./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec3_product30.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec3_product30.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash bcbcb0270b2ee5ae38e5dd3a933d2995b5c0488c9590f16a6543c0c656cfb023 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:58:25,237 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:58:25,238 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:58:25,271 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:58:25,272 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:58:25,273 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:58:25,274 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:58:25,275 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:58:25,277 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:58:25,277 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:58:25,278 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:58:25,279 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:58:25,280 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:58:25,280 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:58:25,281 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:58:25,282 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:58:25,283 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:58:25,284 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:58:25,285 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:58:25,286 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:58:25,288 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:58:25,291 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:58:25,295 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:58:25,296 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:58:25,298 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:58:25,298 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:58:25,298 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:58:25,299 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:58:25,300 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:58:25,300 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:58:25,301 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:58:25,301 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:58:25,302 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:58:25,302 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:58:25,303 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:58:25,303 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:58:25,304 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:58:25,304 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:58:25,305 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:58:25,305 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:58:25,306 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:58:25,307 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:58:25,326 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:58:25,326 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:58:25,326 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:58:25,327 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:58:25,327 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:58:25,327 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:58:25,328 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:58:25,328 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:58:25,329 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:58:25,329 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:58:25,329 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:58:25,329 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:58:25,329 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:58:25,330 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:58:25,330 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:58:25,330 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:58:25,330 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:58:25,331 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:58:25,331 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:58:25,331 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:58:25,331 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:58:25,332 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:58:25,332 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:58:25,332 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:58:25,332 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:25,333 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:58:25,333 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:58:25,333 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:58:25,333 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:58:25,334 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:58:25,334 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:58:25,334 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:58:25,334 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:58:25,334 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> bcbcb0270b2ee5ae38e5dd3a933d2995b5c0488c9590f16a6543c0c656cfb023 [2022-02-20 17:58:25,543 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:58:25,564 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:58:25,568 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:58:25,569 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:58:25,570 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:58:25,571 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec3_product30.cil.c [2022-02-20 17:58:25,630 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f0b380a22/08682d884b5a4441b08082b51a4613fe/FLAG838cf8ec4 [2022-02-20 17:58:26,093 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:58:26,094 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product30.cil.c [2022-02-20 17:58:26,119 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f0b380a22/08682d884b5a4441b08082b51a4613fe/FLAG838cf8ec4 [2022-02-20 17:58:26,133 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/f0b380a22/08682d884b5a4441b08082b51a4613fe [2022-02-20 17:58:26,135 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:58:26,138 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:58:26,140 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:26,140 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:58:26,142 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:58:26,144 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:26,145 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@b9aef0e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26, skipping insertion in model container [2022-02-20 17:58:26,145 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:26,151 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:58:26,215 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:58:26,467 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product30.cil.c[5243,5256] [2022-02-20 17:58:26,778 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:26,788 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:58:26,820 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product30.cil.c[5243,5256] [2022-02-20 17:58:26,911 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:26,958 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:58:26,960 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26 WrapperNode [2022-02-20 17:58:26,960 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:26,961 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:26,962 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:58:26,962 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:58:26,970 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:26,994 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:27,052 INFO L137 Inliner]: procedures = 132, calls = 227, calls flagged for inlining = 60, calls inlined = 50, statements flattened = 941 [2022-02-20 17:58:27,053 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:27,053 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:58:27,053 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:58:27,054 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:58:27,060 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:27,061 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:27,066 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:27,067 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:27,110 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:27,118 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:27,122 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:27,128 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:58:27,144 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:58:27,144 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:58:27,144 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:58:27,145 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (1/1) ... [2022-02-20 17:58:27,151 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:27,165 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:27,184 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:58:27,205 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:58:27,221 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:58:27,221 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:58:27,221 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:58:27,222 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:58:27,222 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:58:27,222 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:58:27,222 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:58:27,222 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:58:27,222 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:58:27,223 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:58:27,223 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:58:27,223 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:58:27,223 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:58:27,223 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:58:27,223 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:58:27,224 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:58:27,224 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:58:27,224 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:58:27,224 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:58:27,224 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:58:27,224 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:58:27,224 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:58:27,225 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:58:27,225 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:58:27,225 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:58:27,225 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:58:27,225 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:58:27,225 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:58:27,226 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:58:27,226 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:58:27,226 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:58:27,226 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:58:27,226 INFO L130 BoogieDeclarations]: Found specification of procedure __automaton_fail [2022-02-20 17:58:27,226 INFO L138 BoogieDeclarations]: Found implementation of procedure __automaton_fail [2022-02-20 17:58:27,226 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:58:27,227 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:58:27,227 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:58:27,227 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:58:27,227 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:58:27,227 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:58:27,227 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:58:27,227 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:58:27,228 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:58:27,228 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:58:27,228 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:58:27,228 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:58:27,228 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:58:27,228 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:58:27,228 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:58:27,229 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:58:27,229 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:58:27,229 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:58:27,229 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:58:27,460 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:58:27,462 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:58:28,204 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:58:28,215 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:58:28,215 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:58:28,217 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:28 BoogieIcfgContainer [2022-02-20 17:58:28,217 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:58:28,219 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:58:28,219 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:58:28,222 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:58:28,222 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:58:26" (1/3) ... [2022-02-20 17:58:28,223 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2948ed89 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:28, skipping insertion in model container [2022-02-20 17:58:28,223 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:26" (2/3) ... [2022-02-20 17:58:28,223 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2948ed89 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:28, skipping insertion in model container [2022-02-20 17:58:28,223 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:28" (3/3) ... [2022-02-20 17:58:28,224 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec3_product30.cil.c [2022-02-20 17:58:28,229 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:58:28,229 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:58:28,268 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:58:28,298 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:58:28,298 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:58:28,346 INFO L276 IsEmpty]: Start isEmpty. Operand has 358 states, 274 states have (on average 1.510948905109489) internal successors, (414), 280 states have internal predecessors, (414), 58 states have call successors, (58), 24 states have call predecessors, (58), 24 states have return successors, (58), 57 states have call predecessors, (58), 58 states have call successors, (58) [2022-02-20 17:58:28,372 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 131 [2022-02-20 17:58:28,374 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:28,375 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:28,376 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:28,381 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:28,381 INFO L85 PathProgramCache]: Analyzing trace with hash -1804830783, now seen corresponding path program 1 times [2022-02-20 17:58:28,392 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:28,392 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [891952277] [2022-02-20 17:58:28,393 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:28,393 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:28,570 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:28,742 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,754 INFO L290 TraceCheckUtils]: 0: Hoare triple {434#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:28,755 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:28,756 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,756 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {361#true} #1041#return; {361#true} is VALID [2022-02-20 17:58:28,764 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:28,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,783 INFO L290 TraceCheckUtils]: 0: Hoare triple {435#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:28,783 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:28,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,784 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {361#true} #1043#return; {361#true} is VALID [2022-02-20 17:58:28,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:28,794 