return; {19814#false} is VALID [2022-02-20 17:58:43,535 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:58:43,536 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,537 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,537 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,537 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,537 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1165#return; {19814#false} is VALID [2022-02-20 17:58:43,538 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:58:43,538 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,539 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {19813#true} is VALID [2022-02-20 17:58:43,539 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle; {19813#true} is VALID [2022-02-20 17:58:43,539 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {19813#true} is VALID [2022-02-20 17:58:43,539 INFO L290 TraceCheckUtils]: 3: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,540 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19813#true} {19814#false} #1167#return; {19814#false} is VALID [2022-02-20 17:58:43,540 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:58:43,540 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,543 INFO L290 TraceCheckUtils]: 0: Hoare triple {19911#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,544 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,544 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,544 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1169#return; {19814#false} is VALID [2022-02-20 17:58:43,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:58:43,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,546 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,546 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1181#return; {19814#false} is VALID [2022-02-20 17:58:43,546 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:58:43,547 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,548 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {19813#true} is VALID [2022-02-20 17:58:43,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle; {19813#true} is VALID [2022-02-20 17:58:43,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {19813#true} is VALID [2022-02-20 17:58:43,548 INFO L290 TraceCheckUtils]: 3: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,548 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19813#true} {19814#false} #1183#return; {19814#false} is VALID [2022-02-20 17:58:43,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:58:43,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,550 INFO L290 TraceCheckUtils]: 0: Hoare triple {19910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,550 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,550 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,551 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1189#return; {19814#false} is VALID [2022-02-20 17:58:43,551 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:58:43,551 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,553 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~29; {19813#true} is VALID [2022-02-20 17:58:43,553 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {19813#true} is VALID [2022-02-20 17:58:43,553 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,553 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1191#return; {19814#false} is VALID [2022-02-20 17:58:43,553 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 17:58:43,553 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,555 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,555 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,555 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1193#return; {19814#false} is VALID [2022-02-20 17:58:43,555 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 17:58:43,555 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,557 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~12; {19813#true} is VALID [2022-02-20 17:58:43,557 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {19813#true} is VALID [2022-02-20 17:58:43,557 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,557 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1195#return; {19814#false} is VALID [2022-02-20 17:58:43,557 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 17:58:43,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~23; {19813#true} is VALID [2022-02-20 17:58:43,559 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {19813#true} is VALID [2022-02-20 17:58:43,559 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,559 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {19813#true} {19814#false} #1207#return; {19814#false} is VALID [2022-02-20 17:58:43,559 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 159 [2022-02-20 17:58:43,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {19813#true} is VALID [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume 1 == ~handle; {19813#true} is VALID [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {19813#true} is VALID [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 3: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,562 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {19813#true} {19814#false} #1209#return; {19814#false} is VALID [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 0: Hoare triple {19813#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {19813#true} is VALID [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {19813#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {19813#true} is VALID [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 2: Hoare triple {19813#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {19813#true} is VALID [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 3: Hoare triple {19813#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {19813#true} is VALID [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 4: Hoare triple {19813#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {19813#true} is VALID [2022-02-20 17:58:43,562 INFO L290 TraceCheckUtils]: 5: Hoare triple {19813#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {19813#true} is VALID [2022-02-20 17:58:43,563 INFO L272 TraceCheckUtils]: 6: Hoare triple {19813#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {19906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,563 INFO L290 TraceCheckUtils]: 7: Hoare triple {19906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,563 INFO L290 TraceCheckUtils]: 8: Hoare triple {19813#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,563 INFO L290 TraceCheckUtils]: 9: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,563 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {19813#true} {19813#true} #1245#return; {19813#true} is VALID [2022-02-20 17:58:43,563 INFO L290 TraceCheckUtils]: 11: Hoare triple {19813#true} assume { :end_inline_setup_bob__wrappee__Base } true; {19813#true} is VALID [2022-02-20 17:58:43,564 INFO L272 TraceCheckUtils]: 12: Hoare triple {19813#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {19907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,564 INFO L290 TraceCheckUtils]: 13: Hoare triple {19907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,564 INFO L290 TraceCheckUtils]: 14: Hoare triple {19813#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,564 INFO L290 TraceCheckUtils]: 15: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,564 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {19813#true} {19813#true} #1247#return; {19813#true} is VALID [2022-02-20 17:58:43,564 INFO L290 TraceCheckUtils]: 17: Hoare triple {19813#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {19813#true} is VALID [2022-02-20 17:58:43,564 INFO L272 TraceCheckUtils]: 18: Hoare triple {19813#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {19906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,564 INFO L290 TraceCheckUtils]: 19: Hoare triple {19906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,564 INFO L290 TraceCheckUtils]: 20: Hoare triple {19813#true} assume !(1 == ~handle); {19813#true} is VALID [2022-02-20 17:58:43,564 INFO L290 TraceCheckUtils]: 21: Hoare triple {19813#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,564 INFO L290 TraceCheckUtils]: 22: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,565 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {19813#true} {19813#true} #1249#return; {19813#true} is VALID [2022-02-20 17:58:43,565 INFO L290 TraceCheckUtils]: 24: Hoare triple {19813#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {19813#true} is VALID [2022-02-20 17:58:43,565 INFO L272 TraceCheckUtils]: 25: Hoare triple {19813#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {19907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,565 INFO L290 TraceCheckUtils]: 26: Hoare triple {19907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,565 INFO L290 TraceCheckUtils]: 27: Hoare triple {19813#true} assume !(1 == ~handle); {19813#true} is VALID [2022-02-20 17:58:43,565 INFO L290 TraceCheckUtils]: 28: Hoare triple {19813#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,565 INFO L290 TraceCheckUtils]: 29: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,565 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {19813#true} {19813#true} #1251#return; {19813#true} is VALID [2022-02-20 17:58:43,566 INFO L290 TraceCheckUtils]: 31: Hoare triple {19813#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {19833#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:43,566 INFO L272 TraceCheckUtils]: 32: Hoare triple {19833#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {19906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,566 INFO L290 TraceCheckUtils]: 33: Hoare triple {19906#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {19908#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,566 INFO L290 TraceCheckUtils]: 34: Hoare triple {19908#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {19908#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,567 INFO L290 TraceCheckUtils]: 35: Hoare triple {19908#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {19909#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,567 INFO L290 TraceCheckUtils]: 36: Hoare triple {19909#(= 2 |setClientId_#in~handle|)} assume true; {19909#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,567 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {19909#(= 2 |setClientId_#in~handle|)} {19833#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1253#return; {19814#false} is VALID [2022-02-20 17:58:43,567 INFO L290 TraceCheckUtils]: 38: Hoare triple {19814#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {19814#false} is VALID [2022-02-20 17:58:43,567 INFO L272 TraceCheckUtils]: 39: Hoare triple {19814#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {19907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 40: Hoare triple {19907#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 41: Hoare triple {19813#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 42: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,568 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {19813#true} {19814#false} #1255#return; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 44: Hoare triple {19814#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 45: Hoare triple {19814#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 46: Hoare triple {19814#false} assume !false; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 47: Hoare triple {19814#false} assume test_~splverifierCounter~0#1 < 4; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 48: Hoare triple {19814#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 49: Hoare triple {19814#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 50: Hoare triple {19814#false} assume !(0 != test_~tmp___9~0#1); {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 51: Hoare triple {19814#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 52: Hoare triple {19814#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 53: Hoare triple {19814#false} assume !false; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 54: Hoare triple {19814#false} assume !(test_~splverifierCounter~0#1 < 4); {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 55: Hoare triple {19814#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L272 TraceCheckUtils]: 56: Hoare triple {19814#false} call sendEmail(~bob~0, ~rjh~0); {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 57: Hoare triple {19814#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {19814#false} is VALID [2022-02-20 17:58:43,568 INFO L272 TraceCheckUtils]: 58: Hoare triple {19814#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {19910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 59: Hoare triple {19910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 60: Hoare triple {19813#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,568 INFO L290 TraceCheckUtils]: 61: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {19813#true} {19814#false} #1231#return; {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L272 TraceCheckUtils]: 63: Hoare triple {19814#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {19911#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 64: Hoare triple {19911#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 65: Hoare triple {19813#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 66: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {19813#true} {19814#false} #1233#return; {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 68: Hoare triple {19814#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 69: Hoare triple {19814#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L272 TraceCheckUtils]: 70: Hoare triple {19814#false} call outgoing(~sender#1, ~email~0#1); {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 71: Hoare triple {19814#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L272 TraceCheckUtils]: 72: Hoare triple {19814#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 73: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~12; {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 74: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 75: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {19813#true} {19814#false} #1161#return; {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 77: Hoare triple {19814#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 78: Hoare triple {19814#false} assume 0 == sign_~privkey~1#1; {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 79: Hoare triple {19814#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {19814#false} is VALID [2022-02-20 17:58:43,569 INFO L272 TraceCheckUtils]: 80: Hoare triple {19814#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 81: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~6; {19813#true} is VALID [2022-02-20 17:58:43,569 INFO L290 TraceCheckUtils]: 82: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 83: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {19813#true} {19814#false} #1163#return; {19814#false} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 85: Hoare triple {19814#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {19814#false} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 86: Hoare triple {19814#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {19814#false} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 87: Hoare triple {19814#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret88#1 := puts(35, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret88#1; {19814#false} is VALID [2022-02-20 17:58:43,570 INFO L272 TraceCheckUtils]: 88: Hoare triple {19814#false} call outgoing__wrappee__AddressBook_#t~ret89#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 89: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 90: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 91: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {19813#true} {19814#false} #1165#return; {19814#false} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 93: Hoare triple {19814#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~7#1 := outgoing__wrappee__AddressBook_#t~ret89#1;havoc outgoing__wrappee__AddressBook_#t~ret89#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~7#1;call outgoing__wrappee__AddressBook_#t~ret90#1 := puts(36, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret90#1; {19814#false} is VALID [2022-02-20 17:58:43,570 INFO L272 TraceCheckUtils]: 94: Hoare triple {19814#false} call outgoing__wrappee__AddressBook_#t~ret91#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 95: Hoare triple {19813#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 96: Hoare triple {19813#true} assume 1 == ~handle; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 97: Hoare triple {19813#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 98: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {19813#true} {19814#false} #1167#return; {19814#false} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 100: Hoare triple {19814#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret91#1 && outgoing__wrappee__AddressBook_#t~ret91#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~3#1 := outgoing__wrappee__AddressBook_#t~ret91#1;havoc outgoing__wrappee__AddressBook_#t~ret91#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~3#1; {19814#false} is VALID [2022-02-20 17:58:43,570 INFO L272 TraceCheckUtils]: 101: Hoare triple {19814#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {19911#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 102: Hoare triple {19911#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 103: Hoare triple {19813#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,570 INFO L290 TraceCheckUtils]: 104: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {19813#true} {19814#false} #1169#return; {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L272 TraceCheckUtils]: 106: Hoare triple {19814#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 107: Hoare triple {19814#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L272 TraceCheckUtils]: 108: Hoare triple {19814#false} call #t~ret85#1 := getEmailTo(~msg#1); {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 109: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 110: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 111: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {19813#true} {19814#false} #1181#return; {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 113: Hoare triple {19814#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L272 TraceCheckUtils]: 114: Hoare triple {19814#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 115: Hoare triple {19813#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 116: Hoare triple {19813#true} assume 1 == ~handle; {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 117: Hoare triple {19813#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 118: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,571 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {19813#true} {19814#false} #1183#return; {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 120: Hoare triple {19814#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 121: Hoare triple {19814#false} assume !(0 != ~pubkey~0#1); {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 122: Hoare triple {19814#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 123: Hoare triple {19814#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {19814#false} is VALID [2022-02-20 17:58:43,571 INFO L290 TraceCheckUtils]: 124: Hoare triple {19814#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {19814#false} is VALID [2022-02-20 17:58:43,572 INFO L272 TraceCheckUtils]: 125: Hoare triple {19814#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {19910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 126: Hoare triple {19910#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 127: Hoare triple {19813#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 128: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {19813#true} {19814#false} #1189#return; {19814#false} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 130: Hoare triple {19814#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {19814#false} is VALID [2022-02-20 17:58:43,572 INFO L272 TraceCheckUtils]: 131: Hoare triple {19814#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 132: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~29; {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 133: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 134: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {19813#true} {19814#false} #1191#return; {19814#false} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 136: Hoare triple {19814#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {19814#false} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 137: Hoare triple {19814#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {19814#false} is VALID [2022-02-20 17:58:43,572 INFO L272 TraceCheckUtils]: 138: Hoare triple {19814#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 139: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 140: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 141: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {19813#true} {19814#false} #1193#return; {19814#false} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 143: Hoare triple {19814#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {19814#false} is VALID [2022-02-20 17:58:43,572 INFO L272 TraceCheckUtils]: 144: Hoare triple {19814#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {19813#true} is VALID [2022-02-20 17:58:43,572 INFO L290 TraceCheckUtils]: 145: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~12; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 146: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 147: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {19813#true} {19814#false} #1195#return; {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 149: Hoare triple {19814#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 150: Hoare triple {19814#false} assume !(0 != incoming_~privkey~0#1); {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 151: Hoare triple {19814#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 152: Hoare triple {19814#false} assume 1 == ~sent_signed~0; {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L272 TraceCheckUtils]: 153: Hoare triple {19814#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 154: Hoare triple {19813#true} ~handle := #in~handle;havoc ~retValue_acc~23; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 155: Hoare triple {19813#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 156: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {19813#true} {19814#false} #1207#return; {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 158: Hoare triple {19814#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L272 TraceCheckUtils]: 159: Hoare triple {19814#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 160: Hoare triple {19813#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 161: Hoare triple {19813#true} assume 1 == ~handle; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 162: Hoare triple {19813#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 163: Hoare triple {19813#true} assume true; {19813#true} is VALID [2022-02-20 17:58:43,573 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {19813#true} {19814#false} #1209#return; {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 165: Hoare triple {19814#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L290 TraceCheckUtils]: 166: Hoare triple {19814#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {19814#false} is VALID [2022-02-20 17:58:43,573 INFO L272 TraceCheckUtils]: 167: Hoare triple {19814#false} call __automaton_fail(); {19814#false} is VALID [2022-02-20 17:58:43,574 INFO L290 TraceCheckUtils]: 168: Hoare triple {19814#false} assume !false; {19814#false} is VALID [2022-02-20 17:58:43,574 INFO L134 CoverageAnalysis]: Checked inductivity of 56 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 49 trivial. 