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {434#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {436#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:28,822 INFO L290 TraceCheckUtils]: 1: Hoare triple {436#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {437#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:28,822 INFO L290 TraceCheckUtils]: 2: Hoare triple {437#(= |setClientId_#in~handle| 1)} assume true; {437#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:28,824 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {437#(= |setClientId_#in~handle| 1)} {371#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1045#return; {362#false} is VALID [2022-02-20 17:58:28,824 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:28,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {435#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:28,835 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:28,835 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,836 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #1047#return; {362#false} is VALID [2022-02-20 17:58:28,837 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:28,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,853 INFO L290 TraceCheckUtils]: 0: Hoare triple {434#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:28,853 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:28,853 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,854 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #1049#return; {362#false} is VALID [2022-02-20 17:58:28,855 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:28,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,869 INFO L290 TraceCheckUtils]: 0: Hoare triple {435#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:28,871 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:28,871 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,872 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #1051#return; {362#false} is VALID [2022-02-20 17:58:28,882 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:58:28,885 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,890 INFO L290 TraceCheckUtils]: 0: Hoare triple {438#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:28,891 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:28,895 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,896 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #1027#return; {362#false} is VALID [2022-02-20 17:58:28,905 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:58:28,907 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,911 INFO L290 TraceCheckUtils]: 0: Hoare triple {439#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:28,912 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:28,912 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,913 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #1029#return; {362#false} is VALID [2022-02-20 17:58:28,913 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:28,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,922 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~35; {361#true} is VALID [2022-02-20 17:58:28,923 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {361#true} is VALID [2022-02-20 17:58:28,923 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,924 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #971#return; {362#false} is VALID [2022-02-20 17:58:28,924 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:58:28,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~7; {361#true} is VALID [2022-02-20 17:58:28,932 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {361#true} is VALID [2022-02-20 17:58:28,933 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,933 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #973#return; {362#false} is VALID [2022-02-20 17:58:28,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:58:28,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,943 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {361#true} is VALID [2022-02-20 17:58:28,944 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle; {361#true} is VALID [2022-02-20 17:58:28,944 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {361#true} is VALID [2022-02-20 17:58:28,944 INFO L290 TraceCheckUtils]: 3: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,944 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {361#true} {362#false} #975#return; {362#false} is VALID [2022-02-20 17:58:28,945 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:58:28,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,958 INFO L290 TraceCheckUtils]: 0: Hoare triple {438#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:28,958 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:28,961 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,961 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #981#return; {362#false} is VALID [2022-02-20 17:58:28,962 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:58:28,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~12; {361#true} is VALID [2022-02-20 17:58:28,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {361#true} is VALID [2022-02-20 17:58:28,970 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,970 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #983#return; {362#false} is VALID [2022-02-20 17:58:28,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:58:28,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,977 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~7; {361#true} is VALID [2022-02-20 17:58:28,978 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {361#true} is VALID [2022-02-20 17:58:28,978 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,978 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #985#return; {362#false} is VALID [2022-02-20 17:58:28,979 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:58:28,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,988 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~35; {361#true} is VALID [2022-02-20 17:58:28,988 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {361#true} is VALID [2022-02-20 17:58:28,989 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,989 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #987#return; {362#false} is VALID [2022-02-20 17:58:28,989 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:58:28,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,994 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~6; {361#true} is VALID [2022-02-20 17:58:28,995 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {361#true} is VALID [2022-02-20 17:58:28,995 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:28,995 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {361#true} {362#false} #999#return; {362#false} is VALID [2022-02-20 17:58:28,995 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 17:58:28,997 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:28,999 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {361#true} is VALID [2022-02-20 17:58:29,000 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume 1 == ~handle; {361#true} is VALID [2022-02-20 17:58:29,000 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {361#true} is VALID [2022-02-20 17:58:29,000 INFO L290 TraceCheckUtils]: 3: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,001 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {361#true} {362#false} #1001#return; {362#false} is VALID [2022-02-20 17:58:29,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {361#true} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {361#true} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {361#true} is VALID [2022-02-20 17:58:29,002 INFO L290 TraceCheckUtils]: 3: Hoare triple {361#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {361#true} is VALID [2022-02-20 17:58:29,003 INFO L290 TraceCheckUtils]: 4: Hoare triple {361#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {361#true} is VALID [2022-02-20 17:58:29,003 INFO L290 TraceCheckUtils]: 5: Hoare triple {361#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {361#true} is VALID [2022-02-20 17:58:29,007 INFO L272 TraceCheckUtils]: 6: Hoare triple {361#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {434#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:29,007 INFO L290 TraceCheckUtils]: 7: Hoare triple {434#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,008 INFO L290 TraceCheckUtils]: 8: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,008 INFO L290 TraceCheckUtils]: 9: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,008 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {361#true} {361#true} #1041#return; {361#true} is VALID [2022-02-20 17:58:29,008 INFO L290 TraceCheckUtils]: 11: Hoare triple {361#true} assume { :end_inline_setup_bob__wrappee__Base } true; {361#true} is VALID [2022-02-20 17:58:29,010 INFO L272 TraceCheckUtils]: 12: Hoare triple {361#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {435#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:29,010 INFO L290 TraceCheckUtils]: 13: Hoare triple {435#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,010 INFO L290 TraceCheckUtils]: 14: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,010 INFO L290 TraceCheckUtils]: 15: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,010 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {361#true} {361#true} #1043#return; {361#true} is VALID [2022-02-20 17:58:29,012 INFO L290 TraceCheckUtils]: 17: Hoare triple {361#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {371#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:29,013 INFO L272 TraceCheckUtils]: 18: Hoare triple {371#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {434#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:29,014 INFO L290 TraceCheckUtils]: 19: Hoare triple {434#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {436#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:29,014 INFO L290 TraceCheckUtils]: 20: Hoare triple {436#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {437#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:29,015 INFO L290 TraceCheckUtils]: 21: Hoare triple {437#(= |setClientId_#in~handle| 1)} assume true; {437#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:29,016 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {437#(= |setClientId_#in~handle| 1)} {371#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1045#return; {362#false} is VALID [2022-02-20 17:58:29,016 INFO L290 TraceCheckUtils]: 23: Hoare triple {362#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {362#false} is VALID [2022-02-20 17:58:29,016 INFO L272 TraceCheckUtils]: 24: Hoare triple {362#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {435#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:29,016 INFO L290 TraceCheckUtils]: 25: Hoare triple {435#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,017 INFO L290 TraceCheckUtils]: 26: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,017 INFO L290 TraceCheckUtils]: 27: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,017 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {361#true} {362#false} #1047#return; {362#false} is VALID [2022-02-20 17:58:29,019 INFO L290 TraceCheckUtils]: 29: Hoare triple {362#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {362#false} is VALID [2022-02-20 17:58:29,023 INFO L272 TraceCheckUtils]: 30: Hoare triple {362#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {434#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:29,023 INFO L290 TraceCheckUtils]: 31: Hoare triple {434#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,023 INFO L290 TraceCheckUtils]: 32: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,023 INFO L290 TraceCheckUtils]: 33: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,023 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {361#true} {362#false} #1049#return; {362#false} is VALID [2022-02-20 17:58:29,024 INFO L290 TraceCheckUtils]: 35: Hoare triple {362#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {362#false} is VALID [2022-02-20 17:58:29,024 INFO L272 TraceCheckUtils]: 36: Hoare triple {362#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {435#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:29,024 INFO L290 TraceCheckUtils]: 37: Hoare triple {435#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,024 INFO L290 TraceCheckUtils]: 38: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,025 INFO L290 TraceCheckUtils]: 39: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,025 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {361#true} {362#false} #1051#return; {362#false} is VALID [2022-02-20 17:58:29,025 INFO L290 TraceCheckUtils]: 41: Hoare triple {362#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {362#false} is VALID [2022-02-20 17:58:29,025 INFO L290 TraceCheckUtils]: 42: Hoare triple {362#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {362#false} is VALID [2022-02-20 17:58:29,026 INFO L290 TraceCheckUtils]: 43: Hoare triple {362#false} assume !true; {362#false} is VALID [2022-02-20 17:58:29,026 INFO L290 TraceCheckUtils]: 44: Hoare triple {362#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {362#false} is VALID [2022-02-20 17:58:29,026 INFO L272 TraceCheckUtils]: 45: Hoare triple {362#false} call sendEmail(~bob~0, ~rjh~0); {362#false} is VALID [2022-02-20 17:58:29,026 INFO L290 TraceCheckUtils]: 46: Hoare triple {362#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {362#false} is VALID [2022-02-20 17:58:29,027 INFO L272 TraceCheckUtils]: 47: Hoare triple {362#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {438#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:29,027 INFO L290 TraceCheckUtils]: 48: Hoare triple {438#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,027 INFO L290 TraceCheckUtils]: 49: Hoare triple {361#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,027 INFO L290 TraceCheckUtils]: 50: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,028 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {361#true} {362#false} #1027#return; {362#false} is VALID [2022-02-20 17:58:29,028 INFO L272 TraceCheckUtils]: 52: Hoare triple {362#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {439#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:29,028 INFO L290 TraceCheckUtils]: 53: Hoare triple {439#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,028 INFO L290 TraceCheckUtils]: 54: Hoare triple {361#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,028 INFO L290 TraceCheckUtils]: 55: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,029 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {361#true} {362#false} #1029#return; {362#false} is VALID [2022-02-20 17:58:29,029 INFO L290 TraceCheckUtils]: 57: Hoare triple {362#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {362#false} is VALID [2022-02-20 17:58:29,029 INFO L290 TraceCheckUtils]: 58: Hoare triple {362#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {362#false} is VALID [2022-02-20 17:58:29,029 INFO L272 TraceCheckUtils]: 59: Hoare triple {362#false} call outgoing(~sender#1, ~email~0#1); {362#false} is VALID [2022-02-20 17:58:29,030 INFO L290 TraceCheckUtils]: 60: Hoare triple {362#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {362#false} is VALID [2022-02-20 17:58:29,030 INFO L272 TraceCheckUtils]: 61: Hoare triple {362#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {361#true} is VALID [2022-02-20 17:58:29,030 INFO L290 TraceCheckUtils]: 62: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~35; {361#true} is VALID [2022-02-20 17:58:29,030 INFO L290 TraceCheckUtils]: 63: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {361#true} is VALID [2022-02-20 17:58:29,030 INFO L290 TraceCheckUtils]: 64: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,031 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {361#true} {362#false} #971#return; {362#false} is VALID [2022-02-20 17:58:29,031 INFO L290 TraceCheckUtils]: 66: Hoare triple {362#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {362#false} is VALID [2022-02-20 17:58:29,031 INFO L290 TraceCheckUtils]: 67: Hoare triple {362#false} assume 0 == sign_~privkey~1#1; {362#false} is VALID [2022-02-20 17:58:29,031 INFO L290 TraceCheckUtils]: 68: Hoare triple {362#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {362#false} is VALID [2022-02-20 17:58:29,032 INFO L272 TraceCheckUtils]: 69: Hoare triple {362#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {361#true} is VALID [2022-02-20 17:58:29,041 INFO L290 TraceCheckUtils]: 70: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~7; {361#true} is VALID [2022-02-20 17:58:29,041 INFO L290 TraceCheckUtils]: 71: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {361#true} is VALID [2022-02-20 17:58:29,041 INFO L290 TraceCheckUtils]: 72: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,041 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {361#true} {362#false} #973#return; {362#false} is VALID [2022-02-20 17:58:29,041 INFO L290 TraceCheckUtils]: 74: Hoare triple {362#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {362#false} is VALID [2022-02-20 17:58:29,042 INFO L272 TraceCheckUtils]: 75: Hoare triple {362#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {361#true} is VALID [2022-02-20 17:58:29,042 INFO L290 TraceCheckUtils]: 76: Hoare triple {361#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {361#true} is VALID [2022-02-20 17:58:29,042 INFO L290 TraceCheckUtils]: 77: Hoare triple {361#true} assume 1 == ~handle; {361#true} is VALID [2022-02-20 17:58:29,042 INFO L290 TraceCheckUtils]: 78: Hoare triple {361#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {361#true} is VALID [2022-02-20 17:58:29,043 INFO L290 TraceCheckUtils]: 79: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,043 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {361#true} {362#false} #975#return; {362#false} is VALID [2022-02-20 17:58:29,043 INFO L290 TraceCheckUtils]: 81: Hoare triple {362#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {362#false} is VALID [2022-02-20 17:58:29,043 INFO L290 TraceCheckUtils]: 82: Hoare triple {362#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {362#false} is VALID [2022-02-20 17:58:29,043 INFO L290 TraceCheckUtils]: 83: Hoare triple {362#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {362#false} is VALID [2022-02-20 17:58:29,044 INFO L290 TraceCheckUtils]: 84: Hoare triple {362#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {362#false} is VALID [2022-02-20 17:58:29,044 INFO L290 TraceCheckUtils]: 85: Hoare triple {362#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {362#false} is VALID [2022-02-20 17:58:29,044 INFO L272 TraceCheckUtils]: 86: Hoare triple {362#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {438#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:29,044 INFO L290 TraceCheckUtils]: 87: Hoare triple {438#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,045 INFO L290 TraceCheckUtils]: 88: Hoare triple {361#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,045 INFO L290 TraceCheckUtils]: 89: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,045 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {361#true} {362#false} #981#return; {362#false} is VALID [2022-02-20 17:58:29,045 INFO L290 TraceCheckUtils]: 91: Hoare triple {362#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {362#false} is VALID [2022-02-20 17:58:29,045 INFO L272 TraceCheckUtils]: 92: Hoare triple {362#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {361#true} is VALID [2022-02-20 17:58:29,046 INFO L290 TraceCheckUtils]: 93: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~12; {361#true} is VALID [2022-02-20 17:58:29,046 INFO L290 TraceCheckUtils]: 94: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {361#true} is VALID [2022-02-20 17:58:29,046 INFO L290 TraceCheckUtils]: 95: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,046 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {361#true} {362#false} #983#return; {362#false} is VALID [2022-02-20 17:58:29,046 INFO L290 TraceCheckUtils]: 97: Hoare triple {362#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {362#false} is VALID [2022-02-20 17:58:29,047 INFO L290 TraceCheckUtils]: 98: Hoare triple {362#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {362#false} is VALID [2022-02-20 17:58:29,047 INFO L272 TraceCheckUtils]: 99: Hoare triple {362#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {361#true} is VALID [2022-02-20 17:58:29,047 INFO L290 TraceCheckUtils]: 100: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~7; {361#true} is VALID [2022-02-20 17:58:29,047 INFO L290 TraceCheckUtils]: 101: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {361#true} is VALID [2022-02-20 17:58:29,048 INFO L290 TraceCheckUtils]: 102: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,048 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {361#true} {362#false} #985#return; {362#false} is VALID [2022-02-20 17:58:29,048 INFO L290 TraceCheckUtils]: 104: Hoare triple {362#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {362#false} is VALID [2022-02-20 17:58:29,048 INFO L272 TraceCheckUtils]: 105: Hoare triple {362#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {361#true} is VALID [2022-02-20 17:58:29,049 INFO L290 TraceCheckUtils]: 106: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~35; {361#true} is VALID [2022-02-20 17:58:29,049 INFO L290 TraceCheckUtils]: 107: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {361#true} is VALID [2022-02-20 17:58:29,049 INFO L290 TraceCheckUtils]: 108: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,049 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {361#true} {362#false} #987#return; {362#false} is VALID [2022-02-20 17:58:29,049 INFO L290 TraceCheckUtils]: 110: Hoare triple {362#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {362#false} is VALID [2022-02-20 17:58:29,050 INFO L290 TraceCheckUtils]: 111: Hoare triple {362#false} assume !(0 != incoming_~privkey~0#1); {362#false} is VALID [2022-02-20 17:58:29,050 INFO L290 TraceCheckUtils]: 112: Hoare triple {362#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {362#false} is VALID [2022-02-20 17:58:29,050 INFO L290 TraceCheckUtils]: 113: Hoare triple {362#false} assume 1 == ~sent_signed~0; {362#false} is VALID [2022-02-20 17:58:29,050 INFO L272 TraceCheckUtils]: 114: Hoare triple {362#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {361#true} is VALID [2022-02-20 17:58:29,051 INFO L290 TraceCheckUtils]: 115: Hoare triple {361#true} ~handle := #in~handle;havoc ~retValue_acc~6; {361#true} is VALID [2022-02-20 17:58:29,051 INFO L290 TraceCheckUtils]: 116: Hoare triple {361#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {361#true} is VALID [2022-02-20 17:58:29,051 INFO L290 TraceCheckUtils]: 117: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,051 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {361#true} {362#false} #999#return; {362#false} is VALID [2022-02-20 17:58:29,051 INFO L290 TraceCheckUtils]: 119: Hoare triple {362#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {362#false} is VALID [2022-02-20 17:58:29,052 INFO L272 TraceCheckUtils]: 120: Hoare triple {362#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {361#true} is VALID [2022-02-20 17:58:29,052 INFO L290 TraceCheckUtils]: 121: Hoare triple {361#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {361#true} is VALID [2022-02-20 17:58:29,052 INFO L290 TraceCheckUtils]: 122: Hoare triple {361#true} assume 1 == ~handle; {361#true} is VALID [2022-02-20 17:58:29,052 INFO L290 TraceCheckUtils]: 123: Hoare triple {361#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {361#true} is VALID [2022-02-20 17:58:29,053 INFO L290 TraceCheckUtils]: 124: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,053 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {361#true} {362#false} #1001#return; {362#false} is VALID [2022-02-20 17:58:29,053 INFO L290 TraceCheckUtils]: 126: Hoare triple {362#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {362#false} is VALID [2022-02-20 17:58:29,053 INFO L290 TraceCheckUtils]: 127: Hoare triple {362#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {362#false} is VALID [2022-02-20 17:58:29,053 INFO L272 TraceCheckUtils]: 128: Hoare triple {362#false} call __automaton_fail(); {362#false} is VALID [2022-02-20 17:58:29,054 INFO L290 TraceCheckUtils]: 129: Hoare triple {362#false} assume !false; {362#false} is VALID [2022-02-20 17:58:29,055 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 35 trivial. 0 not checked. [2022-02-20 17:58:29,055 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:29,055 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [891952277] [2022-02-20 17:58:29,056 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [891952277] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:29,056 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1821921879] [2022-02-20 17:58:29,056 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:29,057 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:29,057 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:29,059 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:29,060 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:58:29,349 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:29,355 INFO L263 TraceCheckSpWp]: Trace formula consists of 1198 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:58:29,445 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:29,455 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:29,853 INFO L290 TraceCheckUtils]: 0: Hoare triple {361#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {361#true} is VALID [2022-02-20 17:58:29,853 INFO L290 TraceCheckUtils]: 1: Hoare triple {361#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {361#true} is VALID [2022-02-20 17:58:29,854 INFO L290 TraceCheckUtils]: 2: Hoare triple {361#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {361#true} is VALID [2022-02-20 17:58:29,854 INFO L290 TraceCheckUtils]: 3: Hoare triple {361#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {361#true} is VALID [2022-02-20 17:58:29,854 INFO L290 TraceCheckUtils]: 4: Hoare triple {361#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {361#true} is VALID [2022-02-20 17:58:29,854 INFO L290 TraceCheckUtils]: 5: Hoare triple {361#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {361#true} is VALID [2022-02-20 17:58:29,855 INFO L272 TraceCheckUtils]: 6: Hoare triple {361#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {361#true} is VALID [2022-02-20 17:58:29,855 INFO L290 TraceCheckUtils]: 7: Hoare triple {361#true} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,855 INFO L290 TraceCheckUtils]: 8: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,855 INFO L290 TraceCheckUtils]: 9: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,855 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {361#true} {361#true} #1041#return; {361#true} is VALID [2022-02-20 17:58:29,856 INFO L290 TraceCheckUtils]: 11: Hoare triple {361#true} assume { :end_inline_setup_bob__wrappee__Base } true; {361#true} is VALID [2022-02-20 17:58:29,856 INFO L272 TraceCheckUtils]: 12: Hoare triple {361#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {361#true} is VALID [2022-02-20 17:58:29,856 INFO L290 TraceCheckUtils]: 13: Hoare triple {361#true} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,856 INFO L290 TraceCheckUtils]: 14: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,856 INFO L290 TraceCheckUtils]: 15: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,857 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {361#true} {361#true} #1043#return; {361#true} is VALID [2022-02-20 17:58:29,857 INFO L290 TraceCheckUtils]: 17: Hoare triple {361#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {361#true} is VALID [2022-02-20 17:58:29,857 INFO L272 TraceCheckUtils]: 18: Hoare triple {361#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {361#true} is VALID [2022-02-20 17:58:29,857 INFO L290 TraceCheckUtils]: 19: Hoare triple {361#true} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,857 INFO L290 TraceCheckUtils]: 20: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,858 INFO L290 TraceCheckUtils]: 21: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,858 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {361#true} {361#true} #1045#return; {361#true} is VALID [2022-02-20 17:58:29,858 INFO L290 TraceCheckUtils]: 23: Hoare triple {361#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {361#true} is VALID [2022-02-20 17:58:29,858 INFO L272 TraceCheckUtils]: 24: Hoare triple {361#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {361#true} is VALID [2022-02-20 17:58:29,858 INFO L290 TraceCheckUtils]: 25: Hoare triple {361#true} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,859 INFO L290 TraceCheckUtils]: 26: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,859 INFO L290 TraceCheckUtils]: 27: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,859 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {361#true} {361#true} #1047#return; {361#true} is VALID [2022-02-20 17:58:29,860 INFO L290 TraceCheckUtils]: 29: Hoare triple {361#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {361#true} is VALID [2022-02-20 17:58:29,860 INFO L272 TraceCheckUtils]: 30: Hoare triple {361#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {361#true} is VALID [2022-02-20 17:58:29,860 INFO L290 TraceCheckUtils]: 31: Hoare triple {361#true} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,860 INFO L290 TraceCheckUtils]: 32: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,860 INFO L290 TraceCheckUtils]: 33: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,861 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {361#true} {361#true} #1049#return; {361#true} is VALID [2022-02-20 17:58:29,861 INFO L290 TraceCheckUtils]: 35: Hoare triple {361#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {361#true} is VALID [2022-02-20 17:58:29,862 INFO L272 TraceCheckUtils]: 36: Hoare triple {361#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {361#true} is VALID [2022-02-20 17:58:29,862 INFO L290 TraceCheckUtils]: 37: Hoare triple {361#true} ~handle := #in~handle;~value := #in~value; {361#true} is VALID [2022-02-20 17:58:29,864 INFO L290 TraceCheckUtils]: 38: Hoare triple {361#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {361#true} is VALID [2022-02-20 17:58:29,864 INFO L290 TraceCheckUtils]: 39: Hoare triple {361#true} assume true; {361#true} is VALID [2022-02-20 17:58:29,864 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {361#true} {361#true} #1051#return; {361#true} is VALID [2022-02-20 17:58:29,864 INFO L290 TraceCheckUtils]: 41: Hoare triple {361#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {361#true} is VALID [2022-02-20 17:58:29,871 INFO L290 TraceCheckUtils]: 42: Hoare triple {361#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {361#true} is VALID [2022-02-20 17:58:29,872 INFO L290 TraceCheckUtils]: 43: Hoare triple {361#true} assume !true; {362#false} is VALID [2022-02-20 17:58:29,873 INFO L290 TraceCheckUtils]: 44: Hoare triple {362#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {362#false} is VALID [2022-02-20 17:58:29,874 INFO L272 TraceCheckUtils]: 45: Hoare triple {362#false} call sendEmail(~bob~0, ~rjh~0); {362#false} is VALID [2022-02-20 17:58:29,875 INFO L290 TraceCheckUtils]: 46: Hoare triple {362#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {362#false} is VALID [2022-02-20 17:58:29,877 INFO L272 TraceCheckUtils]: 47: Hoare triple {362#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {362#false} is VALID [2022-02-20 17:58:29,878 INFO L290 TraceCheckUtils]: 48: Hoare triple {362#false} ~handle := #in~handle;~value := #in~value; {362#false} is VALID [2022-02-20 17:58:29,878 INFO L290 TraceCheckUtils]: 49: Hoare triple {362#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {362#false} is VALID [2022-02-20 17:58:29,878 INFO L290 TraceCheckUtils]: 50: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,878 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {362#false} {362#false} #1027#return; {362#false} is VALID [2022-02-20 17:58:29,880 INFO L272 TraceCheckUtils]: 52: Hoare triple {362#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {362#false} is VALID [2022-02-20 17:58:29,880 INFO L290 TraceCheckUtils]: 53: Hoare triple {362#false} ~handle := #in~handle;~value := #in~value; {362#false} is VALID [2022-02-20 17:58:29,880 INFO L290 TraceCheckUtils]: 54: Hoare triple {362#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {362#false} is VALID [2022-02-20 17:58:29,880 INFO L290 TraceCheckUtils]: 55: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,880 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {362#false} {362#false} #1029#return; {362#false} is VALID [2022-02-20 17:58:29,881 INFO L290 TraceCheckUtils]: 57: Hoare triple {362#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {362#false} is