0 not checked. [2022-02-20 17:58:43,574 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:43,574 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [863236820] [2022-02-20 17:58:43,574 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [863236820] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:43,574 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:43,574 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:58:43,574 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1461806819] [2022-02-20 17:58:43,574 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:43,575 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) Word has length 169 [2022-02-20 17:58:43,575 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:43,576 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:43,653 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 142 edges. 142 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:43,653 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:58:43,653 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:43,654 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:58:43,654 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:43,654 INFO L87 Difference]: Start difference. First operand 479 states and 737 transitions. Second operand has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:50,172 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:50,172 INFO L93 Difference]: Finished difference Result 1047 states and 1633 transitions. [2022-02-20 17:58:50,172 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:58:50,172 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) Word has length 169 [2022-02-20 17:58:50,173 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:50,173 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:50,187 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1395 transitions. [2022-02-20 17:58:50,188 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:50,199 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1395 transitions. [2022-02-20 17:58:50,200 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1395 transitions. [2022-02-20 17:58:51,299 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1395 edges. 1395 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:51,317 INFO L225 Difference]: With dead ends: 1047 [2022-02-20 17:58:51,317 INFO L226 Difference]: Without dead ends: 591 [2022-02-20 17:58:51,318 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 60 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:58:51,319 INFO L933 BasicCegarLoop]: 671 mSDtfsCounter, 1489 mSDsluCounter, 938 mSDsCounter, 0 mSdLazyCounter, 2239 mSolverCounterSat, 554 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1509 SdHoareTripleChecker+Valid, 1609 SdHoareTripleChecker+Invalid, 2793 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 554 IncrementalHoareTripleChecker+Valid, 2239 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:51,319 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1509 Valid, 1609 Invalid, 2793 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [554 Valid, 2239 Invalid, 0 Unknown, 0 Unchecked, 2.9s Time] [2022-02-20 17:58:51,320 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 591 states. [2022-02-20 17:58:51,420 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 591 to 481. [2022-02-20 17:58:51,420 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:51,421 INFO L82 GeneralOperation]: Start isEquivalent. First operand 591 states. Second operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) [2022-02-20 17:58:51,422 INFO L74 IsIncluded]: Start isIncluded. First operand 591 states. Second operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) [2022-02-20 17:58:51,422 INFO L87 Difference]: Start difference. First operand 591 states. Second operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) [2022-02-20 17:58:51,439 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:51,440 INFO L93 Difference]: Finished difference Result 591 states and 926 transitions. [2022-02-20 17:58:51,440 INFO L276 IsEmpty]: Start isEmpty. Operand 591 states and 926 transitions. [2022-02-20 17:58:51,442 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:51,442 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:51,443 INFO L74 IsIncluded]: Start isIncluded. First operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) Second operand 591 states. [2022-02-20 17:58:51,444 INFO L87 Difference]: Start difference. First operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) Second operand 591 states. [2022-02-20 17:58:51,461 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:51,462 INFO L93 Difference]: Finished difference Result 591 states and 926 transitions. [2022-02-20 17:58:51,462 INFO L276 IsEmpty]: Start isEmpty. Operand 591 states and 926 transitions. [2022-02-20 17:58:51,464 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:51,465 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:51,465 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:51,465 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:51,466 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (87), 78 states have call predecessors, (87), 79 states have call successors, (87) [2022-02-20 17:58:51,479 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 481 states to 481 states and 740 transitions. [2022-02-20 17:58:51,480 INFO L78 Accepts]: Start accepts. Automaton has 481 states and 740 transitions. Word has length 169 [2022-02-20 17:58:51,480 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:51,480 INFO L470 AbstractCegarLoop]: Abstraction has 481 states and 740 transitions. [2022-02-20 17:58:51,480 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:51,480 INFO L276 IsEmpty]: Start isEmpty. Operand 481 states and 740 transitions. [2022-02-20 17:58:51,482 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 171 [2022-02-20 17:58:51,482 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:51,482 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:51,483 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:58:51,483 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:51,483 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:51,483 INFO L85 PathProgramCache]: Analyzing trace with hash -1129871166, now seen corresponding path program 1 times [2022-02-20 17:58:51,483 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:51,483 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [240900795] [2022-02-20 17:58:51,483 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:51,484 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:51,511 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:51,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,539 INFO L290 TraceCheckUtils]: 0: Hoare triple {23330#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,539 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,539 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,539 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23235#true} #1245#return; {23235#true} is VALID [2022-02-20 17:58:51,544 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:51,546 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,547 INFO L290 TraceCheckUtils]: 0: Hoare triple {23331#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,548 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23235#true} #1247#return; {23235#true} is VALID [2022-02-20 17:58:51,548 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:51,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {23330#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,551 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume !(1 == ~handle); {23235#true} is VALID [2022-02-20 17:58:51,551 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,551 INFO L290 TraceCheckUtils]: 3: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,551 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23235#true} {23235#true} #1249#return; {23235#true} is VALID [2022-02-20 17:58:51,551 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:51,552 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,554 INFO L290 TraceCheckUtils]: 0: Hoare triple {23331#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,554 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume !(1 == ~handle); {23235#true} is VALID [2022-02-20 17:58:51,554 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,554 INFO L290 TraceCheckUtils]: 3: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,554 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23235#true} {23235#true} #1251#return; {23235#true} is VALID [2022-02-20 17:58:51,554 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:51,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,569 INFO L290 TraceCheckUtils]: 0: Hoare triple {23330#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23332#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,569 INFO L290 TraceCheckUtils]: 1: Hoare triple {23332#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23332#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,569 INFO L290 TraceCheckUtils]: 2: Hoare triple {23332#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23332#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,570 INFO L290 TraceCheckUtils]: 3: Hoare triple {23332#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23333#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,570 INFO L290 TraceCheckUtils]: 4: Hoare triple {23333#(= 3 |setClientId_#in~handle|)} assume true; {23333#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,570 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {23333#(= 3 |setClientId_#in~handle|)} {23255#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1253#return; {23262#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:58:51,571 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:58:51,572 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,586 INFO L290 TraceCheckUtils]: 0: Hoare triple {23331#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23334#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:51,586 INFO L290 TraceCheckUtils]: 1: Hoare triple {23334#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23335#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:51,586 INFO L290 TraceCheckUtils]: 2: Hoare triple {23335#(= |setClientPrivateKey_#in~handle| 1)} assume true; {23335#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:51,587 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23335#(= |setClientPrivateKey_#in~handle| 1)} {23262#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1255#return; {23236#false} is VALID [2022-02-20 17:58:51,594 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:58:51,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,597 INFO L290 TraceCheckUtils]: 0: Hoare triple {23336#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,597 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,597 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,597 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1231#return; {23236#false} is VALID [2022-02-20 17:58:51,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:58:51,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,609 INFO L290 TraceCheckUtils]: 0: Hoare triple {23337#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,609 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,609 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,609 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1233#return; {23236#false} is VALID [2022-02-20 17:58:51,609 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:58:51,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~12; {23235#true} is VALID [2022-02-20 17:58:51,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {23235#true} is VALID [2022-02-20 17:58:51,612 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,612 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1161#return; {23236#false} is VALID [2022-02-20 17:58:51,612 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:58:51,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~6; {23235#true} is VALID [2022-02-20 17:58:51,614 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {23235#true} is VALID [2022-02-20 17:58:51,614 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,614 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1163#return; {23236#false} is VALID [2022-02-20 17:58:51,614 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:58:51,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,616 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,616 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,616 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,616 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1165#return; {23236#false} is VALID [2022-02-20 17:58:51,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:58:51,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {23235#true} is VALID [2022-02-20 17:58:51,618 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle; {23235#true} is VALID [2022-02-20 17:58:51,618 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {23235#true} is VALID [2022-02-20 17:58:51,619 INFO L290 TraceCheckUtils]: 3: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,619 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23235#true} {23236#false} #1167#return; {23236#false} is VALID [2022-02-20 17:58:51,619 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:58:51,619 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,621 INFO L290 TraceCheckUtils]: 0: Hoare triple {23337#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,621 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,621 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,621 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1169#return; {23236#false} is VALID [2022-02-20 17:58:51,621 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:58:51,622 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,624 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,624 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,624 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,624 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1181#return; {23236#false} is VALID [2022-02-20 17:58:51,624 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:51,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {23235#true} is VALID [2022-02-20 17:58:51,626 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle; {23235#true} is VALID [2022-02-20 17:58:51,626 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {23235#true} is VALID [2022-02-20 17:58:51,626 INFO L290 TraceCheckUtils]: 3: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,627 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23235#true} {23236#false} #1183#return; {23236#false} is VALID [2022-02-20 17:58:51,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 17:58:51,627 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,629 INFO L290 TraceCheckUtils]: 0: Hoare triple {23336#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,629 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,629 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,629 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1189#return; {23236#false} is VALID [2022-02-20 17:58:51,630 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 17:58:51,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,631 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~29; {23235#true} is VALID [2022-02-20 17:58:51,632 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {23235#true} is VALID [2022-02-20 17:58:51,632 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,632 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1191#return; {23236#false} is VALID [2022-02-20 17:58:51,632 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 139 [2022-02-20 17:58:51,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,634 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,634 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,634 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,634 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1193#return; {23236#false} is VALID [2022-02-20 17:58:51,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 145 [2022-02-20 17:58:51,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,636 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~12; {23235#true} is VALID [2022-02-20 17:58:51,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {23235#true} is VALID [2022-02-20 17:58:51,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,636 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1195#return; {23236#false} is VALID [2022-02-20 17:58:51,636 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 154 [2022-02-20 17:58:51,637 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,639 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~23; {23235#true} is VALID [2022-02-20 17:58:51,639 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {23235#true} is VALID [2022-02-20 17:58:51,640 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,640 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23235#true} {23236#false} #1207#return; {23236#false} is VALID [2022-02-20 17:58:51,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 160 [2022-02-20 17:58:51,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,642 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {23235#true} is VALID [2022-02-20 17:58:51,642 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume 1 == ~handle; {23235#true} is VALID [2022-02-20 17:58:51,642 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {23235#true} is VALID [2022-02-20 17:58:51,642 INFO L290 TraceCheckUtils]: 3: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,642 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23235#true} {23236#false} #1209#return; {23236#false} is VALID [2022-02-20 17:58:51,642 INFO L290 TraceCheckUtils]: 0: Hoare triple {23235#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {23235#true} is VALID [2022-02-20 17:58:51,643 INFO L290 TraceCheckUtils]: 1: Hoare triple {23235#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {23235#true} is VALID [2022-02-20 17:58:51,643 INFO L290 TraceCheckUtils]: 2: Hoare triple {23235#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23235#true} is VALID [2022-02-20 17:58:51,643 INFO L290 TraceCheckUtils]: 3: Hoare triple {23235#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {23235#true} is VALID [2022-02-20 17:58:51,643 INFO L290 TraceCheckUtils]: 4: Hoare triple {23235#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {23235#true} is VALID [2022-02-20 17:58:51,643 INFO L290 TraceCheckUtils]: 5: Hoare triple {23235#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {23235#true} is VALID [2022-02-20 17:58:51,644 INFO L272 TraceCheckUtils]: 6: Hoare triple {23235#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {23330#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:51,644 INFO L290 TraceCheckUtils]: 7: Hoare triple {23330#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,644 INFO L290 TraceCheckUtils]: 8: Hoare triple {23235#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,644 INFO L290 TraceCheckUtils]: 9: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,644 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {23235#true} {23235#true} #1245#return; {23235#true} is VALID [2022-02-20 17:58:51,644 INFO L290 TraceCheckUtils]: 11: Hoare triple {23235#true} assume { :end_inline_setup_bob__wrappee__Base } true; {23235#true} is VALID [2022-02-20 17:58:51,645 INFO L272 TraceCheckUtils]: 12: Hoare triple {23235#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {23331#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:51,645 INFO L290 TraceCheckUtils]: 13: Hoare triple {23331#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,645 INFO L290 TraceCheckUtils]: 14: Hoare triple {23235#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,645 INFO L290 TraceCheckUtils]: 15: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,645 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {23235#true} {23235#true} #1247#return; {23235#true} is VALID [2022-02-20 17:58:51,645 INFO L290 TraceCheckUtils]: 17: Hoare triple {23235#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {23235#true} is VALID [2022-02-20 17:58:51,646 INFO L272 TraceCheckUtils]: 18: Hoare triple {23235#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {23330#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:51,646 INFO L290 TraceCheckUtils]: 19: Hoare triple {23330#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,646 INFO L290 TraceCheckUtils]: 20: Hoare triple {23235#true} assume !(1 == ~handle); {23235#true} is VALID [2022-02-20 17:58:51,646 INFO L290 TraceCheckUtils]: 21: Hoare triple {23235#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,646 INFO L290 TraceCheckUtils]: 22: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,646 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {23235#true} {23235#true} #1249#return; {23235#true} is VALID [2022-02-20 17:58:51,646 INFO L290 TraceCheckUtils]: 24: Hoare triple {23235#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {23235#true} is VALID [2022-02-20 17:58:51,647 INFO L272 TraceCheckUtils]: 25: Hoare triple {23235#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {23331#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:51,647 INFO L290 TraceCheckUtils]: 26: Hoare triple {23331#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,647 INFO L290 TraceCheckUtils]: 27: Hoare triple {23235#true} assume !(1 == ~handle); {23235#true} is VALID [2022-02-20 17:58:51,647 INFO L290 TraceCheckUtils]: 28: Hoare triple {23235#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,647 INFO L290 TraceCheckUtils]: 29: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,647 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {23235#true} {23235#true} #1251#return; {23235#true} is VALID [2022-02-20 17:58:51,648 INFO L290 TraceCheckUtils]: 31: Hoare triple {23235#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {23255#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:51,648 INFO L272 TraceCheckUtils]: 32: Hoare triple {23255#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {23330#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:51,649 INFO L290 TraceCheckUtils]: 33: Hoare triple {23330#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23332#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,649 INFO L290 TraceCheckUtils]: 34: Hoare triple {23332#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23332#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,649 INFO L290 TraceCheckUtils]: 35: Hoare triple {23332#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23332#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,650 INFO L290 TraceCheckUtils]: 36: Hoare triple {23332#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23333#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,650 INFO L290 TraceCheckUtils]: 37: Hoare triple {23333#(= 3 |setClientId_#in~handle|)} assume true; {23333#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,650 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {23333#(= 3 |setClientId_#in~handle|)} {23255#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1253#return; {23262#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:58:51,651 INFO L290 TraceCheckUtils]: 39: Hoare triple {23262#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {23262#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:58:51,651 INFO L272 TraceCheckUtils]: 40: Hoare triple {23262#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {23331#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:51,651 INFO L290 TraceCheckUtils]: 41: Hoare triple {23331#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23334#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:51,652 INFO L290 TraceCheckUtils]: 42: Hoare triple {23334#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23335#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:51,652 INFO L290 TraceCheckUtils]: 43: Hoare triple {23335#(= |setClientPrivateKey_#in~handle| 1)} assume true; {23335#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:51,652 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {23335#(= |setClientPrivateKey_#in~handle| 1)} {23262#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1255#return; {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 45: Hoare triple {23236#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 46: Hoare triple {23236#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 47: Hoare triple {23236#false} assume !false; {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 48: Hoare triple {23236#false} assume test_~splverifierCounter~0#1 < 4; {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 49: Hoare triple {23236#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 50: Hoare triple {23236#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 51: Hoare triple {23236#false} assume !