VALID [2022-02-20 17:58:29,882 INFO L290 TraceCheckUtils]: 58: Hoare triple {362#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {362#false} is VALID [2022-02-20 17:58:29,883 INFO L272 TraceCheckUtils]: 59: Hoare triple {362#false} call outgoing(~sender#1, ~email~0#1); {362#false} is VALID [2022-02-20 17:58:29,883 INFO L290 TraceCheckUtils]: 60: Hoare triple {362#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {362#false} is VALID [2022-02-20 17:58:29,883 INFO L272 TraceCheckUtils]: 61: Hoare triple {362#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {362#false} is VALID [2022-02-20 17:58:29,883 INFO L290 TraceCheckUtils]: 62: Hoare triple {362#false} ~handle := #in~handle;havoc ~retValue_acc~35; {362#false} is VALID [2022-02-20 17:58:29,883 INFO L290 TraceCheckUtils]: 63: Hoare triple {362#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {362#false} is VALID [2022-02-20 17:58:29,884 INFO L290 TraceCheckUtils]: 64: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,884 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {362#false} {362#false} #971#return; {362#false} is VALID [2022-02-20 17:58:29,884 INFO L290 TraceCheckUtils]: 66: Hoare triple {362#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {362#false} is VALID [2022-02-20 17:58:29,884 INFO L290 TraceCheckUtils]: 67: Hoare triple {362#false} assume 0 == sign_~privkey~1#1; {362#false} is VALID [2022-02-20 17:58:29,886 INFO L290 TraceCheckUtils]: 68: Hoare triple {362#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {362#false} is VALID [2022-02-20 17:58:29,887 INFO L272 TraceCheckUtils]: 69: Hoare triple {362#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {362#false} is VALID [2022-02-20 17:58:29,887 INFO L290 TraceCheckUtils]: 70: Hoare triple {362#false} ~handle := #in~handle;havoc ~retValue_acc~7; {362#false} is VALID [2022-02-20 17:58:29,887 INFO L290 TraceCheckUtils]: 71: Hoare triple {362#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {362#false} is VALID [2022-02-20 17:58:29,887 INFO L290 TraceCheckUtils]: 72: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,888 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {362#false} {362#false} #973#return; {362#false} is VALID [2022-02-20 17:58:29,888 INFO L290 TraceCheckUtils]: 74: Hoare triple {362#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {362#false} is VALID [2022-02-20 17:58:29,888 INFO L272 TraceCheckUtils]: 75: Hoare triple {362#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {362#false} is VALID [2022-02-20 17:58:29,888 INFO L290 TraceCheckUtils]: 76: Hoare triple {362#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {362#false} is VALID [2022-02-20 17:58:29,888 INFO L290 TraceCheckUtils]: 77: Hoare triple {362#false} assume 1 == ~handle; {362#false} is VALID [2022-02-20 17:58:29,889 INFO L290 TraceCheckUtils]: 78: Hoare triple {362#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {362#false} is VALID [2022-02-20 17:58:29,889 INFO L290 TraceCheckUtils]: 79: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,889 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {362#false} {362#false} #975#return; {362#false} is VALID [2022-02-20 17:58:29,890 INFO L290 TraceCheckUtils]: 81: Hoare triple {362#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {362#false} is VALID [2022-02-20 17:58:29,890 INFO L290 TraceCheckUtils]: 82: Hoare triple {362#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {362#false} is VALID [2022-02-20 17:58:29,890 INFO L290 TraceCheckUtils]: 83: Hoare triple {362#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {362#false} is VALID [2022-02-20 17:58:29,890 INFO L290 TraceCheckUtils]: 84: Hoare triple {362#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {362#false} is VALID [2022-02-20 17:58:29,891 INFO L290 TraceCheckUtils]: 85: Hoare triple {362#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {362#false} is VALID [2022-02-20 17:58:29,891 INFO L272 TraceCheckUtils]: 86: Hoare triple {362#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {362#false} is VALID [2022-02-20 17:58:29,891 INFO L290 TraceCheckUtils]: 87: Hoare triple {362#false} ~handle := #in~handle;~value := #in~value; {362#false} is VALID [2022-02-20 17:58:29,891 INFO L290 TraceCheckUtils]: 88: Hoare triple {362#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {362#false} is VALID [2022-02-20 17:58:29,891 INFO L290 TraceCheckUtils]: 89: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,892 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {362#false} {362#false} #981#return; {362#false} is VALID [2022-02-20 17:58:29,892 INFO L290 TraceCheckUtils]: 91: Hoare triple {362#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {362#false} is VALID [2022-02-20 17:58:29,893 INFO L272 TraceCheckUtils]: 92: Hoare triple {362#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {362#false} is VALID [2022-02-20 17:58:29,894 INFO L290 TraceCheckUtils]: 93: Hoare triple {362#false} ~handle := #in~handle;havoc ~retValue_acc~12; {362#false} is VALID [2022-02-20 17:58:29,894 INFO L290 TraceCheckUtils]: 94: Hoare triple {362#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {362#false} is VALID [2022-02-20 17:58:29,894 INFO L290 TraceCheckUtils]: 95: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,894 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {362#false} {362#false} #983#return; {362#false} is VALID [2022-02-20 17:58:29,894 INFO L290 TraceCheckUtils]: 97: Hoare triple {362#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {362#false} is VALID [2022-02-20 17:58:29,895 INFO L290 TraceCheckUtils]: 98: Hoare triple {362#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {362#false} is VALID [2022-02-20 17:58:29,895 INFO L272 TraceCheckUtils]: 99: Hoare triple {362#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {362#false} is VALID [2022-02-20 17:58:29,895 INFO L290 TraceCheckUtils]: 100: Hoare triple {362#false} ~handle := #in~handle;havoc ~retValue_acc~7; {362#false} is VALID [2022-02-20 17:58:29,895 INFO L290 TraceCheckUtils]: 101: Hoare triple {362#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {362#false} is VALID [2022-02-20 17:58:29,895 INFO L290 TraceCheckUtils]: 102: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,896 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {362#false} {362#false} #985#return; {362#false} is VALID [2022-02-20 17:58:29,897 INFO L290 TraceCheckUtils]: 104: Hoare triple {362#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {362#false} is VALID [2022-02-20 17:58:29,897 INFO L272 TraceCheckUtils]: 105: Hoare triple {362#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {362#false} is VALID [2022-02-20 17:58:29,899 INFO L290 TraceCheckUtils]: 106: Hoare triple {362#false} ~handle := #in~handle;havoc ~retValue_acc~35; {362#false} is VALID [2022-02-20 17:58:29,899 INFO L290 TraceCheckUtils]: 107: Hoare triple {362#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {362#false} is VALID [2022-02-20 17:58:29,899 INFO L290 TraceCheckUtils]: 108: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,899 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {362#false} {362#false} #987#return; {362#false} is VALID [2022-02-20 17:58:29,900 INFO L290 TraceCheckUtils]: 110: Hoare triple {362#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {362#false} is VALID [2022-02-20 17:58:29,900 INFO L290 TraceCheckUtils]: 111: Hoare triple {362#false} assume !(0 != incoming_~privkey~0#1); {362#false} is VALID [2022-02-20 17:58:29,900 INFO L290 TraceCheckUtils]: 112: Hoare triple {362#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {362#false} is VALID [2022-02-20 17:58:29,900 INFO L290 TraceCheckUtils]: 113: Hoare triple {362#false} assume 1 == ~sent_signed~0; {362#false} is VALID [2022-02-20 17:58:29,901 INFO L272 TraceCheckUtils]: 114: Hoare triple {362#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {362#false} is VALID [2022-02-20 17:58:29,901 INFO L290 TraceCheckUtils]: 115: Hoare triple {362#false} ~handle := #in~handle;havoc ~retValue_acc~6; {362#false} is VALID [2022-02-20 17:58:29,901 INFO L290 TraceCheckUtils]: 116: Hoare triple {362#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {362#false} is VALID [2022-02-20 17:58:29,901 INFO L290 TraceCheckUtils]: 117: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,901 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {362#false} {362#false} #999#return; {362#false} is VALID [2022-02-20 17:58:29,901 INFO L290 TraceCheckUtils]: 119: Hoare triple {362#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {362#false} is VALID [2022-02-20 17:58:29,902 INFO L272 TraceCheckUtils]: 120: Hoare triple {362#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {362#false} is VALID [2022-02-20 17:58:29,902 INFO L290 TraceCheckUtils]: 121: Hoare triple {362#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {362#false} is VALID [2022-02-20 17:58:29,902 INFO L290 TraceCheckUtils]: 122: Hoare triple {362#false} assume 1 == ~handle; {362#false} is VALID [2022-02-20 17:58:29,902 INFO L290 TraceCheckUtils]: 123: Hoare triple {362#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {362#false} is VALID [2022-02-20 17:58:29,902 INFO L290 TraceCheckUtils]: 124: Hoare triple {362#false} assume true; {362#false} is VALID [2022-02-20 17:58:29,902 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {362#false} {362#false} #1001#return; {362#false} is VALID [2022-02-20 17:58:29,903 INFO L290 TraceCheckUtils]: 126: Hoare triple {362#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {362#false} is VALID [2022-02-20 17:58:29,903 INFO L290 TraceCheckUtils]: 127: Hoare triple {362#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {362#false} is VALID [2022-02-20 17:58:29,904 INFO L272 TraceCheckUtils]: 128: Hoare triple {362#false} call __automaton_fail(); {362#false} is VALID [2022-02-20 17:58:29,904 INFO L290 TraceCheckUtils]: 129: Hoare triple {362#false} assume !false; {362#false} is VALID [2022-02-20 17:58:29,905 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:29,906 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:29,906 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1821921879] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:29,907 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:29,907 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:58:29,909 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [230623143] [2022-02-20 17:58:29,909 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:29,915 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 130 [2022-02-20 17:58:29,918 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:29,921 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:30,025 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:30,026 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:58:30,026 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:30,048 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:58:30,048 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:30,054 INFO L87 Difference]: Start difference. First operand has 358 states, 274 states have (on average 1.510948905109489) internal successors, (414), 280 states have internal predecessors, (414), 58 states have call successors, (58), 24 states have call predecessors, (58), 24 states have return successors, (58), 57 states have call predecessors, (58), 58 states have call successors, (58) Second operand has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:30,462 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:30,462 INFO L93 Difference]: Finished difference Result 561 states and 814 transitions. [2022-02-20 17:58:30,463 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:58:30,463 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 130 [2022-02-20 17:58:30,463 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:30,465 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:30,508 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 814 transitions. [2022-02-20 17:58:30,508 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:30,528 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 814 transitions. [2022-02-20 17:58:30,528 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 814 transitions. [2022-02-20 17:58:31,189 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 814 edges. 814 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:31,215 INFO L225 Difference]: With dead ends: 561 [2022-02-20 17:58:31,215 INFO L226 Difference]: Without dead ends: 350 [2022-02-20 17:58:31,220 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 167 GetRequests, 160 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:31,222 INFO L933 BasicCegarLoop]: 524 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 524 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:31,223 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 524 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:31,238 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 350 states. [2022-02-20 17:58:31,270 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 350 to 350. [2022-02-20 17:58:31,270 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:31,273 INFO L82 GeneralOperation]: Start isEquivalent. First operand 350 states. Second operand has 350 states, 268 states have (on average 1.5037313432835822) internal successors, (403), 272 states have internal predecessors, (403), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:31,276 INFO L74 IsIncluded]: Start isIncluded. First operand 350 states. Second operand has 350 states, 268 states have (on average 1.5037313432835822) internal successors, (403), 272 states have internal predecessors, (403), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:31,278 INFO L87 Difference]: Start difference. First operand 350 states. Second operand has 350 states, 268 states have (on average 1.5037313432835822) internal successors, (403), 272 states have internal predecessors, (403), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:31,300 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:31,300 INFO L93 Difference]: Finished difference Result 350 states and 516 transitions. [2022-02-20 17:58:31,300 INFO L276 IsEmpty]: Start isEmpty. Operand 350 states and 516 transitions. [2022-02-20 17:58:31,302 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:31,303 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:31,304 INFO L74 IsIncluded]: Start isIncluded. First operand has 350 states, 268 states have (on average 1.5037313432835822) internal successors, (403), 272 states have internal predecessors, (403), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) Second operand 350 states. [2022-02-20 17:58:31,306 INFO L87 Difference]: Start difference. First operand has 350 states, 268 states have (on average 1.5037313432835822) internal successors, (403), 272 states have internal predecessors, (403), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) Second operand 350 states. [2022-02-20 17:58:31,325 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:31,325 INFO L93 Difference]: Finished difference Result 350 states and 516 transitions. [2022-02-20 17:58:31,325 INFO L276 IsEmpty]: Start isEmpty. Operand 350 states and 516 transitions. [2022-02-20 17:58:31,327 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:31,327 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:31,327 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:31,328 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:31,329 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 350 states, 268 states have (on average 1.5037313432835822) internal successors, (403), 272 states have internal predecessors, (403), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:31,349 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 350 states to 350 states and 516 transitions. [2022-02-20 17:58:31,351 INFO L78 Accepts]: Start accepts. Automaton has 350 states and 516 transitions. Word has length 130 [2022-02-20 17:58:31,351 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:31,352 INFO L470 AbstractCegarLoop]: Abstraction has 350 states and 516 transitions. [2022-02-20 17:58:31,352 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:31,352 INFO L276 IsEmpty]: Start isEmpty. Operand 350 states and 516 transitions. [2022-02-20 17:58:31,356 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 132 [2022-02-20 17:58:31,356 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:31,356 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:31,383 