(0 != test_~tmp___9~0#1); {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 52: Hoare triple {23236#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 53: Hoare triple {23236#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {23236#false} is VALID [2022-02-20 17:58:51,653 INFO L290 TraceCheckUtils]: 54: Hoare triple {23236#false} assume !false; {23236#false} is VALID [2022-02-20 17:58:51,654 INFO L290 TraceCheckUtils]: 55: Hoare triple {23236#false} assume !(test_~splverifierCounter~0#1 < 4); {23236#false} is VALID [2022-02-20 17:58:51,654 INFO L290 TraceCheckUtils]: 56: Hoare triple {23236#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {23236#false} is VALID [2022-02-20 17:58:51,654 INFO L272 TraceCheckUtils]: 57: Hoare triple {23236#false} call sendEmail(~bob~0, ~rjh~0); {23236#false} is VALID [2022-02-20 17:58:51,654 INFO L290 TraceCheckUtils]: 58: Hoare triple {23236#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {23236#false} is VALID [2022-02-20 17:58:51,654 INFO L272 TraceCheckUtils]: 59: Hoare triple {23236#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {23336#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:51,654 INFO L290 TraceCheckUtils]: 60: Hoare triple {23336#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,654 INFO L290 TraceCheckUtils]: 61: Hoare triple {23235#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,654 INFO L290 TraceCheckUtils]: 62: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,654 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {23235#true} {23236#false} #1231#return; {23236#false} is VALID [2022-02-20 17:58:51,655 INFO L272 TraceCheckUtils]: 64: Hoare triple {23236#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {23337#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:51,655 INFO L290 TraceCheckUtils]: 65: Hoare triple {23337#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,655 INFO L290 TraceCheckUtils]: 66: Hoare triple {23235#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,655 INFO L290 TraceCheckUtils]: 67: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,655 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {23235#true} {23236#false} #1233#return; {23236#false} is VALID [2022-02-20 17:58:51,655 INFO L290 TraceCheckUtils]: 69: Hoare triple {23236#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {23236#false} is VALID [2022-02-20 17:58:51,655 INFO L290 TraceCheckUtils]: 70: Hoare triple {23236#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {23236#false} is VALID [2022-02-20 17:58:51,655 INFO L272 TraceCheckUtils]: 71: Hoare triple {23236#false} call outgoing(~sender#1, ~email~0#1); {23236#false} is VALID [2022-02-20 17:58:51,655 INFO L290 TraceCheckUtils]: 72: Hoare triple {23236#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {23236#false} is VALID [2022-02-20 17:58:51,656 INFO L272 TraceCheckUtils]: 73: Hoare triple {23236#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {23235#true} is VALID [2022-02-20 17:58:51,656 INFO L290 TraceCheckUtils]: 74: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~12; {23235#true} is VALID [2022-02-20 17:58:51,656 INFO L290 TraceCheckUtils]: 75: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {23235#true} is VALID [2022-02-20 17:58:51,656 INFO L290 TraceCheckUtils]: 76: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,656 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {23235#true} {23236#false} #1161#return; {23236#false} is VALID [2022-02-20 17:58:51,656 INFO L290 TraceCheckUtils]: 78: Hoare triple {23236#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {23236#false} is VALID [2022-02-20 17:58:51,656 INFO L290 TraceCheckUtils]: 79: Hoare triple {23236#false} assume 0 == sign_~privkey~1#1; {23236#false} is VALID [2022-02-20 17:58:51,656 INFO L290 TraceCheckUtils]: 80: Hoare triple {23236#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {23236#false} is VALID [2022-02-20 17:58:51,656 INFO L272 TraceCheckUtils]: 81: Hoare triple {23236#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {23235#true} is VALID [2022-02-20 17:58:51,656 INFO L290 TraceCheckUtils]: 82: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~6; {23235#true} is VALID [2022-02-20 17:58:51,657 INFO L290 TraceCheckUtils]: 83: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {23235#true} is VALID [2022-02-20 17:58:51,657 INFO L290 TraceCheckUtils]: 84: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,657 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {23235#true} {23236#false} #1163#return; {23236#false} is VALID [2022-02-20 17:58:51,657 INFO L290 TraceCheckUtils]: 86: Hoare triple {23236#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {23236#false} is VALID [2022-02-20 17:58:51,657 INFO L290 TraceCheckUtils]: 87: Hoare triple {23236#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {23236#false} is VALID [2022-02-20 17:58:51,657 INFO L290 TraceCheckUtils]: 88: Hoare triple {23236#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret88#1 := puts(35, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret88#1; {23236#false} is VALID [2022-02-20 17:58:51,657 INFO L272 TraceCheckUtils]: 89: Hoare triple {23236#false} call outgoing__wrappee__AddressBook_#t~ret89#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {23235#true} is VALID [2022-02-20 17:58:51,657 INFO L290 TraceCheckUtils]: 90: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,657 INFO L290 TraceCheckUtils]: 91: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,658 INFO L290 TraceCheckUtils]: 92: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,658 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {23235#true} {23236#false} #1165#return; {23236#false} is VALID [2022-02-20 17:58:51,658 INFO L290 TraceCheckUtils]: 94: Hoare triple {23236#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~7#1 := outgoing__wrappee__AddressBook_#t~ret89#1;havoc outgoing__wrappee__AddressBook_#t~ret89#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~7#1;call outgoing__wrappee__AddressBook_#t~ret90#1 := puts(36, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret90#1; {23236#false} is VALID [2022-02-20 17:58:51,658 INFO L272 TraceCheckUtils]: 95: Hoare triple {23236#false} call outgoing__wrappee__AddressBook_#t~ret91#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {23235#true} is VALID [2022-02-20 17:58:51,658 INFO L290 TraceCheckUtils]: 96: Hoare triple {23235#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {23235#true} is VALID [2022-02-20 17:58:51,658 INFO L290 TraceCheckUtils]: 97: Hoare triple {23235#true} assume 1 == ~handle; {23235#true} is VALID [2022-02-20 17:58:51,658 INFO L290 TraceCheckUtils]: 98: Hoare triple {23235#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {23235#true} is VALID [2022-02-20 17:58:51,658 INFO L290 TraceCheckUtils]: 99: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,658 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {23235#true} {23236#false} #1167#return; {23236#false} is VALID [2022-02-20 17:58:51,658 INFO L290 TraceCheckUtils]: 101: Hoare triple {23236#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret91#1 && outgoing__wrappee__AddressBook_#t~ret91#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~3#1 := outgoing__wrappee__AddressBook_#t~ret91#1;havoc outgoing__wrappee__AddressBook_#t~ret91#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~3#1; {23236#false} is VALID [2022-02-20 17:58:51,659 INFO L272 TraceCheckUtils]: 102: Hoare triple {23236#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {23337#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:51,659 INFO L290 TraceCheckUtils]: 103: Hoare triple {23337#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,659 INFO L290 TraceCheckUtils]: 104: Hoare triple {23235#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,659 INFO L290 TraceCheckUtils]: 105: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,659 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {23235#true} {23236#false} #1169#return; {23236#false} is VALID [2022-02-20 17:58:51,659 INFO L272 TraceCheckUtils]: 107: Hoare triple {23236#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {23236#false} is VALID [2022-02-20 17:58:51,659 INFO L290 TraceCheckUtils]: 108: Hoare triple {23236#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {23236#false} is VALID [2022-02-20 17:58:51,659 INFO L272 TraceCheckUtils]: 109: Hoare triple {23236#false} call #t~ret85#1 := getEmailTo(~msg#1); {23235#true} is VALID [2022-02-20 17:58:51,659 INFO L290 TraceCheckUtils]: 110: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,659 INFO L290 TraceCheckUtils]: 111: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 112: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,660 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {23235#true} {23236#false} #1181#return; {23236#false} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 114: Hoare triple {23236#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {23236#false} is VALID [2022-02-20 17:58:51,660 INFO L272 TraceCheckUtils]: 115: Hoare triple {23236#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {23235#true} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 116: Hoare triple {23235#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {23235#true} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 117: Hoare triple {23235#true} assume 1 == ~handle; {23235#true} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 118: Hoare triple {23235#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {23235#true} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 119: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,660 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {23235#true} {23236#false} #1183#return; {23236#false} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 121: Hoare triple {23236#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {23236#false} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 122: Hoare triple {23236#false} assume !(0 != ~pubkey~0#1); {23236#false} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 123: Hoare triple {23236#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {23236#false} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 124: Hoare triple {23236#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {23236#false} is VALID [2022-02-20 17:58:51,660 INFO L290 TraceCheckUtils]: 125: Hoare triple {23236#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {23236#false} is VALID [2022-02-20 17:58:51,660 INFO L272 TraceCheckUtils]: 126: Hoare triple {23236#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {23336#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:51,661 INFO L290 TraceCheckUtils]: 127: Hoare triple {23336#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23235#true} is VALID [2022-02-20 17:58:51,661 INFO L290 TraceCheckUtils]: 128: Hoare triple {23235#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23235#true} is VALID [2022-02-20 17:58:51,661 INFO L290 TraceCheckUtils]: 129: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,661 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {23235#true} {23236#false} #1189#return; {23236#false} is VALID [2022-02-20 17:58:51,662 INFO L290 TraceCheckUtils]: 131: Hoare triple {23236#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {23236#false} is VALID [2022-02-20 17:58:51,662 INFO L272 TraceCheckUtils]: 132: Hoare triple {23236#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {23235#true} is VALID [2022-02-20 17:58:51,662 INFO L290 TraceCheckUtils]: 133: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~29; {23235#true} is VALID [2022-02-20 17:58:51,662 INFO L290 TraceCheckUtils]: 134: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {23235#true} is VALID [2022-02-20 17:58:51,662 INFO L290 TraceCheckUtils]: 135: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,662 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {23235#true} {23236#false} #1191#return; {23236#false} is VALID [2022-02-20 17:58:51,662 INFO L290 TraceCheckUtils]: 137: Hoare triple {23236#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {23236#false} is VALID [2022-02-20 17:58:51,662 INFO L290 TraceCheckUtils]: 138: Hoare triple {23236#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {23236#false} is VALID [2022-02-20 17:58:51,662 INFO L272 TraceCheckUtils]: 139: Hoare triple {23236#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {23235#true} is VALID [2022-02-20 17:58:51,662 INFO L290 TraceCheckUtils]: 140: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,663 INFO L290 TraceCheckUtils]: 141: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {23235#true} is VALID [2022-02-20 17:58:51,663 INFO L290 TraceCheckUtils]: 142: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,663 INFO L284 TraceCheckUtils]: 143: Hoare quadruple {23235#true} {23236#false} #1193#return; {23236#false} is VALID [2022-02-20 17:58:51,663 INFO L290 TraceCheckUtils]: 144: Hoare triple {23236#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {23236#false} is VALID [2022-02-20 17:58:51,663 INFO L272 TraceCheckUtils]: 145: Hoare triple {23236#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {23235#true} is VALID [2022-02-20 17:58:51,663 INFO L290 TraceCheckUtils]: 146: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~12; {23235#true} is VALID [2022-02-20 17:58:51,663 INFO L290 TraceCheckUtils]: 147: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {23235#true} is VALID [2022-02-20 17:58:51,663 INFO L290 TraceCheckUtils]: 148: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,663 INFO L284 TraceCheckUtils]: 149: Hoare quadruple {23235#true} {23236#false} #1195#return; {23236#false} is VALID [2022-02-20 17:58:51,664 INFO L290 TraceCheckUtils]: 150: Hoare triple {23236#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {23236#false} is VALID [2022-02-20 17:58:51,664 INFO L290 TraceCheckUtils]: 151: Hoare triple {23236#false} assume !(0 != incoming_~privkey~0#1); {23236#false} is VALID [2022-02-20 17:58:51,664 INFO L290 TraceCheckUtils]: 152: Hoare triple {23236#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {23236#false} is VALID [2022-02-20 17:58:51,664 INFO L290 TraceCheckUtils]: 153: Hoare triple {23236#false} assume 1 == ~sent_signed~0; {23236#false} is VALID [2022-02-20 17:58:51,664 INFO L272 TraceCheckUtils]: 154: Hoare triple {23236#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {23235#true} is VALID [2022-02-20 17:58:51,664 INFO L290 TraceCheckUtils]: 155: Hoare triple {23235#true} ~handle := #in~handle;havoc ~retValue_acc~23; {23235#true} is VALID [2022-02-20 17:58:51,664 INFO L290 TraceCheckUtils]: 156: Hoare triple {23235#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {23235#true} is VALID [2022-02-20 17:58:51,664 INFO L290 TraceCheckUtils]: 157: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,664 INFO L284 TraceCheckUtils]: 158: Hoare quadruple {23235#true} {23236#false} #1207#return; {23236#false} is VALID [2022-02-20 17:58:51,664 INFO L290 TraceCheckUtils]: 159: Hoare triple {23236#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {23236#false} is VALID [2022-02-20 17:58:51,665 INFO L272 TraceCheckUtils]: 160: Hoare triple {23236#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {23235#true} is VALID [2022-02-20 17:58:51,665 INFO L290 TraceCheckUtils]: 161: Hoare triple {23235#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {23235#true} is VALID [2022-02-20 17:58:51,665 INFO L290 TraceCheckUtils]: 162: Hoare triple {23235#true} assume 1 == ~handle; {23235#true} is VALID [2022-02-20 17:58:51,665 INFO L290 TraceCheckUtils]: 163: Hoare triple {23235#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {23235#true} is VALID [2022-02-20 17:58:51,665 INFO L290 TraceCheckUtils]: 164: Hoare triple {23235#true} assume true; {23235#true} is VALID [2022-02-20 17:58:51,665 INFO L284 TraceCheckUtils]: 165: Hoare quadruple {23235#true} {23236#false} #1209#return; {23236#false} is VALID [2022-02-20 17:58:51,665 INFO L290 TraceCheckUtils]: 166: Hoare triple {23236#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {23236#false} is VALID [2022-02-20 17:58:51,665 INFO L290 TraceCheckUtils]: 167: Hoare triple {23236#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {23236#false} is VALID [2022-02-20 17:58:51,665 INFO L272 TraceCheckUtils]: 168: Hoare triple {23236#false} call __automaton_fail(); {23236#false} is VALID [2022-02-20 17:58:51,666 INFO L290 TraceCheckUtils]: 169: Hoare triple {23236#false} assume !false; {23236#false} is VALID [2022-02-20 17:58:51,666 INFO L134 CoverageAnalysis]: Checked inductivity of 56 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 43 trivial. 0 not checked. [2022-02-20 17:58:51,666 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:51,666 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [240900795] [2022-02-20 17:58:51,666 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [240900795] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:51,666 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:51,667 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:58:51,667 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [240633114] [2022-02-20 17:58:51,667 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:51,667 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 9.090909090909092) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 170 [2022-02-20 17:58:51,668 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:51,668 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 9.090909090909092) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:58:51,750 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 146 edges. 146 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:51,750 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:58:51,750 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:51,750 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:58:51,750 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:51,751 INFO L87 Difference]: Start difference. First operand 481 states and 740 transitions. Second operand has 12 states, 11 states have (on average 9.090909090909092) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:59:01,617 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:01,617 INFO L93 Difference]: Finished difference Result 1045 states and 1628 transitions. [2022-02-20 17:59:01,617 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:59:01,618 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 9.090909090909092) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 170 [2022-02-20 17:59:01,618 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:01,618 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 9.090909090909092) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:59:01,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1396 transitions. [2022-02-20 17:59:01,629 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 9.090909090909092) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:59:01,639 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1396 transitions. [2022-02-20 17:59:01,639 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1396 transitions. [2022-02-20 17:59:02,721 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1396 edges. 1396 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:02,739 INFO L225 Difference]: With dead ends: 1045 [2022-02-20 17:59:02,739 INFO L226 Difference]: Without dead ends: 591 [2022-02-20 17:59:02,740 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 67 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:59:02,741 INFO L933 BasicCegarLoop]: 650 mSDtfsCounter, 1625 mSDsluCounter, 1302 mSDsCounter, 0 mSdLazyCounter, 4056 mSolverCounterSat, 613 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1625 SdHoareTripleChecker+Valid, 1952 SdHoareTripleChecker+Invalid, 4669 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 613 IncrementalHoareTripleChecker+Valid, 4056 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:02,741 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1625 Valid, 1952 Invalid, 4669 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [613 Valid, 4056 Invalid, 0 Unknown, 0 Unchecked, 4.6s Time] [2022-02-20 17:59:02,742 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 591 states. [2022-02-20 17:59:02,828 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 591 to 481. [2022-02-20 17:59:02,828 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:02,835 INFO L82 GeneralOperation]: Start isEquivalent. First operand 591 states. Second operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 17:59:02,835 INFO L74 IsIncluded]: Start isIncluded. First operand 591 states. Second operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 17:59:02,837 INFO L87 Difference]: Start difference. First operand 591 states. Second operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 17:59:02,855 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:02,856 INFO L93 Difference]: Finished difference Result 591 states and 925 transitions. [2022-02-20 17:59:02,856 INFO L276 IsEmpty]: Start isEmpty. Operand 591 states and 925 transitions. [2022-02-20 17:59:02,858 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:02,858 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:02,859 INFO L74 IsIncluded]: Start isIncluded. First operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) Second operand 591 states. [2022-02-20 17:59:02,859 INFO L87 Difference]: Start difference. First operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) Second operand 591 states. [2022-02-20 17:59:02,878 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:02,879 INFO L93 Difference]: Finished difference Result 591 states and 925 transitions. [2022-02-20 17:59:02,879 INFO L276 IsEmpty]: Start isEmpty. Operand 591 states and 925 transitions. [2022-02-20 17:59:02,881 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:02,881 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:02,881 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:02,881 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:02,882 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 481 states, 367 states have (on average 1.555858310626703) internal successors, (571), 375 states have internal predecessors, (571), 82 states have call successors, (82), 29 states have call predecessors, (82), 31 states have return successors, (86), 78 states have call predecessors, (86), 79 states have call successors, (86) [2022-02-20 17:59:02,896 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 481 states to 481 states and 739 transitions. [2022-02-20 17:59:02,896 INFO L78 Accepts]: Start accepts. Automaton has 481 states and 739 transitions. Word has length 170 [2022-02-20 17:59:02,896 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:02,896 INFO L470 AbstractCegarLoop]: Abstraction has 481 states and 739 transitions. [2022-02-20 17:59:02,897 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 9.090909090909092) internal successors, (100), 8 states have internal predecessors, (100), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:59:02,897 INFO L276 IsEmpty]: Start isEmpty. Operand 481 states and 739 transitions. [2022-02-20 17:59:02,898 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 172 [2022-02-20 17:59:02,898 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:02,899 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:02,899 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:59:02,899 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:02,899 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:02,899 INFO L85 PathProgramCache]: Analyzing trace with hash -343594026, now seen corresponding path program 2 times [2022-02-20 17:59:02,899 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:02,899 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [666359033] [2022-02-20 17:59:02,900 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:02,900 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:02,925 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:02,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {26762#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:02,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:02,949 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:02,949 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26666#true} #1245#return; {26666#true} is VALID [2022-02-20 17:59:02,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:02,955 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,956 INFO L290 TraceCheckUtils]: 0: Hoare triple {26763#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:02,956 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:02,956 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:02,956 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26666#true} #1247#return; {26666#true} is VALID [2022-02-20 17:59:02,956 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:02,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,958 INFO L290 TraceCheckUtils]: 0: Hoare triple {26762#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:02,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume !(1 == ~handle); {26666#true} is VALID [2022-02-20 17:59:02,959 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:02,959 INFO L290 TraceCheckUtils]: 3: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:02,959 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26666#true} {26666#true} #1249#return; {26666#true} is VALID [2022-02-20 17:59:02,959 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:02,966 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {26763#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:02,968 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume !(1 == ~handle); {26666#true} is VALID [2022-02-20 17:59:02,968 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:02,968 INFO L290 TraceCheckUtils]: 3: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:02,968 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26666#true} {26666#true} #1251#return; {26666#true} is VALID [2022-02-20 17:59:02,968 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:02,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,981 INFO L290 TraceCheckUtils]: 0: Hoare triple {26762#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26764#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:02,982 INFO L290 TraceCheckUtils]: 1: Hoare triple {26764#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26764#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:02,982 INFO L290 TraceCheckUtils]: 2: Hoare triple {26764#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26764#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:02,982 INFO L290 TraceCheckUtils]: 3: Hoare triple {26764#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26765#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:02,982 INFO L290 TraceCheckUtils]: 4: Hoare triple {26765#(= 3 |setClientId_#in~handle|)} assume true; {26765#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:02,983 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {26765#(= 3 |setClientId_#in~handle|)} {26686#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1253#return; {26693#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:02,983 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:02,984 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,996 INFO L290 TraceCheckUtils]: 0: Hoare triple {26763#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26766#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:02,997 INFO L290 TraceCheckUtils]: 1: Hoare triple {26766#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {26766#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:02,997 INFO L290 TraceCheckUtils]: 2: Hoare triple {26766#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26767#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:02,997 INFO L290 TraceCheckUtils]: 3: Hoare triple {26767#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {26767#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:02,998 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26767#(= 2 |setClientPrivateKey_#in~handle|)} {26693#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1255#return; {26667#false} is VALID [2022-02-20 17:59:03,004 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:59:03,005 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,006 INFO L290 TraceCheckUtils]: 0: Hoare triple {26768#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,006 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,006 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,006 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1231#return; {26667#false} is VALID [2022-02-20 17:59:03,013 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:59:03,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,015 INFO L290 TraceCheckUtils]: 0: Hoare triple {26769#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,015 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,015 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,015 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1233#return; {26667#false} is VALID [2022-02-20 17:59:03,015 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:59:03,016 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,017 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~12; {26666#true} is VALID [2022-02-20 17:59:03,017 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {26666#true} is VALID [2022-02-20 17:59:03,017 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,017 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1161#return; {26667#false} is VALID [2022-02-20 17:59:03,017 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:59:03,018 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,019 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~6; {26666#true} is VALID [2022-02-20 17:59:03,019 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {26666#true} is VALID [2022-02-20 17:59:03,019 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,019 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1163#return; {26667#false} is VALID [2022-02-20 17:59:03,019 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:59:03,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,021 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,021 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1165#return; {26667#false} is VALID [2022-02-20 17:59:03,021 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:59:03,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,023 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {26666#true} is VALID [2022-02-20 17:59:03,023 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle; {26666#true} is VALID [2022-02-20 17:59:03,023 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {26666#true} is VALID [2022-02-20 17:59:03,023 INFO L290 TraceCheckUtils]: 3: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,023 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26666#true} {26667#false} #1167#return; {26667#false} is VALID [2022-02-20 17:59:03,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:59:03,024 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,025 INFO L290 TraceCheckUtils]: 0: Hoare triple {26769#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,025 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1169#return; {26667#false} is VALID [2022-02-20 17:59:03,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 17:59:03,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,027 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,027 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,027 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1181#return; {26667#false} is VALID [2022-02-20 17:59:03,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 17:59:03,028 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,029 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {26666#true} is VALID [2022-02-20 17:59:03,029 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle; {26666#true} is VALID [2022-02-20 17:59:03,029 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {26666#true} is VALID [2022-02-20 17:59:03,029 INFO L290 TraceCheckUtils]: 3: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,029 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26666#true} {26667#false} #1183#return; {26667#false} is VALID [2022-02-20 17:59:03,030 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 17:59:03,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {26768#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,031 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1189#return; {26667#false} is VALID [2022-02-20 17:59:03,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 17:59:03,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,033 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~29; {26666#true} is VALID [2022-02-20 17:59:03,033 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {26666#true} is VALID [2022-02-20 17:59:03,033 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,033 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1191#return; {26667#false} is VALID [2022-02-20 17:59:03,033 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 140 [2022-02-20 17:59:03,034 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,035 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,035 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,035 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1193#return; {26667#false} is VALID [2022-02-20 17:59:03,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 146 [2022-02-20 17:59:03,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,037 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~12; {26666#true} is VALID [2022-02-20 17:59:03,037 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {26666#true} is VALID [2022-02-20 17:59:03,037 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,037 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1195#return; {26667#false} is VALID [2022-02-20 17:59:03,037 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 155 [2022-02-20 17:59:03,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,039 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~23; {26666#true} is VALID [2022-02-20 17:59:03,039 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {26666#true} is VALID [2022-02-20 17:59:03,039 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,039 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {26666#true} {26667#false} #1207#return; {26667#false} is VALID [2022-02-20 17:59:03,039 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 161 [2022-02-20 17:59:03,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:03,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {26666#true} is VALID [2022-02-20 17:59:03,041 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume 1 == ~handle; {26666#true} is VALID [2022-02-20 17:59:03,041 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {26666#true} is VALID [2022-02-20 17:59:03,041 INFO L290 TraceCheckUtils]: 3: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,041 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {26666#true} {26667#false} #1209#return; {26667#false} is VALID [2022-02-20 17:59:03,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {26666#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {26666#true} is VALID [2022-02-20 17:59:03,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {26666#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {26666#true} is VALID [2022-02-20 17:59:03,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {26666#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {26666#true} is VALID [2022-02-20 17:59:03,042 INFO L290 TraceCheckUtils]: 3: Hoare triple {26666#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {26666#true} is VALID [2022-02-20 17:59:03,042 INFO L290 TraceCheckUtils]: 4: Hoare triple {26666#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {26666#true} is VALID [2022-02-20 17:59:03,042 INFO L290 TraceCheckUtils]: 5: Hoare triple {26666#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {26666#true} is VALID [2022-02-20 17:59:03,043 INFO L272 TraceCheckUtils]: 6: Hoare triple {26666#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {26762#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:03,043 INFO L290 TraceCheckUtils]: 7: Hoare triple {26762#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,043 INFO L290 TraceCheckUtils]: 8: Hoare triple {26666#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,043 INFO L290 TraceCheckUtils]: 9: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,043 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {26666#true} {26666#true} #1245#return; {26666#true} is VALID [2022-02-20 17:59:03,043 INFO L290 TraceCheckUtils]: 11: Hoare triple {26666#true} assume { :end_inline_setup_bob__wrappee__Base } true; {26666#true} is VALID [2022-02-20 17:59:03,044 INFO L272 TraceCheckUtils]: 12: Hoare triple {26666#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {26763#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:03,044 INFO L290 TraceCheckUtils]: 13: Hoare triple {26763#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,044 INFO L290 TraceCheckUtils]: 14: Hoare triple {26666#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,044 INFO L290 TraceCheckUtils]: 15: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,044 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {26666#true} {26666#true} #1247#return; {26666#true} is VALID [2022-02-20 17:59:03,044 INFO L290 TraceCheckUtils]: 17: Hoare triple {26666#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {26666#true} is VALID [2022-02-20 17:59:03,045 INFO L272 TraceCheckUtils]: 18: Hoare triple {26666#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {26762#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:03,045 INFO L290 TraceCheckUtils]: 19: Hoare triple {26762#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,045 INFO L290 TraceCheckUtils]: 20: Hoare triple {26666#true} assume !(1 == ~handle); {26666#true} is VALID [2022-02-20 17:59:03,045 INFO L290 TraceCheckUtils]: 21: Hoare triple {26666#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,045 INFO L290 TraceCheckUtils]: 22: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,045 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {26666#true} {26666#true} #1249#return; {26666#true} is VALID [2022-02-20 17:59:03,045 INFO L290 TraceCheckUtils]: 24: Hoare triple {26666#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {26666#true} is VALID [2022-02-20 17:59:03,046 INFO L272 TraceCheckUtils]: 25: Hoare triple {26666#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {26763#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:03,046 INFO L290 TraceCheckUtils]: 26: Hoare triple {26763#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,046 INFO L290 TraceCheckUtils]: 27: Hoare triple {26666#true} assume !(1 == ~handle); {26666#true} is VALID [2022-02-20 17:59:03,046 INFO L290 TraceCheckUtils]: 28: Hoare triple {26666#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,046 INFO L290 TraceCheckUtils]: 29: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,046 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {26666#true} {26666#true} #1251#return; {26666#true} is VALID [2022-02-20 17:59:03,046 INFO L290 TraceCheckUtils]: 31: Hoare triple {26666#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {26686#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:03,047 INFO L272 TraceCheckUtils]: 32: Hoare triple {26686#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {26762#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:03,047 INFO L290 TraceCheckUtils]: 33: Hoare triple {26762#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {26764#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:03,047 INFO L290 TraceCheckUtils]: 34: Hoare triple {26764#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {26764#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:03,048 INFO L290 TraceCheckUtils]: 35: Hoare triple {26764#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {26764#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:03,048 INFO L290 TraceCheckUtils]: 36: Hoare triple {26764#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {26765#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:03,048 INFO L290 TraceCheckUtils]: 37: Hoare triple {26765#(= 3 |setClientId_#in~handle|)} assume true; {26765#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:03,049 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {26765#(= 3 |setClientId_#in~handle|)} {26686#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1253#return; {26693#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:03,049 INFO L290 TraceCheckUtils]: 39: Hoare triple {26693#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {26693#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:03,049 INFO L272 TraceCheckUtils]: 40: Hoare triple {26693#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {26763#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:03,050 INFO L290 TraceCheckUtils]: 41: Hoare triple {26763#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {26766#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:03,050 INFO L290 TraceCheckUtils]: 42: Hoare triple {26766#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {26766#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:03,050 INFO L290 TraceCheckUtils]: 43: Hoare triple {26766#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {26767#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:03,051 INFO L290 TraceCheckUtils]: 44: Hoare triple {26767#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {26767#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:03,051 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {26767#(= 2 |setClientPrivateKey_#in~handle|)} {26693#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1255#return; {26667#false} is VALID [2022-02-20 17:59:03,051 INFO L290 TraceCheckUtils]: 46: Hoare triple {26667#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {26667#false} is VALID [2022-02-20 17:59:03,051 INFO L290 TraceCheckUtils]: 47: Hoare triple {26667#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {26667#false} is VALID [2022-02-20 17:59:03,051 INFO L290 TraceCheckUtils]: 48: Hoare triple {26667#false} assume !false; {26667#false} is VALID [2022-02-20 17:59:03,051 INFO L290 TraceCheckUtils]: 49: Hoare triple {26667#false} assume test_~splverifierCounter~0#1 < 4; {26667#false} is VALID [2022-02-20 17:59:03,051 INFO L290 TraceCheckUtils]: 50: Hoare triple {26667#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {26667#false} is VALID [2022-02-20 17:59:03,052 INFO L290 TraceCheckUtils]: 51: Hoare triple {26667#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {26667#false} is VALID [2022-02-20 17:59:03,052 INFO L290 TraceCheckUtils]: 52: Hoare triple {26667#false} assume !(0 != test_~tmp___9~0#1); {26667#false} is VALID [2022-02-20 17:59:03,052 INFO L290 TraceCheckUtils]: 53: Hoare triple {26667#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {26667#false} is VALID [2022-02-20 17:59:03,052 INFO L290 TraceCheckUtils]: 54: Hoare triple {26667#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {26667#false} is VALID [2022-02-20 17:59:03,052 INFO L290 TraceCheckUtils]: 55: Hoare triple {26667#false} assume !false; {26667#false} is VALID [2022-02-20 17:59:03,052 INFO L290 TraceCheckUtils]: 56: Hoare triple {26667#false} assume !