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 17:58:31,579 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:58:31,580 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:31,580 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:31,580 INFO L85 PathProgramCache]: Analyzing trace with hash 1084620292, now seen corresponding path program 1 times [2022-02-20 17:58:31,580 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:31,580 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [58014466] [2022-02-20 17:58:31,581 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:31,581 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:31,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,688 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:31,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {2873#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,693 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,693 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2800#true} #1041#return; {2800#true} is VALID [2022-02-20 17:58:31,698 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:31,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,704 INFO L290 TraceCheckUtils]: 0: Hoare triple {2874#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,704 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2800#true} #1043#return; {2800#true} is VALID [2022-02-20 17:58:31,705 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:31,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,720 INFO L290 TraceCheckUtils]: 0: Hoare triple {2873#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2875#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,721 INFO L290 TraceCheckUtils]: 1: Hoare triple {2875#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2876#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,721 INFO L290 TraceCheckUtils]: 2: Hoare triple {2876#(= |setClientId_#in~handle| 1)} assume true; {2876#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,722 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2876#(= |setClientId_#in~handle| 1)} {2810#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1045#return; {2801#false} is VALID [2022-02-20 17:58:31,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:31,725 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,728 INFO L290 TraceCheckUtils]: 0: Hoare triple {2874#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,728 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,728 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,728 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #1047#return; {2801#false} is VALID [2022-02-20 17:58:31,728 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:31,730 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,740 INFO L290 TraceCheckUtils]: 0: Hoare triple {2873#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,740 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,741 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,741 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #1049#return; {2801#false} is VALID [2022-02-20 17:58:31,741 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:31,743 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,747 INFO L290 TraceCheckUtils]: 0: Hoare triple {2874#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,747 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,747 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,748 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #1051#return; {2801#false} is VALID [2022-02-20 17:58:31,755 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:58:31,756 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,759 INFO L290 TraceCheckUtils]: 0: Hoare triple {2877#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,759 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,759 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,760 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #1027#return; {2801#false} is VALID [2022-02-20 17:58:31,767 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:58:31,769 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,771 INFO L290 TraceCheckUtils]: 0: Hoare triple {2878#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,771 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,771 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,771 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #1029#return; {2801#false} is VALID [2022-02-20 17:58:31,772 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:31,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~35; {2800#true} is VALID [2022-02-20 17:58:31,775 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2800#true} is VALID [2022-02-20 17:58:31,775 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,775 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #971#return; {2801#false} is VALID [2022-02-20 17:58:31,775 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:58:31,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,785 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2800#true} is VALID [2022-02-20 17:58:31,785 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2800#true} is VALID [2022-02-20 17:58:31,786 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,787 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #973#return; {2801#false} is VALID [2022-02-20 17:58:31,787 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:58:31,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {2800#true} is VALID [2022-02-20 17:58:31,793 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle; {2800#true} is VALID [2022-02-20 17:58:31,793 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {2800#true} is VALID [2022-02-20 17:58:31,794 INFO L290 TraceCheckUtils]: 3: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,794 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2800#true} {2801#false} #975#return; {2801#false} is VALID [2022-02-20 17:58:31,794 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:58:31,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,804 INFO L290 TraceCheckUtils]: 0: Hoare triple {2877#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,804 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,804 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,805 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #981#return; {2801#false} is VALID [2022-02-20 17:58:31,805 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:58:31,807 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,810 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~12; {2800#true} is VALID [2022-02-20 17:58:31,810 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {2800#true} is VALID [2022-02-20 17:58:31,810 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,810 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #983#return; {2801#false} is VALID [2022-02-20 17:58:31,811 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:58:31,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,820 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2800#true} is VALID [2022-02-20 17:58:31,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2800#true} is VALID [2022-02-20 17:58:31,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,822 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #985#return; {2801#false} is VALID [2022-02-20 17:58:31,822 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:58:31,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,826 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~35; {2800#true} is VALID [2022-02-20 17:58:31,827 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2800#true} is VALID [2022-02-20 17:58:31,827 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,827 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #987#return; {2801#false} is VALID [2022-02-20 17:58:31,827 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:31,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,836 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~6; {2800#true} is VALID [2022-02-20 17:58:31,836 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {2800#true} is VALID [2022-02-20 17:58:31,836 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,837 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2800#true} {2801#false} #999#return; {2801#false} is VALID [2022-02-20 17:58:31,837 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 17:58:31,838 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:31,841 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {2800#true} is VALID [2022-02-20 17:58:31,841 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume 1 == ~handle; {2800#true} is VALID [2022-02-20 17:58:31,841 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {2800#true} is VALID [2022-02-20 17:58:31,841 INFO L290 TraceCheckUtils]: 3: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,842 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2800#true} {2801#false} #1001#return; {2801#false} is VALID [2022-02-20 17:58:31,842 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2800#true} is VALID [2022-02-20 17:58:31,842 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {2800#true} is VALID [2022-02-20 17:58:31,842 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2800#true} is VALID [2022-02-20 17:58:31,842 INFO L290 TraceCheckUtils]: 3: Hoare triple {2800#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {2800#true} is VALID [2022-02-20 17:58:31,843 INFO L290 TraceCheckUtils]: 4: Hoare triple {2800#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {2800#true} is VALID [2022-02-20 17:58:31,843 INFO L290 TraceCheckUtils]: 5: Hoare triple {2800#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2800#true} is VALID [2022-02-20 17:58:31,844 INFO L272 TraceCheckUtils]: 6: Hoare triple {2800#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2873#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,844 INFO L290 TraceCheckUtils]: 7: Hoare triple {2873#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,844 INFO L290 TraceCheckUtils]: 8: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,844 INFO L290 TraceCheckUtils]: 9: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,844 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2800#true} {2800#true} #1041#return; {2800#true} is VALID [2022-02-20 17:58:31,844 INFO L290 TraceCheckUtils]: 11: Hoare triple {2800#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2800#true} is VALID [2022-02-20 17:58:31,845 INFO L272 TraceCheckUtils]: 12: Hoare triple {2800#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2874#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:31,845 INFO L290 TraceCheckUtils]: 13: Hoare triple {2874#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,846 INFO L290 TraceCheckUtils]: 14: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,846 INFO L290 TraceCheckUtils]: 15: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,846 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2800#true} {2800#true} #1043#return; {2800#true} is VALID [2022-02-20 17:58:31,846 INFO L290 TraceCheckUtils]: 17: Hoare triple {2800#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2810#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:31,847 INFO L272 TraceCheckUtils]: 18: Hoare triple {2810#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2873#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,848 INFO L290 TraceCheckUtils]: 19: Hoare triple {2873#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2875#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:31,848 INFO L290 TraceCheckUtils]: 20: Hoare triple {2875#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2876#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,848 INFO L290 TraceCheckUtils]: 21: Hoare triple {2876#(= |setClientId_#in~handle| 1)} assume true; {2876#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:31,849 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2876#(= |setClientId_#in~handle| 1)} {2810#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1045#return; {2801#false} is VALID [2022-02-20 17:58:31,849 INFO L290 TraceCheckUtils]: 23: Hoare triple {2801#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2801#false} is VALID [2022-02-20 17:58:31,849 INFO L272 TraceCheckUtils]: 24: Hoare triple {2801#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2874#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:31,849 INFO L290 TraceCheckUtils]: 25: Hoare triple {2874#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,850 INFO L290 TraceCheckUtils]: 26: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,850 INFO L290 TraceCheckUtils]: 27: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,850 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2800#true} {2801#false} #1047#return; {2801#false} is VALID [2022-02-20 17:58:31,850 INFO L290 TraceCheckUtils]: 29: Hoare triple {2801#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2801#false} is VALID [2022-02-20 17:58:31,850 INFO L272 TraceCheckUtils]: 30: Hoare triple {2801#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2873#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:31,851 INFO L290 TraceCheckUtils]: 31: Hoare triple {2873#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,851 INFO L290 TraceCheckUtils]: 32: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,851 INFO L290 TraceCheckUtils]: 33: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,851 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2800#true} {2801#false} #1049#return; {2801#false} is VALID [2022-02-20 17:58:31,851 INFO L290 TraceCheckUtils]: 35: Hoare triple {2801#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2801#false} is VALID [2022-02-20 17:58:31,851 INFO L272 TraceCheckUtils]: 36: Hoare triple {2801#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2874#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:31,852 INFO L290 TraceCheckUtils]: 37: Hoare triple {2874#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,852 INFO L290 TraceCheckUtils]: 38: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,852 INFO L290 TraceCheckUtils]: 39: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,852 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2800#true} {2801#false} #1051#return; {2801#false} is VALID [2022-02-20 17:58:31,852 INFO L290 TraceCheckUtils]: 41: Hoare triple {2801#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {2801#false} is VALID [2022-02-20 17:58:31,852 INFO L290 TraceCheckUtils]: 42: Hoare triple {2801#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2801#false} is VALID [2022-02-20 17:58:31,853 INFO L290 TraceCheckUtils]: 43: Hoare triple {2801#false} assume !false; {2801#false} is VALID [2022-02-20 17:58:31,853 INFO L290 TraceCheckUtils]: 44: Hoare triple {2801#false} assume !