(test_~splverifierCounter~0#1 < 4); {26667#false} is VALID [2022-02-20 17:59:03,052 INFO L290 TraceCheckUtils]: 57: Hoare triple {26667#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {26667#false} is VALID [2022-02-20 17:59:03,052 INFO L272 TraceCheckUtils]: 58: Hoare triple {26667#false} call sendEmail(~bob~0, ~rjh~0); {26667#false} is VALID [2022-02-20 17:59:03,052 INFO L290 TraceCheckUtils]: 59: Hoare triple {26667#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {26667#false} is VALID [2022-02-20 17:59:03,053 INFO L272 TraceCheckUtils]: 60: Hoare triple {26667#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {26768#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:03,053 INFO L290 TraceCheckUtils]: 61: Hoare triple {26768#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,053 INFO L290 TraceCheckUtils]: 62: Hoare triple {26666#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,053 INFO L290 TraceCheckUtils]: 63: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,053 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {26666#true} {26667#false} #1231#return; {26667#false} is VALID [2022-02-20 17:59:03,053 INFO L272 TraceCheckUtils]: 65: Hoare triple {26667#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {26769#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:03,053 INFO L290 TraceCheckUtils]: 66: Hoare triple {26769#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,053 INFO L290 TraceCheckUtils]: 67: Hoare triple {26666#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,053 INFO L290 TraceCheckUtils]: 68: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,054 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {26666#true} {26667#false} #1233#return; {26667#false} is VALID [2022-02-20 17:59:03,054 INFO L290 TraceCheckUtils]: 70: Hoare triple {26667#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {26667#false} is VALID [2022-02-20 17:59:03,054 INFO L290 TraceCheckUtils]: 71: Hoare triple {26667#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {26667#false} is VALID [2022-02-20 17:59:03,054 INFO L272 TraceCheckUtils]: 72: Hoare triple {26667#false} call outgoing(~sender#1, ~email~0#1); {26667#false} is VALID [2022-02-20 17:59:03,054 INFO L290 TraceCheckUtils]: 73: Hoare triple {26667#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {26667#false} is VALID [2022-02-20 17:59:03,054 INFO L272 TraceCheckUtils]: 74: Hoare triple {26667#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {26666#true} is VALID [2022-02-20 17:59:03,054 INFO L290 TraceCheckUtils]: 75: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~12; {26666#true} is VALID [2022-02-20 17:59:03,054 INFO L290 TraceCheckUtils]: 76: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {26666#true} is VALID [2022-02-20 17:59:03,054 INFO L290 TraceCheckUtils]: 77: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,054 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {26666#true} {26667#false} #1161#return; {26667#false} is VALID [2022-02-20 17:59:03,055 INFO L290 TraceCheckUtils]: 79: Hoare triple {26667#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {26667#false} is VALID [2022-02-20 17:59:03,055 INFO L290 TraceCheckUtils]: 80: Hoare triple {26667#false} assume 0 == sign_~privkey~1#1; {26667#false} is VALID [2022-02-20 17:59:03,055 INFO L290 TraceCheckUtils]: 81: Hoare triple {26667#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {26667#false} is VALID [2022-02-20 17:59:03,055 INFO L272 TraceCheckUtils]: 82: Hoare triple {26667#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {26666#true} is VALID [2022-02-20 17:59:03,055 INFO L290 TraceCheckUtils]: 83: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~6; {26666#true} is VALID [2022-02-20 17:59:03,055 INFO L290 TraceCheckUtils]: 84: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {26666#true} is VALID [2022-02-20 17:59:03,055 INFO L290 TraceCheckUtils]: 85: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,055 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {26666#true} {26667#false} #1163#return; {26667#false} is VALID [2022-02-20 17:59:03,055 INFO L290 TraceCheckUtils]: 87: Hoare triple {26667#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {26667#false} is VALID [2022-02-20 17:59:03,056 INFO L290 TraceCheckUtils]: 88: Hoare triple {26667#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {26667#false} is VALID [2022-02-20 17:59:03,056 INFO L290 TraceCheckUtils]: 89: Hoare triple {26667#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret88#1 := puts(35, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret88#1 && outgoing__wrappee__AddressBook_#t~ret88#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret88#1; {26667#false} is VALID [2022-02-20 17:59:03,056 INFO L272 TraceCheckUtils]: 90: Hoare triple {26667#false} call outgoing__wrappee__AddressBook_#t~ret89#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {26666#true} is VALID [2022-02-20 17:59:03,056 INFO L290 TraceCheckUtils]: 91: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,056 INFO L290 TraceCheckUtils]: 92: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,056 INFO L290 TraceCheckUtils]: 93: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,056 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {26666#true} {26667#false} #1165#return; {26667#false} is VALID [2022-02-20 17:59:03,056 INFO L290 TraceCheckUtils]: 95: Hoare triple {26667#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret89#1 && outgoing__wrappee__AddressBook_#t~ret89#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~7#1 := outgoing__wrappee__AddressBook_#t~ret89#1;havoc outgoing__wrappee__AddressBook_#t~ret89#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~7#1;call outgoing__wrappee__AddressBook_#t~ret90#1 := puts(36, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret90#1 && outgoing__wrappee__AddressBook_#t~ret90#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret90#1; {26667#false} is VALID [2022-02-20 17:59:03,056 INFO L272 TraceCheckUtils]: 96: Hoare triple {26667#false} call outgoing__wrappee__AddressBook_#t~ret91#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {26666#true} is VALID [2022-02-20 17:59:03,056 INFO L290 TraceCheckUtils]: 97: Hoare triple {26666#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~10; {26666#true} is VALID [2022-02-20 17:59:03,057 INFO L290 TraceCheckUtils]: 98: Hoare triple {26666#true} assume 1 == ~handle; {26666#true} is VALID [2022-02-20 17:59:03,057 INFO L290 TraceCheckUtils]: 99: Hoare triple {26666#true} assume 0 == ~index;~retValue_acc~10 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~10; {26666#true} is VALID [2022-02-20 17:59:03,057 INFO L290 TraceCheckUtils]: 100: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,057 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {26666#true} {26667#false} #1167#return; {26667#false} is VALID [2022-02-20 17:59:03,057 INFO L290 TraceCheckUtils]: 102: Hoare triple {26667#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret91#1 && outgoing__wrappee__AddressBook_#t~ret91#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~3#1 := outgoing__wrappee__AddressBook_#t~ret91#1;havoc outgoing__wrappee__AddressBook_#t~ret91#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~3#1; {26667#false} is VALID [2022-02-20 17:59:03,057 INFO L272 TraceCheckUtils]: 103: Hoare triple {26667#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {26769#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:03,057 INFO L290 TraceCheckUtils]: 104: Hoare triple {26769#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,057 INFO L290 TraceCheckUtils]: 105: Hoare triple {26666#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,057 INFO L290 TraceCheckUtils]: 106: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,057 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {26666#true} {26667#false} #1169#return; {26667#false} is VALID [2022-02-20 17:59:03,058 INFO L272 TraceCheckUtils]: 108: Hoare triple {26667#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {26667#false} is VALID [2022-02-20 17:59:03,058 INFO L290 TraceCheckUtils]: 109: Hoare triple {26667#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {26667#false} is VALID [2022-02-20 17:59:03,058 INFO L272 TraceCheckUtils]: 110: Hoare triple {26667#false} call #t~ret85#1 := getEmailTo(~msg#1); {26666#true} is VALID [2022-02-20 17:59:03,058 INFO L290 TraceCheckUtils]: 111: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,058 INFO L290 TraceCheckUtils]: 112: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,058 INFO L290 TraceCheckUtils]: 113: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,058 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {26666#true} {26667#false} #1181#return; {26667#false} is VALID [2022-02-20 17:59:03,058 INFO L290 TraceCheckUtils]: 115: Hoare triple {26667#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {26667#false} is VALID [2022-02-20 17:59:03,058 INFO L272 TraceCheckUtils]: 116: Hoare triple {26667#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {26666#true} is VALID [2022-02-20 17:59:03,058 INFO L290 TraceCheckUtils]: 117: Hoare triple {26666#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {26666#true} is VALID [2022-02-20 17:59:03,059 INFO L290 TraceCheckUtils]: 118: Hoare triple {26666#true} assume 1 == ~handle; {26666#true} is VALID [2022-02-20 17:59:03,059 INFO L290 TraceCheckUtils]: 119: Hoare triple {26666#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {26666#true} is VALID [2022-02-20 17:59:03,059 INFO L290 TraceCheckUtils]: 120: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,059 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {26666#true} {26667#false} #1183#return; {26667#false} is VALID [2022-02-20 17:59:03,059 INFO L290 TraceCheckUtils]: 122: Hoare triple {26667#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {26667#false} is VALID [2022-02-20 17:59:03,059 INFO L290 TraceCheckUtils]: 123: Hoare triple {26667#false} assume !(0 != ~pubkey~0#1); {26667#false} is VALID [2022-02-20 17:59:03,059 INFO L290 TraceCheckUtils]: 124: Hoare triple {26667#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {26667#false} is VALID [2022-02-20 17:59:03,059 INFO L290 TraceCheckUtils]: 125: Hoare triple {26667#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {26667#false} is VALID [2022-02-20 17:59:03,059 INFO L290 TraceCheckUtils]: 126: Hoare triple {26667#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {26667#false} is VALID [2022-02-20 17:59:03,060 INFO L272 TraceCheckUtils]: 127: Hoare triple {26667#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {26768#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:03,060 INFO L290 TraceCheckUtils]: 128: Hoare triple {26768#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {26666#true} is VALID [2022-02-20 17:59:03,060 INFO L290 TraceCheckUtils]: 129: Hoare triple {26666#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {26666#true} is VALID [2022-02-20 17:59:03,060 INFO L290 TraceCheckUtils]: 130: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,060 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {26666#true} {26667#false} #1189#return; {26667#false} is VALID [2022-02-20 17:59:03,060 INFO L290 TraceCheckUtils]: 132: Hoare triple {26667#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {26667#false} is VALID [2022-02-20 17:59:03,060 INFO L272 TraceCheckUtils]: 133: Hoare triple {26667#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {26666#true} is VALID [2022-02-20 17:59:03,060 INFO L290 TraceCheckUtils]: 134: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~29; {26666#true} is VALID [2022-02-20 17:59:03,060 INFO L290 TraceCheckUtils]: 135: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {26666#true} is VALID [2022-02-20 17:59:03,060 INFO L290 TraceCheckUtils]: 136: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,060 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {26666#true} {26667#false} #1191#return; {26667#false} is VALID [2022-02-20 17:59:03,060 INFO L290 TraceCheckUtils]: 138: Hoare triple {26667#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {26667#false} is VALID [2022-02-20 17:59:03,060 INFO L290 TraceCheckUtils]: 139: Hoare triple {26667#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {26667#false} is VALID [2022-02-20 17:59:03,061 INFO L272 TraceCheckUtils]: 140: Hoare triple {26667#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 141: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 142: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 143: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {26666#true} {26667#false} #1193#return; {26667#false} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 145: Hoare triple {26667#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {26667#false} is VALID [2022-02-20 17:59:03,061 INFO L272 TraceCheckUtils]: 146: Hoare triple {26667#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 147: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~12; {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 148: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 149: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L284 TraceCheckUtils]: 150: Hoare quadruple {26666#true} {26667#false} #1195#return; {26667#false} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 151: Hoare triple {26667#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {26667#false} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 152: Hoare triple {26667#false} assume !(0 != incoming_~privkey~0#1); {26667#false} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 153: Hoare triple {26667#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {26667#false} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 154: Hoare triple {26667#false} assume 1 == ~sent_signed~0; {26667#false} is VALID [2022-02-20 17:59:03,061 INFO L272 TraceCheckUtils]: 155: Hoare triple {26667#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 156: Hoare triple {26666#true} ~handle := #in~handle;havoc ~retValue_acc~23; {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 157: Hoare triple {26666#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {26666#true} is VALID [2022-02-20 17:59:03,061 INFO L290 TraceCheckUtils]: 158: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,062 INFO L284 TraceCheckUtils]: 159: Hoare quadruple {26666#true} {26667#false} #1207#return; {26667#false} is VALID [2022-02-20 17:59:03,062 INFO L290 TraceCheckUtils]: 160: Hoare triple {26667#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {26667#false} is VALID [2022-02-20 17:59:03,062 INFO L272 TraceCheckUtils]: 161: Hoare triple {26667#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {26666#true} is VALID [2022-02-20 17:59:03,062 INFO L290 TraceCheckUtils]: 162: Hoare triple {26666#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {26666#true} is VALID [2022-02-20 17:59:03,062 INFO L290 TraceCheckUtils]: 163: Hoare triple {26666#true} assume 1 == ~handle; {26666#true} is VALID [2022-02-20 17:59:03,062 INFO L290 TraceCheckUtils]: 164: Hoare triple {26666#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {26666#true} is VALID [2022-02-20 17:59:03,062 INFO L290 TraceCheckUtils]: 165: Hoare triple {26666#true} assume true; {26666#true} is VALID [2022-02-20 17:59:03,062 INFO L284 TraceCheckUtils]: 166: Hoare quadruple {26666#true} {26667#false} #1209#return; {26667#false} is VALID [2022-02-20 17:59:03,062 INFO L290 TraceCheckUtils]: 167: Hoare triple {26667#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {26667#false} is VALID [2022-02-20 17:59:03,063 INFO L290 TraceCheckUtils]: 168: Hoare triple {26667#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {26667#false} is VALID [2022-02-20 17:59:03,063 INFO L272 TraceCheckUtils]: 169: Hoare triple {26667#false} call __automaton_fail(); {26667#false} is VALID [2022-02-20 17:59:03,063 INFO L290 TraceCheckUtils]: 170: Hoare triple {26667#false} assume !false; {26667#false} is VALID [2022-02-20 17:59:03,063 INFO L134 CoverageAnalysis]: Checked inductivity of 57 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 43 trivial. 0 not checked. [2022-02-20 17:59:03,063 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:03,063 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [666359033] [2022-02-20 17:59:03,064 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [666359033] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:03,064 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:03,064 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:59:03,064 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [742407137] [2022-02-20 17:59:03,064 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:03,064 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 9.181818181818182) internal successors, (101), 8 states have internal predecessors, (101), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 171 [2022-02-20 17:59:03,065 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:03,065 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 9.181818181818182) internal successors, (101), 8 states have internal predecessors, (101), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:59:03,147 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 147 edges. 147 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:03,147 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:59:03,147 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:03,148 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:59:03,148 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:03,148 INFO L87 Difference]: Start difference. First operand 481 states and 739 transitions. Second operand has 12 states, 11 states have (on average 9.181818181818182) internal successors, (101), 8 states have internal predecessors, (101), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:59:13,010 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:13,010 INFO L93 Difference]: Finished difference Result 1047 states and 1634 transitions. [2022-02-20 17:59:13,011 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:59:13,011 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 9.181818181818182) internal successors, (101), 8 states have internal predecessors, (101), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) Word has length 171 [2022-02-20 17:59:13,011 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:13,011 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 9.181818181818182) internal successors, (101), 8 states have internal predecessors, (101), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:59:13,021 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1397 transitions. [2022-02-20 17:59:13,021 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 9.181818181818182) internal successors, (101), 8 states have internal predecessors, (101), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:59:13,052 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1397 transitions. [2022-02-20 17:59:13,053 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1397 transitions. [2022-02-20 17:59:14,114 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1397 edges. 1397 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:14,132 INFO L225 Difference]: With dead ends: 1047 [2022-02-20 17:59:14,132 INFO L226 Difference]: Without dead ends: 593 [2022-02-20 17:59:14,133 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 67 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:59:14,135 INFO L933 BasicCegarLoop]: 654 mSDtfsCounter, 1616 mSDsluCounter, 1302 mSDsCounter, 0 mSdLazyCounter, 4096 mSolverCounterSat, 611 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1616 SdHoareTripleChecker+Valid, 1956 SdHoareTripleChecker+Invalid, 4707 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 611 IncrementalHoareTripleChecker+Valid, 4096 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.6s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:14,136 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1616 Valid, 1956 Invalid, 4707 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [611 Valid, 4096 Invalid, 0 Unknown, 0 Unchecked, 4.6s Time] [2022-02-20 17:59:14,136 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 593 states. [2022-02-20 17:59:14,213 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 593 to 483. [2022-02-20 17:59:14,214 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:14,214 INFO L82 GeneralOperation]: Start isEquivalent. First operand 593 states. Second operand has 483 states, 368 states have (on average 1.5543478260869565) internal successors, (572), 377 states have internal predecessors, (572), 82 states have call successors, (82), 29 states have call predecessors, (82), 32 states have return successors, (91), 78 states have call predecessors, (91), 79 states have call successors, (91) [2022-02-20 17:59:14,215 INFO L74 IsIncluded]: Start isIncluded. First operand 593 states. Second operand has 483 states, 368 states have (on average 1.5543478260869565) internal successors, (572), 377 states have internal predecessors, (572), 82 states have call successors, (82), 29 states have call predecessors, (82), 32 states have return successors, (91), 78 states have call predecessors, (91), 79 states have call successors, (91) [2022-02-20 17:59:14,215 INFO L87 Difference]: Start difference. First operand 593 states. Second operand has 483 states, 368 states have (on average 1.5543478260869565) internal successors, (572), 377 states have internal predecessors, (572), 82 states have call successors, (82), 29 states have call predecessors, (82), 32 states have return successors, (91), 78 states have call predecessors, (91), 79 states have call successors, (91) [2022-02-20 17:59:14,231 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:14,231 INFO L93 Difference]: Finished difference Result 593 states and 931 transitions. [2022-02-20 17:59:14,231 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 931 transitions. [2022-02-20 17:59:14,233 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:14,234 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:14,234 INFO L74 IsIncluded]: Start isIncluded. First operand has 483 states, 368 states have (on average 1.5543478260869565) internal successors, (572), 377 states have internal predecessors, (572), 82 states have call successors, (82), 29 states have call predecessors, (82), 32 states have return successors, (91), 78 states have call predecessors, (91), 79 states have call successors, (91) Second operand 593 states. [2022-02-20 17:59:14,235 INFO L87 Difference]: Start difference. First operand has 483 states, 368 states have (on average 1.5543478260869565) internal successors, (572), 377 states have internal predecessors, (572), 82 states have call successors, (82), 29 states have call predecessors, (82), 32 states have return successors, (91), 78 states have call predecessors, (91), 79 states have call successors, (91) Second operand 593 states. [2022-02-20 17:59:14,251 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:14,251 INFO L93 Difference]: Finished difference Result 593 states and 931 transitions. [2022-02-20 17:59:14,252 INFO L276 IsEmpty]: Start isEmpty. Operand 593 states and 931 transitions. [2022-02-20 17:59:14,253 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:14,254 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:14,254 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:14,254 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:14,255 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 483 states, 368 states have (on average 1.5543478260869565) internal successors, (572), 377 states have internal predecessors, (572), 82 states have call successors, (82), 29 states have call predecessors, (82), 32 states have return successors, (91), 78 states have call predecessors, (91), 79 states have call successors, (91) [2022-02-20 17:59:14,268 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 483 states to 483 states and 745 transitions. [2022-02-20 17:59:14,268 INFO L78 Accepts]: Start accepts. Automaton has 483 states and 745 transitions. Word has length 171 [2022-02-20 17:59:14,269 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:14,269 INFO L470 AbstractCegarLoop]: Abstraction has 483 states and 745 transitions. [2022-02-20 17:59:14,269 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 9.181818181818182) internal successors, (101), 8 states have internal predecessors, (101), 4 states have call successors, (25), 6 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 4 states have call successors, (21) [2022-02-20 17:59:14,269 INFO L276 IsEmpty]: Start isEmpty. Operand 483 states and 745 transitions. [2022-02-20 17:59:14,271 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 154 [2022-02-20 17:59:14,271 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:14,271 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:14,271 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 17:59:14,271 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:14,271 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:14,272 INFO L85 PathProgramCache]: Analyzing trace with hash -1117936756, now seen corresponding path program 1 times [2022-02-20 17:59:14,272 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:14,272 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2075204204] [2022-02-20 17:59:14,272 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:14,272 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:14,297 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,321 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:14,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,326 INFO L290 TraceCheckUtils]: 0: Hoare triple {30190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,326 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,326 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,326 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30106#true} #1245#return; {30106#true} is VALID [2022-02-20 17:59:14,330 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:14,331 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,333 INFO L290 TraceCheckUtils]: 0: Hoare triple {30191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,333 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,333 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,333 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30106#true} #1247#return; {30106#true} is VALID [2022-02-20 17:59:14,334 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:14,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,336 INFO L290 TraceCheckUtils]: 0: Hoare triple {30190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,336 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,336 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,336 INFO L290 TraceCheckUtils]: 3: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,336 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30106#true} {30106#true} #1249#return; {30106#true} is VALID [2022-02-20 17:59:14,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:14,337 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,338 INFO L290 TraceCheckUtils]: 0: Hoare triple {30191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,338 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,339 INFO L290 TraceCheckUtils]: 3: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,339 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30106#true} {30106#true} #1251#return; {30106#true} is VALID [2022-02-20 17:59:14,339 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:14,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,341 INFO L290 TraceCheckUtils]: 0: Hoare triple {30190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,341 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,341 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume !(2 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,342 INFO L290 TraceCheckUtils]: 3: Hoare triple {30106#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,342 INFO L290 TraceCheckUtils]: 4: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,342 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30106#true} {30106#true} #1253#return; {30106#true} is VALID [2022-02-20 17:59:14,342 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:14,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,344 INFO L290 TraceCheckUtils]: 0: Hoare triple {30191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,345 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume !(2 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,345 INFO L290 TraceCheckUtils]: 3: Hoare triple {30106#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,345 INFO L290 TraceCheckUtils]: 4: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,345 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {30106#true} {30106#true} #1255#return; {30106#true} is VALID [2022-02-20 17:59:14,349 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:59:14,350 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,351 INFO L290 TraceCheckUtils]: 0: Hoare triple {30192#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,351 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,352 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,352 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1231#return; {30107#false} is VALID [2022-02-20 17:59:14,356 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:59:14,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,359 INFO L290 TraceCheckUtils]: 0: Hoare triple {30193#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,359 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,359 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,359 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1233#return; {30107#false} is VALID [2022-02-20 17:59:14,359 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:59:14,360 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:14,361 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:14,361 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,361 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1161#return; {30107#false} is VALID [2022-02-20 17:59:14,361 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:59:14,369 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,370 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~6; {30106#true} is VALID [2022-02-20 17:59:14,370 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {30106#true} is VALID [2022-02-20 17:59:14,370 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,371 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1163#return; {30107#false} is VALID [2022-02-20 17:59:14,371 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:59:14,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,372 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:14,372 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:14,372 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,373 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1181#return; {30107#false} is VALID [2022-02-20 17:59:14,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:59:14,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,374 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:14,374 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle; {30106#true} is VALID [2022-02-20 17:59:14,374 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:14,375 INFO L290 TraceCheckUtils]: 3: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,375 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30106#true} {30107#false} #1183#return; {30107#false} is VALID [2022-02-20 17:59:14,375 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:59:14,375 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {30192#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,377 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1189#return; {30107#false} is VALID [2022-02-20 17:59:14,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:59:14,378 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~29; {30106#true} is VALID [2022-02-20 17:59:14,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {30106#true} is VALID [2022-02-20 17:59:14,379 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,379 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1191#return; {30107#false} is VALID [2022-02-20 17:59:14,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 17:59:14,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,381 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:14,381 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:14,381 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,381 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1193#return; {30107#false} is VALID [2022-02-20 17:59:14,381 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:59:14,382 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,384 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:14,384 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:14,384 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,384 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1195#return; {30107#false} is VALID [2022-02-20 17:59:14,384 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 17:59:14,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,386 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~23; {30106#true} is VALID [2022-02-20 17:59:14,386 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {30106#true} is VALID [2022-02-20 17:59:14,386 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,387 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {30106#true} {30107#false} #1207#return; {30107#false} is VALID [2022-02-20 17:59:14,387 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 17:59:14,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:14,389 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume 1 == ~handle; {30106#true} is VALID [2022-02-20 17:59:14,389 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:14,389 INFO L290 TraceCheckUtils]: 3: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,389 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {30106#true} {30107#false} #1209#return; {30107#false} is VALID [2022-02-20 17:59:14,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {30106#true} is VALID [2022-02-20 17:59:14,389 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {30106#true} is VALID [2022-02-20 17:59:14,389 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30106#true} is VALID [2022-02-20 17:59:14,390 INFO L290 TraceCheckUtils]: 3: Hoare triple {30106#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {30106#true} is VALID [2022-02-20 17:59:14,390 INFO L290 TraceCheckUtils]: 4: Hoare triple {30106#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {30106#true} is VALID [2022-02-20 17:59:14,390 INFO L290 TraceCheckUtils]: 5: Hoare triple {30106#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30106#true} is VALID [2022-02-20 17:59:14,390 INFO L272 TraceCheckUtils]: 6: Hoare triple {30106#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,390 INFO L290 TraceCheckUtils]: 7: Hoare triple {30190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,391 INFO L290 TraceCheckUtils]: 8: Hoare triple {30106#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,391 INFO L290 TraceCheckUtils]: 9: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,391 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30106#true} {30106#true} #1245#return; {30106#true} is VALID [2022-02-20 17:59:14,391 INFO L290 TraceCheckUtils]: 11: Hoare triple {30106#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30106#true} is VALID [2022-02-20 17:59:14,391 INFO L272 TraceCheckUtils]: 12: Hoare triple {30106#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:14,391 INFO L290 TraceCheckUtils]: 13: Hoare triple {30191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,392 INFO L290 TraceCheckUtils]: 14: Hoare triple {30106#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,392 INFO L290 TraceCheckUtils]: 15: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,392 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30106#true} {30106#true} #1247#return; {30106#true} is VALID [2022-02-20 17:59:14,392 INFO L290 TraceCheckUtils]: 17: Hoare triple {30106#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30106#true} is VALID [2022-02-20 17:59:14,392 INFO L272 TraceCheckUtils]: 18: Hoare triple {30106#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,393 INFO L290 TraceCheckUtils]: 19: Hoare triple {30190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,393 INFO L290 TraceCheckUtils]: 20: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,393 INFO L290 TraceCheckUtils]: 21: Hoare triple {30106#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,393 INFO L290 TraceCheckUtils]: 22: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,393 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30106#true} {30106#true} #1249#return; {30106#true} is VALID [2022-02-20 17:59:14,393 INFO L290 TraceCheckUtils]: 24: Hoare triple {30106#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {30106#true} is VALID [2022-02-20 17:59:14,394 INFO L272 TraceCheckUtils]: 25: Hoare triple {30106#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:14,394 INFO L290 TraceCheckUtils]: 26: Hoare triple {30191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,394 INFO L290 TraceCheckUtils]: 27: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,394 INFO L290 TraceCheckUtils]: 28: Hoare triple {30106#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,394 INFO L290 TraceCheckUtils]: 29: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,394 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30106#true} {30106#true} #1251#return; {30106#true} is VALID [2022-02-20 17:59:14,394 INFO L290 TraceCheckUtils]: 31: Hoare triple {30106#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30106#true} is VALID [2022-02-20 17:59:14,395 INFO L272 TraceCheckUtils]: 32: Hoare triple {30106#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,395 INFO L290 TraceCheckUtils]: 33: Hoare triple {30190#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,395 INFO L290 TraceCheckUtils]: 34: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,395 INFO L290 TraceCheckUtils]: 35: Hoare triple {30106#true} assume !(2 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,395 INFO L290 TraceCheckUtils]: 36: Hoare triple {30106#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,395 INFO L290 TraceCheckUtils]: 37: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,395 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30106#true} {30106#true} #1253#return; {30106#true} is VALID [2022-02-20 17:59:14,395 INFO L290 TraceCheckUtils]: 39: Hoare triple {30106#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {30106#true} is VALID [2022-02-20 17:59:14,396 INFO L272 TraceCheckUtils]: 40: Hoare triple {30106#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:14,396 INFO L290 TraceCheckUtils]: 41: Hoare triple {30191#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,396 INFO L290 TraceCheckUtils]: 42: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,396 INFO L290 TraceCheckUtils]: 43: Hoare triple {30106#true} assume !(2 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,396 INFO L290 TraceCheckUtils]: 44: Hoare triple {30106#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,396 INFO L290 TraceCheckUtils]: 45: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,396 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {30106#true} {30106#true} #1255#return; {30106#true} is VALID [2022-02-20 17:59:14,397 INFO L290 TraceCheckUtils]: 47: Hoare triple {30106#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {30106#true} is VALID [2022-02-20 17:59:14,397 INFO L290 TraceCheckUtils]: 48: Hoare triple {30106#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30138#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:14,397 INFO L290 TraceCheckUtils]: 49: Hoare triple {30138#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {30138#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:14,397 INFO L290 TraceCheckUtils]: 50: Hoare triple {30138#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {30138#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:14,398 INFO L290 TraceCheckUtils]: 51: Hoare triple {30138#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,398 INFO L290 TraceCheckUtils]: 52: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,398 INFO L290 TraceCheckUtils]: 53: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,399 INFO L290 TraceCheckUtils]: 54: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,399 INFO L290 TraceCheckUtils]: 55: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,399 INFO L290 TraceCheckUtils]: 56: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,400 INFO L290 TraceCheckUtils]: 57: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {30107#false} is VALID [2022-02-20 17:59:14,400 INFO L290 TraceCheckUtils]: 58: Hoare triple {30107#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {30107#false} is VALID [2022-02-20 17:59:14,400 INFO L272 TraceCheckUtils]: 59: Hoare triple {30107#false} call sendEmail(~bob~0, ~rjh~0); {30107#false} is VALID [2022-02-20 17:59:14,400 INFO L290 TraceCheckUtils]: 60: Hoare triple {30107#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30107#false} is VALID [2022-02-20 17:59:14,400 INFO L272 TraceCheckUtils]: 61: Hoare triple {30107#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30192#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:14,400 INFO L290 TraceCheckUtils]: 62: Hoare triple {30192#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,400 INFO L290 TraceCheckUtils]: 63: Hoare triple {30106#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,400 INFO L290 TraceCheckUtils]: 64: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,400 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {30106#true} {30107#false} #1231#return; {30107#false} is VALID [2022-02-20 17:59:14,401 INFO L272 TraceCheckUtils]: 66: Hoare triple {30107#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30193#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:14,401 INFO L290 TraceCheckUtils]: 67: Hoare triple {30193#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,401 INFO L290 TraceCheckUtils]: 68: Hoare triple {30106#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,401 INFO L290 TraceCheckUtils]: 69: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,401 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {30106#true} {30107#false} #1233#return; {30107#false} is VALID [2022-02-20 17:59:14,401 INFO L290 TraceCheckUtils]: 71: Hoare triple {30107#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {30107#false} is VALID [2022-02-20 17:59:14,401 INFO L290 TraceCheckUtils]: 72: Hoare triple {30107#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {30107#false} is VALID [2022-02-20 17:59:14,401 INFO L272 TraceCheckUtils]: 73: Hoare triple {30107#false} call outgoing(~sender#1, ~email~0#1); {30107#false} is VALID [2022-02-20 17:59:14,401 INFO L290 TraceCheckUtils]: 74: Hoare triple {30107#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {30107#false} is VALID [2022-02-20 17:59:14,401 INFO L272 TraceCheckUtils]: 75: Hoare triple {30107#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {30106#true} is VALID [2022-02-20 17:59:14,402 INFO L290 TraceCheckUtils]: 76: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:14,402 INFO L290 TraceCheckUtils]: 77: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:14,402 INFO L290 TraceCheckUtils]: 78: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,402 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {30106#true} {30107#false} #1161#return; {30107#false} is VALID [2022-02-20 17:59:14,402 INFO L290 TraceCheckUtils]: 80: Hoare triple {30107#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {30107#false} is VALID [2022-02-20 17:59:14,402 INFO L290 TraceCheckUtils]: 81: Hoare triple {30107#false} assume 0 == sign_~privkey~1#1; {30107#false} is VALID [2022-02-20 17:59:14,402 INFO L290 TraceCheckUtils]: 82: Hoare triple {30107#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {30107#false} is VALID [2022-02-20 17:59:14,402 INFO L272 TraceCheckUtils]: 83: Hoare triple {30107#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30106#true} is VALID [2022-02-20 17:59:14,402 INFO L290 TraceCheckUtils]: 84: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~6; {30106#true} is VALID [2022-02-20 17:59:14,402 INFO L290 TraceCheckUtils]: 85: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {30106#true} is VALID [2022-02-20 17:59:14,403 INFO L290 TraceCheckUtils]: 86: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,403 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {30106#true} {30107#false} #1163#return; {30107#false} is VALID [2022-02-20 17:59:14,403 INFO L290 TraceCheckUtils]: 88: Hoare triple {30107#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {30107#false} is VALID [2022-02-20 17:59:14,403 INFO L290 TraceCheckUtils]: 89: Hoare triple {30107#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {30107#false} is VALID [2022-02-20 17:59:14,403 INFO L272 TraceCheckUtils]: 90: Hoare triple {30107#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30107#false} is VALID [2022-02-20 17:59:14,403 INFO L290 TraceCheckUtils]: 91: Hoare triple {30107#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {30107#false} is VALID [2022-02-20 17:59:14,403 INFO L272 TraceCheckUtils]: 92: Hoare triple {30107#false} call #t~ret85#1 := getEmailTo(~msg#1); {30106#true} is VALID [2022-02-20 17:59:14,403 INFO L290 TraceCheckUtils]: 93: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:14,403 INFO L290 TraceCheckUtils]: 94: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:14,404 INFO L290 TraceCheckUtils]: 95: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,404 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {30106#true} {30107#false} #1181#return; {30107#false} is VALID [2022-02-20 17:59:14,404 INFO L290 TraceCheckUtils]: 97: Hoare triple {30107#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {30107#false} is VALID [2022-02-20 17:59:14,404 INFO L272 TraceCheckUtils]: 98: Hoare triple {30107#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {30106#true} is VALID [2022-02-20 17:59:14,404 INFO L290 TraceCheckUtils]: 99: Hoare triple {30106#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:14,404 INFO L290 TraceCheckUtils]: 100: Hoare triple {30106#true} assume 1 == ~handle; {30106#true} is VALID [2022-02-20 17:59:14,404 INFO L290 TraceCheckUtils]: 101: Hoare triple {30106#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:14,404 INFO L290 TraceCheckUtils]: 102: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,404 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {30106#true} {30107#false} #1183#return; {30107#false} is VALID [2022-02-20 17:59:14,404 INFO L290 TraceCheckUtils]: 104: Hoare triple {30107#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {30107#false} is VALID [2022-02-20 17:59:14,405 INFO L290 TraceCheckUtils]: 105: Hoare triple {30107#false} assume !(0 != ~pubkey~0#1); {30107#false} is VALID [2022-02-20 17:59:14,405 INFO L290 TraceCheckUtils]: 106: Hoare triple {30107#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {30107#false} is VALID [2022-02-20 17:59:14,405 INFO L290 TraceCheckUtils]: 107: Hoare triple {30107#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {30107#false} is VALID [2022-02-20 17:59:14,405 INFO L290 TraceCheckUtils]: 108: Hoare triple {30107#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {30107#false} is VALID [2022-02-20 17:59:14,405 INFO L272 TraceCheckUtils]: 109: Hoare triple {30107#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {30192#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:14,405 INFO L290 TraceCheckUtils]: 110: Hoare triple {30192#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,405 INFO L290 TraceCheckUtils]: 111: Hoare triple {30106#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,405 INFO L290 TraceCheckUtils]: 112: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,405 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {30106#true} {30107#false} #1189#return; {30107#false} is VALID [2022-02-20 17:59:14,405 INFO L290 TraceCheckUtils]: 114: Hoare triple {30107#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {30107#false} is VALID [2022-02-20 17:59:14,406 INFO L272 TraceCheckUtils]: 115: Hoare triple {30107#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {30106#true} is VALID [2022-02-20 17:59:14,406 INFO L290 TraceCheckUtils]: 116: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~29; {30106#true} is VALID [2022-02-20 17:59:14,406 INFO L290 TraceCheckUtils]: 117: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {30106#true} is VALID [2022-02-20 17:59:14,406 INFO L290 TraceCheckUtils]: 118: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,406 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {30106#true} {30107#false} #1191#return; {30107#false} is VALID [2022-02-20 17:59:14,406 INFO L290 TraceCheckUtils]: 120: Hoare triple {30107#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {30107#false} is VALID [2022-02-20 17:59:14,406 INFO L290 TraceCheckUtils]: 121: Hoare triple {30107#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {30107#false} is VALID [2022-02-20 17:59:14,406 INFO L272 TraceCheckUtils]: 122: Hoare triple {30107#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {30106#true} is VALID [2022-02-20 17:59:14,406 INFO L290 TraceCheckUtils]: 123: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:14,407 INFO L290 TraceCheckUtils]: 124: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:14,407 INFO L290 TraceCheckUtils]: 125: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,407 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {30106#true} {30107#false} #1193#return; {30107#false} is VALID [2022-02-20 17:59:14,407 INFO L290 TraceCheckUtils]: 127: Hoare triple {30107#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {30107#false} is VALID [2022-02-20 17:59:14,407 INFO L272 TraceCheckUtils]: 128: Hoare triple {30107#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {30106#true} is VALID [2022-02-20 17:59:14,407 INFO L290 TraceCheckUtils]: 129: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:14,407 INFO L290 TraceCheckUtils]: 130: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:14,407 INFO L290 TraceCheckUtils]: 131: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,407 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {30106#true} {30107#false} #1195#return; {30107#false} is VALID [2022-02-20 17:59:14,407 INFO L290 TraceCheckUtils]: 133: Hoare triple {30107#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {30107#false} is VALID [2022-02-20 17:59:14,408 INFO L290 TraceCheckUtils]: 134: Hoare triple {30107#false} assume !