(test_~splverifierCounter~0#1 < 4); {2801#false} is VALID [2022-02-20 17:58:31,853 INFO L290 TraceCheckUtils]: 45: Hoare triple {2801#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {2801#false} is VALID [2022-02-20 17:58:31,853 INFO L272 TraceCheckUtils]: 46: Hoare triple {2801#false} call sendEmail(~bob~0, ~rjh~0); {2801#false} is VALID [2022-02-20 17:58:31,853 INFO L290 TraceCheckUtils]: 47: Hoare triple {2801#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2801#false} is VALID [2022-02-20 17:58:31,853 INFO L272 TraceCheckUtils]: 48: Hoare triple {2801#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2877#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:31,854 INFO L290 TraceCheckUtils]: 49: Hoare triple {2877#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,854 INFO L290 TraceCheckUtils]: 50: Hoare triple {2800#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,854 INFO L290 TraceCheckUtils]: 51: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,854 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2800#true} {2801#false} #1027#return; {2801#false} is VALID [2022-02-20 17:58:31,854 INFO L272 TraceCheckUtils]: 53: Hoare triple {2801#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2878#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:31,854 INFO L290 TraceCheckUtils]: 54: Hoare triple {2878#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,855 INFO L290 TraceCheckUtils]: 55: Hoare triple {2800#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,855 INFO L290 TraceCheckUtils]: 56: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,855 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2800#true} {2801#false} #1029#return; {2801#false} is VALID [2022-02-20 17:58:31,855 INFO L290 TraceCheckUtils]: 58: Hoare triple {2801#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {2801#false} is VALID [2022-02-20 17:58:31,855 INFO L290 TraceCheckUtils]: 59: Hoare triple {2801#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {2801#false} is VALID [2022-02-20 17:58:31,855 INFO L272 TraceCheckUtils]: 60: Hoare triple {2801#false} call outgoing(~sender#1, ~email~0#1); {2801#false} is VALID [2022-02-20 17:58:31,855 INFO L290 TraceCheckUtils]: 61: Hoare triple {2801#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {2801#false} is VALID [2022-02-20 17:58:31,856 INFO L272 TraceCheckUtils]: 62: Hoare triple {2801#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {2800#true} is VALID [2022-02-20 17:58:31,856 INFO L290 TraceCheckUtils]: 63: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~35; {2800#true} is VALID [2022-02-20 17:58:31,856 INFO L290 TraceCheckUtils]: 64: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2800#true} is VALID [2022-02-20 17:58:31,856 INFO L290 TraceCheckUtils]: 65: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,856 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2800#true} {2801#false} #971#return; {2801#false} is VALID [2022-02-20 17:58:31,856 INFO L290 TraceCheckUtils]: 67: Hoare triple {2801#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {2801#false} is VALID [2022-02-20 17:58:31,857 INFO L290 TraceCheckUtils]: 68: Hoare triple {2801#false} assume 0 == sign_~privkey~1#1; {2801#false} is VALID [2022-02-20 17:58:31,857 INFO L290 TraceCheckUtils]: 69: Hoare triple {2801#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {2801#false} is VALID [2022-02-20 17:58:31,857 INFO L272 TraceCheckUtils]: 70: Hoare triple {2801#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {2800#true} is VALID [2022-02-20 17:58:31,857 INFO L290 TraceCheckUtils]: 71: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2800#true} is VALID [2022-02-20 17:58:31,857 INFO L290 TraceCheckUtils]: 72: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2800#true} is VALID [2022-02-20 17:58:31,857 INFO L290 TraceCheckUtils]: 73: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,858 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2800#true} {2801#false} #973#return; {2801#false} is VALID [2022-02-20 17:58:31,858 INFO L290 TraceCheckUtils]: 75: Hoare triple {2801#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {2801#false} is VALID [2022-02-20 17:58:31,858 INFO L272 TraceCheckUtils]: 76: Hoare triple {2801#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {2800#true} is VALID [2022-02-20 17:58:31,858 INFO L290 TraceCheckUtils]: 77: Hoare triple {2800#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {2800#true} is VALID [2022-02-20 17:58:31,858 INFO L290 TraceCheckUtils]: 78: Hoare triple {2800#true} assume 1 == ~handle; {2800#true} is VALID [2022-02-20 17:58:31,858 INFO L290 TraceCheckUtils]: 79: Hoare triple {2800#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {2800#true} is VALID [2022-02-20 17:58:31,858 INFO L290 TraceCheckUtils]: 80: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,859 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2800#true} {2801#false} #975#return; {2801#false} is VALID [2022-02-20 17:58:31,859 INFO L290 TraceCheckUtils]: 82: Hoare triple {2801#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {2801#false} is VALID [2022-02-20 17:58:31,859 INFO L290 TraceCheckUtils]: 83: Hoare triple {2801#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {2801#false} is VALID [2022-02-20 17:58:31,859 INFO L290 TraceCheckUtils]: 84: Hoare triple {2801#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {2801#false} is VALID [2022-02-20 17:58:31,859 INFO L290 TraceCheckUtils]: 85: Hoare triple {2801#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {2801#false} is VALID [2022-02-20 17:58:31,859 INFO L290 TraceCheckUtils]: 86: Hoare triple {2801#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {2801#false} is VALID [2022-02-20 17:58:31,860 INFO L272 TraceCheckUtils]: 87: Hoare triple {2801#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {2877#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:31,860 INFO L290 TraceCheckUtils]: 88: Hoare triple {2877#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:31,860 INFO L290 TraceCheckUtils]: 89: Hoare triple {2800#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:31,860 INFO L290 TraceCheckUtils]: 90: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,860 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2800#true} {2801#false} #981#return; {2801#false} is VALID [2022-02-20 17:58:31,862 INFO L290 TraceCheckUtils]: 92: Hoare triple {2801#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {2801#false} is VALID [2022-02-20 17:58:31,862 INFO L272 TraceCheckUtils]: 93: Hoare triple {2801#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {2800#true} is VALID [2022-02-20 17:58:31,862 INFO L290 TraceCheckUtils]: 94: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~12; {2800#true} is VALID [2022-02-20 17:58:31,862 INFO L290 TraceCheckUtils]: 95: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {2800#true} is VALID [2022-02-20 17:58:31,863 INFO L290 TraceCheckUtils]: 96: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,863 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {2800#true} {2801#false} #983#return; {2801#false} is VALID [2022-02-20 17:58:31,864 INFO L290 TraceCheckUtils]: 98: Hoare triple {2801#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {2801#false} is VALID [2022-02-20 17:58:31,864 INFO L290 TraceCheckUtils]: 99: Hoare triple {2801#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {2801#false} is VALID [2022-02-20 17:58:31,865 INFO L272 TraceCheckUtils]: 100: Hoare triple {2801#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {2800#true} is VALID [2022-02-20 17:58:31,865 INFO L290 TraceCheckUtils]: 101: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~7; {2800#true} is VALID [2022-02-20 17:58:31,865 INFO L290 TraceCheckUtils]: 102: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2800#true} is VALID [2022-02-20 17:58:31,865 INFO L290 TraceCheckUtils]: 103: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,865 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {2800#true} {2801#false} #985#return; {2801#false} is VALID [2022-02-20 17:58:31,865 INFO L290 TraceCheckUtils]: 105: Hoare triple {2801#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {2801#false} is VALID [2022-02-20 17:58:31,866 INFO L272 TraceCheckUtils]: 106: Hoare triple {2801#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {2800#true} is VALID [2022-02-20 17:58:31,866 INFO L290 TraceCheckUtils]: 107: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~35; {2800#true} is VALID [2022-02-20 17:58:31,866 INFO L290 TraceCheckUtils]: 108: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2800#true} is VALID [2022-02-20 17:58:31,866 INFO L290 TraceCheckUtils]: 109: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,866 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {2800#true} {2801#false} #987#return; {2801#false} is VALID [2022-02-20 17:58:31,866 INFO L290 TraceCheckUtils]: 111: Hoare triple {2801#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {2801#false} is VALID [2022-02-20 17:58:31,867 INFO L290 TraceCheckUtils]: 112: Hoare triple {2801#false} assume !(0 != incoming_~privkey~0#1); {2801#false} is VALID [2022-02-20 17:58:31,867 INFO L290 TraceCheckUtils]: 113: Hoare triple {2801#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {2801#false} is VALID [2022-02-20 17:58:31,867 INFO L290 TraceCheckUtils]: 114: Hoare triple {2801#false} assume 1 == ~sent_signed~0; {2801#false} is VALID [2022-02-20 17:58:31,867 INFO L272 TraceCheckUtils]: 115: Hoare triple {2801#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {2800#true} is VALID [2022-02-20 17:58:31,867 INFO L290 TraceCheckUtils]: 116: Hoare triple {2800#true} ~handle := #in~handle;havoc ~retValue_acc~6; {2800#true} is VALID [2022-02-20 17:58:31,867 INFO L290 TraceCheckUtils]: 117: Hoare triple {2800#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {2800#true} is VALID [2022-02-20 17:58:31,868 INFO L290 TraceCheckUtils]: 118: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,868 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {2800#true} {2801#false} #999#return; {2801#false} is VALID [2022-02-20 17:58:31,868 INFO L290 TraceCheckUtils]: 120: Hoare triple {2801#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {2801#false} is VALID [2022-02-20 17:58:31,868 INFO L272 TraceCheckUtils]: 121: Hoare triple {2801#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {2800#true} is VALID [2022-02-20 17:58:31,868 INFO L290 TraceCheckUtils]: 122: Hoare triple {2800#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {2800#true} is VALID [2022-02-20 17:58:31,868 INFO L290 TraceCheckUtils]: 123: Hoare triple {2800#true} assume 1 == ~handle; {2800#true} is VALID [2022-02-20 17:58:31,868 INFO L290 TraceCheckUtils]: 124: Hoare triple {2800#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {2800#true} is VALID [2022-02-20 17:58:31,869 INFO L290 TraceCheckUtils]: 125: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:31,869 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {2800#true} {2801#false} #1001#return; {2801#false} is VALID [2022-02-20 17:58:31,870 INFO L290 TraceCheckUtils]: 127: Hoare triple {2801#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {2801#false} is VALID [2022-02-20 17:58:31,870 INFO L290 TraceCheckUtils]: 128: Hoare triple {2801#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {2801#false} is VALID [2022-02-20 17:58:31,870 INFO L272 TraceCheckUtils]: 129: Hoare triple {2801#false} call __automaton_fail(); {2801#false} is VALID [2022-02-20 17:58:31,870 INFO L290 TraceCheckUtils]: 130: Hoare triple {2801#false} assume !false; {2801#false} is VALID [2022-02-20 17:58:31,872 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 35 trivial. 0 not checked. [2022-02-20 17:58:31,873 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:31,873 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [58014466] [2022-02-20 17:58:31,876 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [58014466] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:31,876 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [120757777] [2022-02-20 17:58:31,877 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:31,877 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:31,877 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:31,880 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:31,882 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:58:32,145 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:32,150 INFO L263 TraceCheckSpWp]: Trace formula consists of 1199 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:58:32,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:32,212 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:32,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {2800#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {2800#true} is VALID [2022-02-20 17:58:32,480 INFO L290 TraceCheckUtils]: 1: Hoare triple {2800#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {2800#true} is VALID [2022-02-20 17:58:32,480 INFO L290 TraceCheckUtils]: 2: Hoare triple {2800#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2800#true} is VALID [2022-02-20 17:58:32,480 INFO L290 TraceCheckUtils]: 3: Hoare triple {2800#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {2800#true} is VALID [2022-02-20 17:58:32,481 INFO L290 TraceCheckUtils]: 4: Hoare triple {2800#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {2800#true} is VALID [2022-02-20 17:58:32,481 INFO L290 TraceCheckUtils]: 5: Hoare triple {2800#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2800#true} is VALID [2022-02-20 17:58:32,481 INFO L272 TraceCheckUtils]: 6: Hoare triple {2800#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2800#true} is VALID [2022-02-20 17:58:32,481 INFO L290 TraceCheckUtils]: 7: Hoare triple {2800#true} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:32,481 INFO L290 TraceCheckUtils]: 8: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:32,481 INFO L290 TraceCheckUtils]: 9: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:32,482 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2800#true} {2800#true} #1041#return; {2800#true} is VALID [2022-02-20 17:58:32,482 INFO L290 TraceCheckUtils]: 11: Hoare triple {2800#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2800#true} is VALID [2022-02-20 17:58:32,482 INFO L272 TraceCheckUtils]: 12: Hoare triple {2800#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2800#true} is VALID [2022-02-20 17:58:32,482 INFO L290 TraceCheckUtils]: 13: Hoare triple {2800#true} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:32,482 INFO L290 TraceCheckUtils]: 14: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:32,482 INFO L290 TraceCheckUtils]: 15: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:32,483 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2800#true} {2800#true} #1043#return; {2800#true} is VALID [2022-02-20 17:58:32,483 INFO L290 TraceCheckUtils]: 17: Hoare triple {2800#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2800#true} is VALID [2022-02-20 17:58:32,483 INFO L272 TraceCheckUtils]: 18: Hoare triple {2800#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2800#true} is VALID [2022-02-20 17:58:32,483 INFO L290 TraceCheckUtils]: 19: Hoare triple {2800#true} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:32,483 INFO L290 TraceCheckUtils]: 20: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:32,483 INFO L290 TraceCheckUtils]: 21: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:32,484 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2800#true} {2800#true} #1045#return; {2800#true} is VALID [2022-02-20 17:58:32,484 INFO L290 TraceCheckUtils]: 23: Hoare triple {2800#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2800#true} is VALID [2022-02-20 17:58:32,484 INFO L272 TraceCheckUtils]: 24: Hoare triple {2800#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2800#true} is VALID [2022-02-20 17:58:32,484 INFO L290 TraceCheckUtils]: 25: Hoare triple {2800#true} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:32,484 INFO L290 TraceCheckUtils]: 26: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:32,484 INFO L290 TraceCheckUtils]: 27: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:32,484 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2800#true} {2800#true} #1047#return; {2800#true} is VALID [2022-02-20 17:58:32,485 INFO L290 TraceCheckUtils]: 29: Hoare triple {2800#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2800#true} is VALID [2022-02-20 17:58:32,485 INFO L272 TraceCheckUtils]: 30: Hoare triple {2800#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2800#true} is VALID [2022-02-20 17:58:32,485 INFO L290 TraceCheckUtils]: 31: Hoare triple {2800#true} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:32,485 INFO L290 TraceCheckUtils]: 32: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:32,485 INFO L290 TraceCheckUtils]: 33: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:32,485 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2800#true} {2800#true} #1049#return; {2800#true} is VALID [2022-02-20 17:58:32,486 INFO L290 TraceCheckUtils]: 35: Hoare triple {2800#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2800#true} is VALID [2022-02-20 17:58:32,486 INFO L272 TraceCheckUtils]: 36: Hoare triple {2800#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2800#true} is VALID [2022-02-20 17:58:32,486 INFO L290 TraceCheckUtils]: 37: Hoare triple {2800#true} ~handle := #in~handle;~value := #in~value; {2800#true} is VALID [2022-02-20 17:58:32,486 INFO L290 TraceCheckUtils]: 38: Hoare triple {2800#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2800#true} is VALID [2022-02-20 17:58:32,486 INFO L290 TraceCheckUtils]: 39: Hoare triple {2800#true} assume true; {2800#true} is VALID [2022-02-20 17:58:32,486 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2800#true} {2800#true} #1051#return; {2800#true} is VALID [2022-02-20 17:58:32,486 INFO L290 TraceCheckUtils]: 41: Hoare triple {2800#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {2800#true} is VALID [2022-02-20 17:58:32,487 INFO L290 TraceCheckUtils]: 42: Hoare triple {2800#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3008#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:32,488 INFO L290 TraceCheckUtils]: 43: Hoare triple {3008#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3008#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:32,488 INFO L290 TraceCheckUtils]: 44: Hoare triple {3008#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2801#false} is VALID [2022-02-20 17:58:32,488 INFO L290 TraceCheckUtils]: 45: Hoare triple {2801#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {2801#false} is VALID [2022-02-20 17:58:32,489 INFO L272 TraceCheckUtils]: 46: Hoare triple {2801#false} call sendEmail(~bob~0, ~rjh~0); {2801#false} is VALID [2022-02-20 17:58:32,489 INFO L290 TraceCheckUtils]: 47: Hoare triple {2801#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2801#false} is VALID [2022-02-20 17:58:32,489 INFO L272 TraceCheckUtils]: 48: Hoare triple {2801#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2801#false} is VALID [2022-02-20 17:58:32,489 INFO L290 TraceCheckUtils]: 49: Hoare triple {2801#false} ~handle := #in~handle;~value := #in~value; {2801#false} is VALID [2022-02-20 17:58:32,489 INFO L290 TraceCheckUtils]: 50: Hoare triple {2801#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2801#false} is VALID [2022-02-20 17:58:32,489 INFO L290 TraceCheckUtils]: 51: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,489 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2801#false} {2801#false} #1027#return; {2801#false} is VALID [2022-02-20 17:58:32,490 INFO L272 TraceCheckUtils]: 53: Hoare triple {2801#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2801#false} is VALID [2022-02-20 17:58:32,490 INFO L290 TraceCheckUtils]: 54: Hoare triple {2801#false} ~handle := #in~handle;~value := #in~value; {2801#false} is VALID [2022-02-20 17:58:32,490 INFO L290 TraceCheckUtils]: 55: Hoare triple {2801#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2801#false} is VALID [2022-02-20 17:58:32,490 INFO L290 TraceCheckUtils]: 56: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,490 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2801#false} {2801#false} #1029#return; {2801#false} is VALID [2022-02-20 17:58:32,490 INFO L290 TraceCheckUtils]: 58: Hoare triple {2801#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {2801#false} is VALID [2022-02-20 17:58:32,491 INFO L290 TraceCheckUtils]: 59: Hoare triple {2801#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {2801#false} is VALID [2022-02-20 17:58:32,491 INFO L272 TraceCheckUtils]: 60: Hoare triple {2801#false} call outgoing(~sender#1, ~email~0#1); {2801#false} is VALID [2022-02-20 17:58:32,491 INFO L290 TraceCheckUtils]: 61: Hoare triple {2801#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {2801#false} is VALID [2022-02-20 17:58:32,491 INFO L272 TraceCheckUtils]: 62: Hoare triple {2801#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {2801#false} is VALID [2022-02-20 17:58:32,491 INFO L290 TraceCheckUtils]: 63: Hoare triple {2801#false} ~handle := #in~handle;havoc ~retValue_acc~35; {2801#false} is VALID [2022-02-20 17:58:32,491 INFO L290 TraceCheckUtils]: 64: Hoare triple {2801#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2801#false} is VALID [2022-02-20 17:58:32,491 INFO L290 TraceCheckUtils]: 65: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,492 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2801#false} {2801#false} #971#return; {2801#false} is VALID [2022-02-20 17:58:32,492 INFO L290 TraceCheckUtils]: 67: Hoare triple {2801#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {2801#false} is VALID [2022-02-20 17:58:32,492 INFO L290 TraceCheckUtils]: 68: Hoare triple {2801#false} assume 0 == sign_~privkey~1#1; {2801#false} is VALID [2022-02-20 17:58:32,492 INFO L290 TraceCheckUtils]: 69: Hoare triple {2801#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {2801#false} is VALID [2022-02-20 17:58:32,492 INFO L272 TraceCheckUtils]: 70: Hoare triple {2801#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {2801#false} is VALID [2022-02-20 17:58:32,492 INFO L290 TraceCheckUtils]: 71: Hoare triple {2801#false} ~handle := #in~handle;havoc ~retValue_acc~7; {2801#false} is VALID [2022-02-20 17:58:32,493 INFO L290 TraceCheckUtils]: 72: Hoare triple {2801#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2801#false} is VALID [2022-02-20 17:58:32,493 INFO L290 TraceCheckUtils]: 73: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,493 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2801#false} {2801#false} #973#return; {2801#false} is VALID [2022-02-20 17:58:32,493 INFO L290 TraceCheckUtils]: 75: Hoare triple {2801#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {2801#false} is VALID [2022-02-20 17:58:32,493 INFO L272 TraceCheckUtils]: 76: Hoare triple {2801#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {2801#false} is VALID [2022-02-20 17:58:32,493 INFO L290 TraceCheckUtils]: 77: Hoare triple {2801#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {2801#false} is VALID [2022-02-20 17:58:32,494 INFO L290 TraceCheckUtils]: 78: Hoare triple {2801#false} assume 1 == ~handle; {2801#false} is VALID [2022-02-20 17:58:32,494 INFO L290 TraceCheckUtils]: 79: Hoare triple {2801#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {2801#false} is VALID [2022-02-20 17:58:32,494 INFO L290 TraceCheckUtils]: 80: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,494 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2801#false} {2801#false} #975#return; {2801#false} is VALID [2022-02-20 17:58:32,494 INFO L290 TraceCheckUtils]: 82: Hoare triple {2801#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {2801#false} is VALID [2022-02-20 17:58:32,494 INFO L290 TraceCheckUtils]: 83: Hoare triple {2801#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {2801#false} is VALID [2022-02-20 17:58:32,494 INFO L290 TraceCheckUtils]: 84: Hoare triple {2801#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {2801#false} is VALID [2022-02-20 17:58:32,495 INFO L290 TraceCheckUtils]: 85: Hoare triple {2801#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {2801#false} is VALID [2022-02-20 17:58:32,495 INFO L290 TraceCheckUtils]: 86: Hoare triple {2801#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {2801#false} is VALID [2022-02-20 17:58:32,495 INFO L272 TraceCheckUtils]: 87: Hoare triple {2801#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {2801#false} is VALID [2022-02-20 17:58:32,495 INFO L290 TraceCheckUtils]: 88: Hoare triple {2801#false} ~handle := #in~handle;~value := #in~value; {2801#false} is VALID [2022-02-20 17:58:32,495 INFO L290 TraceCheckUtils]: 89: Hoare triple {2801#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2801#false} is VALID [2022-02-20 17:58:32,495 INFO L290 TraceCheckUtils]: 90: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,496 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2801#false} {2801#false} #981#return; {2801#false} is VALID [2022-02-20 17:58:32,496 INFO L290 TraceCheckUtils]: 92: Hoare triple {2801#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {2801#false} is VALID [2022-02-20 17:58:32,496 INFO L272 TraceCheckUtils]: 93: Hoare triple {2801#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {2801#false} is VALID [2022-02-20 17:58:32,496 INFO L290 TraceCheckUtils]: 94: Hoare triple {2801#false} ~handle := #in~handle;havoc ~retValue_acc~12; {2801#false} is VALID [2022-02-20 17:58:32,496 INFO L290 TraceCheckUtils]: 95: Hoare triple {2801#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {2801#false} is VALID [2022-02-20 17:58:32,496 INFO L290 TraceCheckUtils]: 96: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,497 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {2801#false} {2801#false} #983#return; {2801#false} is VALID [2022-02-20 17:58:32,497 INFO L290 TraceCheckUtils]: 98: Hoare triple {2801#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {2801#false} is VALID [2022-02-20 17:58:32,497 INFO L290 TraceCheckUtils]: 99: Hoare triple {2801#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {2801#false} is VALID [2022-02-20 17:58:32,497 INFO L272 TraceCheckUtils]: 100: Hoare triple {2801#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {2801#false} is VALID [2022-02-20 17:58:32,497 INFO L290 TraceCheckUtils]: 101: Hoare triple {2801#false} ~handle := #in~handle;havoc ~retValue_acc~7; {2801#false} is VALID [2022-02-20 17:58:32,497 INFO L290 TraceCheckUtils]: 102: Hoare triple {2801#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {2801#false} is VALID [2022-02-20 17:58:32,497 INFO L290 TraceCheckUtils]: 103: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,498 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {2801#false} {2801#false} #985#return; {2801#false} is VALID [2022-02-20 17:58:32,498 INFO L290 TraceCheckUtils]: 105: Hoare triple {2801#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {2801#false} is VALID [2022-02-20 17:58:32,498 INFO L272 TraceCheckUtils]: 106: Hoare triple {2801#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {2801#false} is VALID [2022-02-20 17:58:32,498 INFO L290 TraceCheckUtils]: 107: Hoare triple {2801#false} ~handle := #in~handle;havoc ~retValue_acc~35; {2801#false} is VALID [2022-02-20 17:58:32,498 INFO L290 TraceCheckUtils]: 108: Hoare triple {2801#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {2801#false} is VALID [2022-02-20 17:58:32,498 INFO L290 TraceCheckUtils]: 109: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,499 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {2801#false} {2801#false} #987#return; {2801#false} is VALID [2022-02-20 17:58:32,499 INFO L290 TraceCheckUtils]: 111: Hoare triple {2801#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {2801#false} is VALID [2022-02-20 17:58:32,499 INFO L290 TraceCheckUtils]: 112: Hoare triple {2801#false} assume !(0 != incoming_~privkey~0#1); {2801#false} is VALID [2022-02-20 17:58:32,499 INFO L290 TraceCheckUtils]: 113: Hoare triple {2801#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {2801#false} is VALID [2022-02-20 17:58:32,499 INFO L290 TraceCheckUtils]: 114: Hoare triple {2801#false} assume 1 == ~sent_signed~0; {2801#false} is VALID [2022-02-20 17:58:32,499 INFO L272 TraceCheckUtils]: 115: Hoare triple {2801#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {2801#false} is VALID [2022-02-20 17:58:32,500 INFO L290 TraceCheckUtils]: 116: Hoare triple {2801#false} ~handle := #in~handle;havoc ~retValue_acc~6; {2801#false} is VALID [2022-02-20 17:58:32,500 INFO L290 TraceCheckUtils]: 117: Hoare triple {2801#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {2801#false} is VALID [2022-02-20 17:58:32,500 INFO L290 TraceCheckUtils]: 118: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,500 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {2801#false} {2801#false} #999#return; {2801#false} is VALID [2022-02-20 17:58:32,500 INFO L290 TraceCheckUtils]: 120: Hoare triple {2801#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {2801#false} is VALID [2022-02-20 17:58:32,500 INFO L272 TraceCheckUtils]: 121: Hoare triple {2801#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {2801#false} is VALID [2022-02-20 17:58:32,500 INFO L290 TraceCheckUtils]: 122: Hoare triple {2801#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {2801#false} is VALID [2022-02-20 17:58:32,501 INFO L290 TraceCheckUtils]: 123: Hoare triple {2801#false} assume 1 == ~handle; {2801#false} is VALID [2022-02-20 17:58:32,501 INFO L290 TraceCheckUtils]: 124: Hoare triple {2801#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {2801#false} is VALID [2022-02-20 17:58:32,501 INFO L290 TraceCheckUtils]: 125: Hoare triple {2801#false} assume true; {2801#false} is VALID [2022-02-20 17:58:32,501 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {2801#false} {2801#false} #1001#return; {2801#false} is VALID [2022-02-20 17:58:32,501 INFO L290 TraceCheckUtils]: 127: Hoare triple {2801#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {2801#false} is VALID [2022-02-20 17:58:32,501 INFO L290 TraceCheckUtils]: 128: Hoare triple {2801#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {2801#false} is VALID [2022-02-20 17:58:32,502 INFO L272 TraceCheckUtils]: 129: Hoare triple {2801#false} call __automaton_fail(); {2801#false} is VALID [2022-02-20 17:58:32,502 INFO L290 TraceCheckUtils]: 130: Hoare triple {2801#false} assume !false; {2801#false} is VALID [2022-02-20 17:58:32,502 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:32,502 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:32,503 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [120757777] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:32,503 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:32,503 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:32,503 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [198222431] [2022-02-20 17:58:32,503 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:32,505 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 131 [2022-02-20 17:58:32,505 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:32,505 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:32,601 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:32,602 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:32,602 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:32,603 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:32,603 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:32,603 INFO L87 Difference]: Start difference. First operand 350 states and 516 transitions. Second operand has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:33,116 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:33,117 INFO L93 Difference]: Finished difference Result 550 states and 791 transitions. [2022-02-20 17:58:33,117 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:33,117 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 131 [2022-02-20 17:58:33,118 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:33,118 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:33,128 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 791 transitions. [2022-02-20 17:58:33,129 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:33,142 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 791 transitions. [2022-02-20 17:58:33,143 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 791 transitions. [2022-02-20 17:58:33,760 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 791 edges. 