(0 != incoming_~privkey~0#1); {30107#false} is VALID [2022-02-20 17:59:14,408 INFO L290 TraceCheckUtils]: 135: Hoare triple {30107#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {30107#false} is VALID [2022-02-20 17:59:14,408 INFO L290 TraceCheckUtils]: 136: Hoare triple {30107#false} assume 1 == ~sent_signed~0; {30107#false} is VALID [2022-02-20 17:59:14,408 INFO L272 TraceCheckUtils]: 137: Hoare triple {30107#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {30106#true} is VALID [2022-02-20 17:59:14,408 INFO L290 TraceCheckUtils]: 138: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~23; {30106#true} is VALID [2022-02-20 17:59:14,408 INFO L290 TraceCheckUtils]: 139: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {30106#true} is VALID [2022-02-20 17:59:14,408 INFO L290 TraceCheckUtils]: 140: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,408 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {30106#true} {30107#false} #1207#return; {30107#false} is VALID [2022-02-20 17:59:14,408 INFO L290 TraceCheckUtils]: 142: Hoare triple {30107#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {30107#false} is VALID [2022-02-20 17:59:14,409 INFO L272 TraceCheckUtils]: 143: Hoare triple {30107#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {30106#true} is VALID [2022-02-20 17:59:14,409 INFO L290 TraceCheckUtils]: 144: Hoare triple {30106#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:14,409 INFO L290 TraceCheckUtils]: 145: Hoare triple {30106#true} assume 1 == ~handle; {30106#true} is VALID [2022-02-20 17:59:14,409 INFO L290 TraceCheckUtils]: 146: Hoare triple {30106#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:14,409 INFO L290 TraceCheckUtils]: 147: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,409 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {30106#true} {30107#false} #1209#return; {30107#false} is VALID [2022-02-20 17:59:14,409 INFO L290 TraceCheckUtils]: 149: Hoare triple {30107#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {30107#false} is VALID [2022-02-20 17:59:14,409 INFO L290 TraceCheckUtils]: 150: Hoare triple {30107#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {30107#false} is VALID [2022-02-20 17:59:14,409 INFO L272 TraceCheckUtils]: 151: Hoare triple {30107#false} call __automaton_fail(); {30107#false} is VALID [2022-02-20 17:59:14,409 INFO L290 TraceCheckUtils]: 152: Hoare triple {30107#false} assume !false; {30107#false} is VALID [2022-02-20 17:59:14,410 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 43 trivial. 0 not checked. [2022-02-20 17:59:14,410 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:14,410 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2075204204] [2022-02-20 17:59:14,410 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2075204204] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:59:14,410 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [539867648] [2022-02-20 17:59:14,410 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:14,411 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:14,411 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:59:14,412 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:59:14,413 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (7)] Waiting until timeout for monitored process [2022-02-20 17:59:14,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,629 INFO L263 TraceCheckSpWp]: Trace formula consists of 1273 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:59:14,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,679 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:59:14,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {30106#true} is VALID [2022-02-20 17:59:14,966 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {30106#true} is VALID [2022-02-20 17:59:14,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30106#true} is VALID [2022-02-20 17:59:14,967 INFO L290 TraceCheckUtils]: 3: Hoare triple {30106#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {30106#true} is VALID [2022-02-20 17:59:14,967 INFO L290 TraceCheckUtils]: 4: Hoare triple {30106#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {30106#true} is VALID [2022-02-20 17:59:14,967 INFO L290 TraceCheckUtils]: 5: Hoare triple {30106#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30106#true} is VALID [2022-02-20 17:59:14,967 INFO L272 TraceCheckUtils]: 6: Hoare triple {30106#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L290 TraceCheckUtils]: 7: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L290 TraceCheckUtils]: 8: Hoare triple {30106#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L290 TraceCheckUtils]: 9: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30106#true} {30106#true} #1245#return; {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L290 TraceCheckUtils]: 11: Hoare triple {30106#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L272 TraceCheckUtils]: 12: Hoare triple {30106#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L290 TraceCheckUtils]: 13: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L290 TraceCheckUtils]: 14: Hoare triple {30106#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L290 TraceCheckUtils]: 15: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,968 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30106#true} {30106#true} #1247#return; {30106#true} is VALID [2022-02-20 17:59:14,969 INFO L290 TraceCheckUtils]: 17: Hoare triple {30106#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30106#true} is VALID [2022-02-20 17:59:14,969 INFO L272 TraceCheckUtils]: 18: Hoare triple {30106#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30106#true} is VALID [2022-02-20 17:59:14,969 INFO L290 TraceCheckUtils]: 19: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,969 INFO L290 TraceCheckUtils]: 20: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,969 INFO L290 TraceCheckUtils]: 21: Hoare triple {30106#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,969 INFO L290 TraceCheckUtils]: 22: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,969 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30106#true} {30106#true} #1249#return; {30106#true} is VALID [2022-02-20 17:59:14,969 INFO L290 TraceCheckUtils]: 24: Hoare triple {30106#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {30106#true} is VALID [2022-02-20 17:59:14,969 INFO L272 TraceCheckUtils]: 25: Hoare triple {30106#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L290 TraceCheckUtils]: 26: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L290 TraceCheckUtils]: 27: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L290 TraceCheckUtils]: 28: Hoare triple {30106#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L290 TraceCheckUtils]: 29: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30106#true} {30106#true} #1251#return; {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L290 TraceCheckUtils]: 31: Hoare triple {30106#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L272 TraceCheckUtils]: 32: Hoare triple {30106#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L290 TraceCheckUtils]: 33: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L290 TraceCheckUtils]: 34: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,970 INFO L290 TraceCheckUtils]: 35: Hoare triple {30106#true} assume !(2 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L290 TraceCheckUtils]: 36: Hoare triple {30106#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L290 TraceCheckUtils]: 37: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30106#true} {30106#true} #1253#return; {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L290 TraceCheckUtils]: 39: Hoare triple {30106#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L272 TraceCheckUtils]: 40: Hoare triple {30106#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L290 TraceCheckUtils]: 41: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L290 TraceCheckUtils]: 42: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L290 TraceCheckUtils]: 43: Hoare triple {30106#true} assume !(2 == ~handle); {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L290 TraceCheckUtils]: 44: Hoare triple {30106#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:14,971 INFO L290 TraceCheckUtils]: 45: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:14,972 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {30106#true} {30106#true} #1255#return; {30106#true} is VALID [2022-02-20 17:59:14,972 INFO L290 TraceCheckUtils]: 47: Hoare triple {30106#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {30106#true} is VALID [2022-02-20 17:59:14,975 INFO L290 TraceCheckUtils]: 48: Hoare triple {30106#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30341#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:14,976 INFO L290 TraceCheckUtils]: 49: Hoare triple {30341#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {30341#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:14,976 INFO L290 TraceCheckUtils]: 50: Hoare triple {30341#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {30341#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:59:14,976 INFO L290 TraceCheckUtils]: 51: Hoare triple {30341#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,976 INFO L290 TraceCheckUtils]: 52: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,977 INFO L290 TraceCheckUtils]: 53: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(0 != test_~tmp___9~0#1); {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,977 INFO L290 TraceCheckUtils]: 54: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,977 INFO L290 TraceCheckUtils]: 55: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,977 INFO L290 TraceCheckUtils]: 56: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !false; {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 57: Hoare triple {30139#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 1)} assume !(test_~splverifierCounter~0#1 < 4); {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 58: Hoare triple {30107#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L272 TraceCheckUtils]: 59: Hoare triple {30107#false} call sendEmail(~bob~0, ~rjh~0); {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 60: Hoare triple {30107#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L272 TraceCheckUtils]: 61: Hoare triple {30107#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 62: Hoare triple {30107#false} ~handle := #in~handle;~value := #in~value; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 63: Hoare triple {30107#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 64: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {30107#false} {30107#false} #1231#return; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L272 TraceCheckUtils]: 66: Hoare triple {30107#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 67: Hoare triple {30107#false} ~handle := #in~handle;~value := #in~value; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 68: Hoare triple {30107#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 69: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {30107#false} {30107#false} #1233#return; {30107#false} is VALID [2022-02-20 17:59:14,978 INFO L290 TraceCheckUtils]: 71: Hoare triple {30107#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 72: Hoare triple {30107#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L272 TraceCheckUtils]: 73: Hoare triple {30107#false} call outgoing(~sender#1, ~email~0#1); {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 74: Hoare triple {30107#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L272 TraceCheckUtils]: 75: Hoare triple {30107#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 76: Hoare triple {30107#false} ~handle := #in~handle;havoc ~retValue_acc~12; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 77: Hoare triple {30107#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 78: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {30107#false} {30107#false} #1161#return; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 80: Hoare triple {30107#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 81: Hoare triple {30107#false} assume 0 == sign_~privkey~1#1; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 82: Hoare triple {30107#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L272 TraceCheckUtils]: 83: Hoare triple {30107#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 84: Hoare triple {30107#false} ~handle := #in~handle;havoc ~retValue_acc~6; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 85: Hoare triple {30107#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 86: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {30107#false} {30107#false} #1163#return; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 88: Hoare triple {30107#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 89: Hoare triple {30107#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L272 TraceCheckUtils]: 90: Hoare triple {30107#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 91: Hoare triple {30107#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L272 TraceCheckUtils]: 92: Hoare triple {30107#false} call #t~ret85#1 := getEmailTo(~msg#1); {30107#false} is VALID [2022-02-20 17:59:14,979 INFO L290 TraceCheckUtils]: 93: Hoare triple {30107#false} ~handle := #in~handle;havoc ~retValue_acc~24; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 94: Hoare triple {30107#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 95: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {30107#false} {30107#false} #1181#return; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 97: Hoare triple {30107#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L272 TraceCheckUtils]: 98: Hoare triple {30107#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 99: Hoare triple {30107#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 100: Hoare triple {30107#false} assume 1 == ~handle; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 101: Hoare triple {30107#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 102: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {30107#false} {30107#false} #1183#return; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 104: Hoare triple {30107#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 105: Hoare triple {30107#false} assume !(0 != ~pubkey~0#1); {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 106: Hoare triple {30107#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 107: Hoare triple {30107#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 108: Hoare triple {30107#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L272 TraceCheckUtils]: 109: Hoare triple {30107#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 110: Hoare triple {30107#false} ~handle := #in~handle;~value := #in~value; {30107#false} is VALID [2022-02-20 17:59:14,980 INFO L290 TraceCheckUtils]: 111: Hoare triple {30107#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30107#false} is VALID [2022-02-20 17:59:14,981 INFO L290 TraceCheckUtils]: 112: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,981 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {30107#false} {30107#false} #1189#return; {30107#false} is VALID [2022-02-20 17:59:14,981 INFO L290 TraceCheckUtils]: 114: Hoare triple {30107#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {30107#false} is VALID [2022-02-20 17:59:14,981 INFO L272 TraceCheckUtils]: 115: Hoare triple {30107#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {30107#false} is VALID [2022-02-20 17:59:14,981 INFO L290 TraceCheckUtils]: 116: Hoare triple {30107#false} ~handle := #in~handle;havoc ~retValue_acc~29; {30107#false} is VALID [2022-02-20 17:59:14,981 INFO L290 TraceCheckUtils]: 117: Hoare triple {30107#false} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {30107#false} is VALID [2022-02-20 17:59:14,981 INFO L290 TraceCheckUtils]: 118: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,981 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {30107#false} {30107#false} #1191#return; {30107#false} is VALID [2022-02-20 17:59:14,981 INFO L290 TraceCheckUtils]: 120: Hoare triple {30107#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 121: Hoare triple {30107#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L272 TraceCheckUtils]: 122: Hoare triple {30107#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 123: Hoare triple {30107#false} ~handle := #in~handle;havoc ~retValue_acc~24; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 124: Hoare triple {30107#false} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 125: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {30107#false} {30107#false} #1193#return; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 127: Hoare triple {30107#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L272 TraceCheckUtils]: 128: Hoare triple {30107#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 129: Hoare triple {30107#false} ~handle := #in~handle;havoc ~retValue_acc~12; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 130: Hoare triple {30107#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 131: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {30107#false} {30107#false} #1195#return; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 133: Hoare triple {30107#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 134: Hoare triple {30107#false} assume !(0 != incoming_~privkey~0#1); {30107#false} is VALID [2022-02-20 17:59:14,982 INFO L290 TraceCheckUtils]: 135: Hoare triple {30107#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 136: Hoare triple {30107#false} assume 1 == ~sent_signed~0; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L272 TraceCheckUtils]: 137: Hoare triple {30107#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 138: Hoare triple {30107#false} ~handle := #in~handle;havoc ~retValue_acc~23; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 139: Hoare triple {30107#false} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 140: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {30107#false} {30107#false} #1207#return; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 142: Hoare triple {30107#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L272 TraceCheckUtils]: 143: Hoare triple {30107#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 144: Hoare triple {30107#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 145: Hoare triple {30107#false} assume 1 == ~handle; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 146: Hoare triple {30107#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 147: Hoare triple {30107#false} assume true; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {30107#false} {30107#false} #1209#return; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 149: Hoare triple {30107#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 150: Hoare triple {30107#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L272 TraceCheckUtils]: 151: Hoare triple {30107#false} call __automaton_fail(); {30107#false} is VALID [2022-02-20 17:59:14,983 INFO L290 TraceCheckUtils]: 152: Hoare triple {30107#false} assume !false; {30107#false} is VALID [2022-02-20 17:59:14,984 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 43 trivial. 0 not checked. [2022-02-20 17:59:14,984 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 17:59:15,333 INFO L290 TraceCheckUtils]: 152: Hoare triple {30107#false} assume !false; {30107#false} is VALID [2022-02-20 17:59:15,333 INFO L272 TraceCheckUtils]: 151: Hoare triple {30107#false} call __automaton_fail(); {30107#false} is VALID [2022-02-20 17:59:15,333 INFO L290 TraceCheckUtils]: 150: Hoare triple {30107#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {30107#false} is VALID [2022-02-20 17:59:15,333 INFO L290 TraceCheckUtils]: 149: Hoare triple {30107#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret114#1 && __utac_acc__SignVerify_spec__2_#t~ret114#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~10#1 := __utac_acc__SignVerify_spec__2_#t~ret114#1;havoc __utac_acc__SignVerify_spec__2_#t~ret114#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~10#1; {30107#false} is VALID [2022-02-20 17:59:15,333 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {30106#true} {30107#false} #1209#return; {30107#false} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 147: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 146: Hoare triple {30106#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 145: Hoare triple {30106#true} assume 1 == ~handle; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 144: Hoare triple {30106#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L272 TraceCheckUtils]: 143: Hoare triple {30107#false} call __utac_acc__SignVerify_spec__2_#t~ret114#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~23#1); {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 142: Hoare triple {30107#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret113#1 && __utac_acc__SignVerify_spec__2_#t~ret113#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~23#1 := __utac_acc__SignVerify_spec__2_#t~ret113#1;havoc __utac_acc__SignVerify_spec__2_#t~ret113#1; {30107#false} is VALID [2022-02-20 17:59:15,334 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {30106#true} {30107#false} #1207#return; {30107#false} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 140: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 139: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~23 := ~__ste_email_from0~0;#res := ~retValue_acc~23; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 138: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~23; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L272 TraceCheckUtils]: 137: Hoare triple {30107#false} call __utac_acc__SignVerify_spec__2_#t~ret113#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 136: Hoare triple {30107#false} assume 1 == ~sent_signed~0; {30107#false} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 135: Hoare triple {30107#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret102#1, verify_#t~ret103#1, verify_#t~ret104#1, verify_#t~ret105#1, verify_#t~ret106#1, verify_#t~ret107#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~22#1, verify_~tmp___0~9#1, verify_~pubkey~1#1, verify_~tmp___1~5#1, verify_~tmp___2~4#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~22#1;havoc verify_~tmp___0~9#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~5#1;havoc verify_~tmp___2~4#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1, __utac_acc__SignVerify_spec__2_#t~nondet112#1, __utac_acc__SignVerify_spec__2_#t~ret113#1, __utac_acc__SignVerify_spec__2_#t~ret114#1, __utac_acc__SignVerify_spec__2_#t~ret115#1, __utac_acc__SignVerify_spec__2_#t~ret116#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~23#1, __utac_acc__SignVerify_spec__2_~tmp___0~10#1, __utac_acc__SignVerify_spec__2_~tmp___1~6#1, __utac_acc__SignVerify_spec__2_~tmp___2~5#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~23#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~10#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~5#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret111#1 := puts(41, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret111#1 && __utac_acc__SignVerify_spec__2_#t~ret111#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret111#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 42, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet112#1; {30107#false} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 134: Hoare triple {30107#false} assume !(0 != incoming_~privkey~0#1); {30107#false} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 133: Hoare triple {30107#false} assume -2147483648 <= incoming_#t~ret94#1 && incoming_#t~ret94#1 <= 2147483647;incoming_~tmp~18#1 := incoming_#t~ret94#1;havoc incoming_#t~ret94#1;incoming_~privkey~0#1 := incoming_~tmp~18#1; {30107#false} is VALID [2022-02-20 17:59:15,334 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {30106#true} {30107#false} #1195#return; {30107#false} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 131: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 130: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L290 TraceCheckUtils]: 129: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:15,334 INFO L272 TraceCheckUtils]: 128: Hoare triple {30107#false} call incoming_#t~ret94#1 := getClientPrivateKey(incoming_~client#1); {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 127: Hoare triple {30107#false} assume -2147483648 <= mail_#t~ret83#1 && mail_#t~ret83#1 <= 2147483647;mail_~tmp~14#1 := mail_#t~ret83#1;havoc mail_#t~ret83#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~14#1, mail_~msg#1;havoc incoming_#t~ret94#1, incoming_#t~ret95#1, incoming_#t~ret96#1, incoming_#t~ret97#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~18#1, incoming_~tmp___0~8#1, incoming_~tmp___1~4#1, incoming_~tmp___2~3#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~18#1;havoc incoming_~tmp___0~8#1;havoc incoming_~tmp___1~4#1;havoc incoming_~tmp___2~3#1; {30107#false} is VALID [2022-02-20 17:59:15,335 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {30106#true} {30107#false} #1193#return; {30107#false} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 125: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 124: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 123: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L272 TraceCheckUtils]: 122: Hoare triple {30107#false} call mail_#t~ret83#1 := getEmailTo(mail_~msg#1); {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 121: Hoare triple {30107#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret82#1 := puts(34, 0);assume -2147483648 <= mail_#t~ret82#1 && mail_#t~ret82#1 <= 2147483647;havoc mail_#t~ret82#1; {30107#false} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 120: Hoare triple {30107#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret109#1 && __utac_acc__SignVerify_spec__1_#t~ret109#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret109#1;havoc __utac_acc__SignVerify_spec__1_#t~ret109#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet110#1; {30107#false} is VALID [2022-02-20 17:59:15,335 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {30106#true} {30107#false} #1191#return; {30107#false} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 118: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 117: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~29 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~29; {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 116: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~29; {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L272 TraceCheckUtils]: 115: Hoare triple {30107#false} call __utac_acc__SignVerify_spec__1_#t~ret109#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 114: Hoare triple {30107#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret82#1, mail_#t~ret83#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~14#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~14#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1, __utac_acc__SignVerify_spec__1_#t~ret109#1, __utac_acc__SignVerify_spec__1_#t~nondet110#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret108#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret108#1 && __utac_acc__SignVerify_spec__1_#t~ret108#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret108#1; {30107#false} is VALID [2022-02-20 17:59:15,335 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {30106#true} {30107#false} #1189#return; {30107#false} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 112: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,335 INFO L290 TraceCheckUtils]: 111: Hoare triple {30106#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:15,336 INFO L290 TraceCheckUtils]: 110: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:15,336 INFO L272 TraceCheckUtils]: 109: Hoare triple {30107#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1); {30106#true} is VALID [2022-02-20 17:59:15,336 INFO L290 TraceCheckUtils]: 108: Hoare triple {30107#false} outgoing__wrappee__Keys_#t~ret84#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret84#1 && outgoing__wrappee__Keys_#t~ret84#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~15#1 := outgoing__wrappee__Keys_#t~ret84#1;havoc outgoing__wrappee__Keys_#t~ret84#1; {30107#false} is VALID [2022-02-20 17:59:15,336 INFO L290 TraceCheckUtils]: 107: Hoare triple {30107#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~19#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~19#1; {30107#false} is VALID [2022-02-20 17:59:15,336 INFO L290 TraceCheckUtils]: 106: Hoare triple {30107#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret84#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~15#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~15#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~19#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~19#1; {30107#false} is VALID [2022-02-20 17:59:15,336 INFO L290 TraceCheckUtils]: 105: Hoare triple {30107#false} assume !(0 != ~pubkey~0#1); {30107#false} is VALID [2022-02-20 17:59:15,336 INFO L290 TraceCheckUtils]: 104: Hoare triple {30107#false} assume -2147483648 <= #t~ret86#1 && #t~ret86#1 <= 2147483647;~tmp___0~6#1 := #t~ret86#1;havoc #t~ret86#1;~pubkey~0#1 := ~tmp___0~6#1; {30107#false} is VALID [2022-02-20 17:59:15,336 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {30106#true} {30107#false} #1183#return; {30107#false} is VALID [2022-02-20 17:59:15,336 INFO L290 TraceCheckUtils]: 102: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,336 INFO L290 TraceCheckUtils]: 101: Hoare triple {30106#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~17 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 100: Hoare triple {30106#true} assume 1 == ~handle; {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 99: Hoare triple {30106#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~17; {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L272 TraceCheckUtils]: 98: Hoare triple {30107#false} call #t~ret86#1 := findPublicKey(~client#1, ~receiver~0#1); {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 97: Hoare triple {30107#false} assume -2147483648 <= #t~ret85#1 && #t~ret85#1 <= 2147483647;~tmp~16#1 := #t~ret85#1;havoc #t~ret85#1;~receiver~0#1 := ~tmp~16#1; {30107#false} is VALID [2022-02-20 17:59:15,337 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {30106#true} {30107#false} #1181#return; {30107#false} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 95: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 94: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~24 := ~__ste_email_to0~0;#res := ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 93: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~24; {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L272 TraceCheckUtils]: 92: Hoare triple {30107#false} call #t~ret85#1 := getEmailTo(~msg#1); {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 91: Hoare triple {30107#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~16#1;havoc ~pubkey~0#1;havoc ~tmp___0~6#1; {30107#false} is VALID [2022-02-20 17:59:15,337 INFO L272 TraceCheckUtils]: 90: Hoare triple {30107#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {30107#false} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 89: Hoare triple {30107#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {30107#false} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 88: Hoare triple {30107#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret87#1 && outgoing__wrappee__AddressBook_#t~ret87#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~17#1 := outgoing__wrappee__AddressBook_#t~ret87#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~17#1; {30107#false} is VALID [2022-02-20 17:59:15,337 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {30106#true} {30107#false} #1163#return; {30107#false} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 86: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 85: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~6; {30106#true} is VALID [2022-02-20 17:59:15,337 INFO L290 TraceCheckUtils]: 84: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~6; {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L272 TraceCheckUtils]: 83: Hoare triple {30107#false} call outgoing__wrappee__AddressBook_#t~ret87#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 82: Hoare triple {30107#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret87#1, outgoing__wrappee__AddressBook_#t~ret88#1, outgoing__wrappee__AddressBook_#t~ret89#1, outgoing__wrappee__AddressBook_#t~ret90#1, outgoing__wrappee__AddressBook_#t~ret91#1, outgoing__wrappee__AddressBook_#t~ret92#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~17#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~7#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~3#1, outgoing__wrappee__AddressBook_~tmp___2~2#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~17#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~7#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~3#1;havoc outgoing__wrappee__AddressBook_~tmp___2~2#1; {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 81: Hoare triple {30107#false} assume 0 == sign_~privkey~1#1; {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 80: Hoare triple {30107#false} assume -2147483648 <= sign_#t~ret101#1 && sign_#t~ret101#1 <= 2147483647;sign_~tmp~21#1 := sign_#t~ret101#1;havoc sign_#t~ret101#1;sign_~privkey~1#1 := sign_~tmp~21#1; {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {30106#true} {30107#false} #1161#return; {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 78: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 77: Hoare triple {30106#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 76: Hoare triple {30106#true} ~handle := #in~handle;havoc ~retValue_acc~12; {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L272 TraceCheckUtils]: 75: Hoare triple {30107#false} call sign_#t~ret101#1 := getClientPrivateKey(sign_~client#1); {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 74: Hoare triple {30107#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret101#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~21#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~21#1; {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L272 TraceCheckUtils]: 73: Hoare triple {30107#false} call outgoing(~sender#1, ~email~0#1); {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 72: Hoare triple {30107#false} #t~ret99#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret99#1 && #t~ret99#1 <= 2147483647;~tmp~20#1 := #t~ret99#1;havoc #t~ret99#1;~email~0#1 := ~tmp~20#1; {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 71: Hoare triple {30107#false} createEmail_~retValue_acc~37#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~37#1; {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {30106#true} {30107#false} #1233#return; {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 69: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 68: Hoare triple {30106#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 67: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L272 TraceCheckUtils]: 66: Hoare triple {30107#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {30106#true} {30107#false} #1231#return; {30107#false} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 64: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,338 INFO L290 TraceCheckUtils]: 63: Hoare triple {30106#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:15,339 INFO L290 TraceCheckUtils]: 62: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:15,339 INFO L272 TraceCheckUtils]: 61: Hoare triple {30107#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {30106#true} is VALID [2022-02-20 17:59:15,339 INFO L290 TraceCheckUtils]: 60: Hoare triple {30107#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~20#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~37#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~37#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {30107#false} is VALID [2022-02-20 17:59:15,339 INFO L272 TraceCheckUtils]: 59: Hoare triple {30107#false} call sendEmail(~bob~0, ~rjh~0); {30107#false} is VALID [2022-02-20 17:59:15,339 INFO L290 TraceCheckUtils]: 58: Hoare triple {30107#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret29#1, bobToRjh_#t~ret30#1, bobToRjh_#t~ret31#1, bobToRjh_#t~ret32#1, bobToRjh_~tmp~5#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~5#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret29#1 := puts(16, 0);assume -2147483648 <= bobToRjh_#t~ret29#1 && bobToRjh_#t~ret29#1 <= 2147483647;havoc bobToRjh_#t~ret29#1; {30107#false} is VALID [2022-02-20 17:59:15,339 INFO L290 TraceCheckUtils]: 57: Hoare triple {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(test_~splverifierCounter~0#1 < 4); {30107#false} is VALID [2022-02-20 17:59:15,355 INFO L290 TraceCheckUtils]: 56: Hoare triple {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !false; {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:15,356 INFO L290 TraceCheckUtils]: 55: Hoare triple {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:15,356 INFO L290 TraceCheckUtils]: 54: Hoare triple {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:15,357 INFO L290 TraceCheckUtils]: 53: Hoare triple {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume !(0 != test_~tmp___9~0#1); {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:15,357 INFO L290 TraceCheckUtils]: 52: Hoare triple {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:15,358 INFO L290 TraceCheckUtils]: 51: Hoare triple {30958#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {30939#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 4)} is VALID [2022-02-20 17:59:15,358 INFO L290 TraceCheckUtils]: 50: Hoare triple {30958#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume test_~splverifierCounter~0#1 < 4; {30958#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:59:15,358 INFO L290 TraceCheckUtils]: 49: Hoare triple {30958#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} assume !false; {30958#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:59:15,359 INFO L290 TraceCheckUtils]: 48: Hoare triple {30106#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {30958#(< |ULTIMATE.start_test_~splverifierCounter~0#1| 3)} is VALID [2022-02-20 17:59:15,359 INFO L290 TraceCheckUtils]: 47: Hoare triple {30106#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 20, 0;havoc setup_#t~nondet36#1; {30106#true} is VALID [2022-02-20 17:59:15,359 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {30106#true} {30106#true} #1255#return; {30106#true} is VALID [2022-02-20 17:59:15,359 INFO L290 TraceCheckUtils]: 45: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,359 INFO L290 TraceCheckUtils]: 44: Hoare triple {30106#true} assume 3 == ~handle;~__ste_client_privateKey2~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:15,360 INFO L290 TraceCheckUtils]: 43: Hoare triple {30106#true} assume !(2 == ~handle); {30106#true} is VALID [2022-02-20 17:59:15,360 INFO L290 TraceCheckUtils]: 42: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:15,360 INFO L290 TraceCheckUtils]: 41: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:15,360 INFO L272 TraceCheckUtils]: 40: Hoare triple {30106#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {30106#true} is VALID [2022-02-20 17:59:15,360 INFO L290 TraceCheckUtils]: 39: Hoare triple {30106#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {30106#true} is VALID [2022-02-20 17:59:15,360 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {30106#true} {30106#true} #1253#return; {30106#true} is VALID [2022-02-20 17:59:15,360 INFO L290 TraceCheckUtils]: 37: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,360 INFO L290 TraceCheckUtils]: 36: Hoare triple {30106#true} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:15,360 INFO L290 TraceCheckUtils]: 35: Hoare triple {30106#true} assume !(2 == ~handle); {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L290 TraceCheckUtils]: 34: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L290 TraceCheckUtils]: 33: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L272 TraceCheckUtils]: 32: Hoare triple {30106#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L290 TraceCheckUtils]: 31: Hoare triple {30106#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 19, 0;havoc setup_#t~nondet35#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {30106#true} {30106#true} #1251#return; {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L290 TraceCheckUtils]: 29: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L290 TraceCheckUtils]: 28: Hoare triple {30106#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L290 TraceCheckUtils]: 27: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L290 TraceCheckUtils]: 26: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:15,361 INFO L272 TraceCheckUtils]: 25: Hoare triple {30106#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {30106#true} is VALID [2022-02-20 17:59:15,362 INFO L290 TraceCheckUtils]: 24: Hoare triple {30106#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {30106#true} is VALID [2022-02-20 17:59:15,362 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {30106#true} {30106#true} #1249#return; {30106#true} is VALID [2022-02-20 17:59:15,362 INFO L290 TraceCheckUtils]: 22: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,362 INFO L290 TraceCheckUtils]: 21: Hoare triple {30106#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:15,362 INFO L290 TraceCheckUtils]: 20: Hoare triple {30106#true} assume !(1 == ~handle); {30106#true} is VALID [2022-02-20 17:59:15,362 INFO L290 TraceCheckUtils]: 19: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:15,362 INFO L272 TraceCheckUtils]: 18: Hoare triple {30106#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {30106#true} is VALID [2022-02-20 17:59:15,362 INFO L290 TraceCheckUtils]: 17: Hoare triple {30106#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 18, 0;havoc setup_#t~nondet34#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {30106#true} is VALID [2022-02-20 17:59:15,362 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {30106#true} {30106#true} #1247#return; {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L290 TraceCheckUtils]: 15: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L290 TraceCheckUtils]: 14: Hoare triple {30106#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L290 TraceCheckUtils]: 13: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L272 TraceCheckUtils]: 12: Hoare triple {30106#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L290 TraceCheckUtils]: 11: Hoare triple {30106#true} assume { :end_inline_setup_bob__wrappee__Base } true; {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {30106#true} {30106#true} #1245#return; {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L290 TraceCheckUtils]: 9: Hoare triple {30106#true} assume true; {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L290 TraceCheckUtils]: 8: Hoare triple {30106#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L290 TraceCheckUtils]: 7: Hoare triple {30106#true} ~handle := #in~handle;~value := #in~value; {30106#true} is VALID [2022-02-20 17:59:15,363 INFO L272 TraceCheckUtils]: 6: Hoare triple {30106#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {30106#true} is VALID [2022-02-20 17:59:15,364 INFO L290 TraceCheckUtils]: 5: Hoare triple {30106#true} assume 0 != main_~tmp~6#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet34#1, setup_#t~nondet35#1, setup_#t~nondet36#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {30106#true} is VALID [2022-02-20 17:59:15,364 INFO L290 TraceCheckUtils]: 4: Hoare triple {30106#true} main_#t~ret37#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret37#1 && main_#t~ret37#1 <= 2147483647;main_~tmp~6#1 := main_#t~ret37#1;havoc main_#t~ret37#1; {30106#true} is VALID [2022-02-20 17:59:15,364 INFO L290 TraceCheckUtils]: 3: Hoare triple {30106#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~33#1;havoc valid_product_~retValue_acc~33#1;valid_product_~retValue_acc~33#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~33#1; {30106#true} is VALID [2022-02-20 17:59:15,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {30106#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {30106#true} is VALID [2022-02-20 17:59:15,364 INFO L290 TraceCheckUtils]: 1: Hoare triple {30106#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret37#1, main_~retValue_acc~20#1, main_~tmp~6#1;havoc main_~retValue_acc~20#1;havoc main_~tmp~6#1;assume { :begin_inline_select_helpers } true; {30106#true} is VALID [2022-02-20 17:59:15,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {30106#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(44, 16);call #Ultimate.allocInit(44, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(11, 20);call #Ultimate.allocInit(19, 21);call #Ultimate.allocInit(4, 22);call write~init~int(37, 22, 0, 1);call write~init~int(100, 22, 1, 1);call write~init~int(10, 22, 2, 1);call write~init~int(0, 22, 3, 1);call #Ultimate.allocInit(4, 23);call write~init~int(37, 23, 0, 1);call write~init~int(100, 23, 1, 1);call write~init~int(10, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(12, 25);call #Ultimate.allocInit(10, 26);call #Ultimate.allocInit(18, 27);call #Ultimate.allocInit(16, 28);call #Ultimate.allocInit(21, 29);call #Ultimate.allocInit(13, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(25, 32);call #Ultimate.allocInit(4, 33);call write~init~int(37, 33, 0, 1);call write~init~int(115, 33, 1, 1);call write~init~int(10, 33, 2, 1);call write~init~int(0, 33, 3, 1);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(34, 35);call #Ultimate.allocInit(30, 36);call #Ultimate.allocInit(16, 37);call #Ultimate.allocInit(20, 38);call #Ultimate.allocInit(13, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(15, 41);call #Ultimate.allocInit(16, 42);~head~0.base, ~head~0.offset := 0, 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1; {30106#true} is VALID [2022-02-20 17:59:15,364 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 43 trivial. 0 not checked. [2022-02-20 17:59:15,365 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [539867648] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 17:59:15,365 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 17:59:15,365 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 4, 4] total 11 [2022-02-20 17:59:15,365 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [161733512] [2022-02-20 17:59:15,365 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 17:59:15,366 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 11 states have (on average 12.090909090909092) internal successors, (133), 7 states have internal predecessors, (133), 2 states have call successors, (43), 6 states have call predecessors, (43), 2 states have return successors, (30), 2 states have call predecessors, (30), 2 states have call successors, (30) Word has length 153