791 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:33,774 INFO L225 Difference]: With dead ends: 550 [2022-02-20 17:58:33,774 INFO L226 Difference]: Without dead ends: 353 [2022-02-20 17:58:33,775 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 168 GetRequests, 160 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:33,776 INFO L933 BasicCegarLoop]: 514 mSDtfsCounter, 1 mSDsluCounter, 512 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1026 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:33,776 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1026 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:33,777 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 353 states. [2022-02-20 17:58:33,792 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 353 to 352. [2022-02-20 17:58:33,792 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:33,794 INFO L82 GeneralOperation]: Start isEquivalent. First operand 353 states. Second operand has 352 states, 270 states have (on average 1.5) internal successors, (405), 274 states have internal predecessors, (405), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:33,795 INFO L74 IsIncluded]: Start isIncluded. First operand 353 states. Second operand has 352 states, 270 states have (on average 1.5) internal successors, (405), 274 states have internal predecessors, (405), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:33,796 INFO L87 Difference]: Start difference. First operand 353 states. Second operand has 352 states, 270 states have (on average 1.5) internal successors, (405), 274 states have internal predecessors, (405), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:33,810 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:33,810 INFO L93 Difference]: Finished difference Result 353 states and 519 transitions. [2022-02-20 17:58:33,810 INFO L276 IsEmpty]: Start isEmpty. Operand 353 states and 519 transitions. [2022-02-20 17:58:33,812 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:33,812 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:33,814 INFO L74 IsIncluded]: Start isIncluded. First operand has 352 states, 270 states have (on average 1.5) internal successors, (405), 274 states have internal predecessors, (405), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) Second operand 353 states. [2022-02-20 17:58:33,815 INFO L87 Difference]: Start difference. First operand has 352 states, 270 states have (on average 1.5) internal successors, (405), 274 states have internal predecessors, (405), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) Second operand 353 states. [2022-02-20 17:58:33,828 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:33,829 INFO L93 Difference]: Finished difference Result 353 states and 519 transitions. [2022-02-20 17:58:33,829 INFO L276 IsEmpty]: Start isEmpty. Operand 353 states and 519 transitions. [2022-02-20 17:58:33,831 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:33,831 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:33,831 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:33,831 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:33,832 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 352 states, 270 states have (on average 1.5) internal successors, (405), 274 states have internal predecessors, (405), 58 states have call successors, (58), 24 states have call predecessors, (58), 23 states have return successors, (55), 55 states have call predecessors, (55), 55 states have call successors, (55) [2022-02-20 17:58:33,848 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 352 states to 352 states and 518 transitions. [2022-02-20 17:58:33,849 INFO L78 Accepts]: Start accepts. Automaton has 352 states and 518 transitions. Word has length 131 [2022-02-20 17:58:33,849 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:33,849 INFO L470 AbstractCegarLoop]: Abstraction has 352 states and 518 transitions. [2022-02-20 17:58:33,850 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:33,850 INFO L276 IsEmpty]: Start isEmpty. Operand 352 states and 518 transitions. [2022-02-20 17:58:33,852 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 141 [2022-02-20 17:58:33,852 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:33,852 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:33,880 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:34,067 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:58:34,068 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:34,068 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:34,068 INFO L85 PathProgramCache]: Analyzing trace with hash 877084948, now seen corresponding path program 1 times [2022-02-20 17:58:34,068 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:34,068 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [892135467] [2022-02-20 17:58:34,068 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:34,069 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:34,109 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,160 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:34,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,164 INFO L290 TraceCheckUtils]: 0: Hoare triple {5309#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,164 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,164 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,165 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5236#true} #1041#return; {5236#true} is VALID [2022-02-20 17:58:34,171 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:34,173 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,175 INFO L290 TraceCheckUtils]: 0: Hoare triple {5310#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,175 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,176 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,176 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5236#true} #1043#return; {5236#true} is VALID [2022-02-20 17:58:34,176 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:34,178 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {5309#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5311#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:34,206 INFO L290 TraceCheckUtils]: 1: Hoare triple {5311#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5312#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,207 INFO L290 TraceCheckUtils]: 2: Hoare triple {5312#(= |setClientId_#in~handle| 1)} assume true; {5312#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,207 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5312#(= |setClientId_#in~handle| 1)} {5246#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1045#return; {5237#false} is VALID [2022-02-20 17:58:34,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:34,210 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,214 INFO L290 TraceCheckUtils]: 0: Hoare triple {5310#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,214 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,214 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,214 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #1047#return; {5237#false} is VALID [2022-02-20 17:58:34,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:34,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,220 INFO L290 TraceCheckUtils]: 0: Hoare triple {5309#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,220 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,221 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,221 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #1049#return; {5237#false} is VALID [2022-02-20 17:58:34,221 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:34,223 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,225 INFO L290 TraceCheckUtils]: 0: Hoare triple {5310#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,225 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,225 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,225 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #1051#return; {5237#false} is VALID [2022-02-20 17:58:34,235 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:58:34,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,238 INFO L290 TraceCheckUtils]: 0: Hoare triple {5313#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,239 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,239 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,239 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #1027#return; {5237#false} is VALID [2022-02-20 17:58:34,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:34,248 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {5314#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,250 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #1029#return; {5237#false} is VALID [2022-02-20 17:58:34,251 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:58:34,252 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,255 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5236#true} is VALID [2022-02-20 17:58:34,255 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5236#true} is VALID [2022-02-20 17:58:34,255 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,255 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #971#return; {5237#false} is VALID [2022-02-20 17:58:34,256 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:58:34,256 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,259 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~7; {5236#true} is VALID [2022-02-20 17:58:34,259 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {5236#true} is VALID [2022-02-20 17:58:34,259 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,259 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #973#return; {5237#false} is VALID [2022-02-20 17:58:34,259 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:58:34,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {5236#true} is VALID [2022-02-20 17:58:34,263 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle; {5236#true} is VALID [2022-02-20 17:58:34,263 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {5236#true} is VALID [2022-02-20 17:58:34,263 INFO L290 TraceCheckUtils]: 3: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,264 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5236#true} {5237#false} #975#return; {5237#false} is VALID [2022-02-20 17:58:34,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:58:34,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,267 INFO L290 TraceCheckUtils]: 0: Hoare triple {5313#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,267 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,267 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #981#return; {5237#false} is VALID [2022-02-20 17:58:34,268 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:58:34,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,276 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~12; {5236#true} is VALID [2022-02-20 17:58:34,276 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {5236#true} is VALID [2022-02-20 17:58:34,276 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,277 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #983#return; {5237#false} is VALID [2022-02-20 17:58:34,277 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:58:34,278 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,280 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~7; {5236#true} is VALID [2022-02-20 17:58:34,280 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {5236#true} is VALID [2022-02-20 17:58:34,281 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,281 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #985#return; {5237#false} is VALID [2022-02-20 17:58:34,281 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:34,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,285 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5236#true} is VALID [2022-02-20 17:58:34,285 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5236#true} is VALID [2022-02-20 17:58:34,285 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,285 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #987#return; {5237#false} is VALID [2022-02-20 17:58:34,285 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:58:34,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,288 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~6; {5236#true} is VALID [2022-02-20 17:58:34,288 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {5236#true} is VALID [2022-02-20 17:58:34,288 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,289 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5236#true} {5237#false} #999#return; {5237#false} is VALID [2022-02-20 17:58:34,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 17:58:34,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,292 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {5236#true} is VALID [2022-02-20 17:58:34,292 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume 1 == ~handle; {5236#true} is VALID [2022-02-20 17:58:34,292 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {5236#true} is VALID [2022-02-20 17:58:34,292 INFO L290 TraceCheckUtils]: 3: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,292 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5236#true} {5237#false} #1001#return; {5237#false} is VALID [2022-02-20 17:58:34,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5236#true} is VALID [2022-02-20 17:58:34,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {5236#true} is VALID [2022-02-20 17:58:34,293 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5236#true} is VALID [2022-02-20 17:58:34,293 INFO L290 TraceCheckUtils]: 3: Hoare triple {5236#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {5236#true} is VALID [2022-02-20 17:58:34,293 INFO L290 TraceCheckUtils]: 4: Hoare triple {5236#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {5236#true} is VALID [2022-02-20 17:58:34,293 INFO L290 TraceCheckUtils]: 5: Hoare triple {5236#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5236#true} is VALID [2022-02-20 17:58:34,294 INFO L272 TraceCheckUtils]: 6: Hoare triple {5236#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5309#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,294 INFO L290 TraceCheckUtils]: 7: Hoare triple {5309#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,295 INFO L290 TraceCheckUtils]: 8: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,295 INFO L290 TraceCheckUtils]: 9: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,295 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5236#true} {5236#true} #1041#return; {5236#true} is VALID [2022-02-20 17:58:34,295 INFO L290 TraceCheckUtils]: 11: Hoare triple {5236#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5236#true} is VALID [2022-02-20 17:58:34,296 INFO L272 TraceCheckUtils]: 12: Hoare triple {5236#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5310#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:34,297 INFO L290 TraceCheckUtils]: 13: Hoare triple {5310#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,297 INFO L290 TraceCheckUtils]: 14: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,297 INFO L290 TraceCheckUtils]: 15: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,297 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5236#true} {5236#true} #1043#return; {5236#true} is VALID [2022-02-20 17:58:34,298 INFO L290 TraceCheckUtils]: 17: Hoare triple {5236#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5246#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:34,298 INFO L272 TraceCheckUtils]: 18: Hoare triple {5246#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5309#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,299 INFO L290 TraceCheckUtils]: 19: Hoare triple {5309#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5311#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:34,299 INFO L290 TraceCheckUtils]: 20: Hoare triple {5311#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5312#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,299 INFO L290 TraceCheckUtils]: 21: Hoare triple {5312#(= |setClientId_#in~handle| 1)} assume true; {5312#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:34,300 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5312#(= |setClientId_#in~handle| 1)} {5246#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1045#return; {5237#false} is VALID [2022-02-20 17:58:34,300 INFO L290 TraceCheckUtils]: 23: Hoare triple {5237#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5237#false} is VALID [2022-02-20 17:58:34,300 INFO L272 TraceCheckUtils]: 24: Hoare triple {5237#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5310#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:34,301 INFO L290 TraceCheckUtils]: 25: Hoare triple {5310#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,301 INFO L290 TraceCheckUtils]: 26: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,301 INFO L290 TraceCheckUtils]: 27: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,301 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5236#true} {5237#false} #1047#return; {5237#false} is VALID [2022-02-20 17:58:34,301 INFO L290 TraceCheckUtils]: 29: Hoare triple {5237#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5237#false} is VALID [2022-02-20 17:58:34,301 INFO L272 TraceCheckUtils]: 30: Hoare triple {5237#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5309#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:34,301 INFO L290 TraceCheckUtils]: 31: Hoare triple {5309#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,302 INFO L290 TraceCheckUtils]: 32: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,302 INFO L290 TraceCheckUtils]: 33: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,302 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5236#true} {5237#false} #1049#return; {5237#false} is VALID [2022-02-20 17:58:34,302 INFO L290 TraceCheckUtils]: 35: Hoare triple {5237#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5237#false} is VALID [2022-02-20 17:58:34,302 INFO L272 TraceCheckUtils]: 36: Hoare triple {5237#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5310#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:34,302 INFO L290 TraceCheckUtils]: 37: Hoare triple {5310#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,303 INFO L290 TraceCheckUtils]: 38: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,303 INFO L290 TraceCheckUtils]: 39: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,303 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5236#true} {5237#false} #1051#return; {5237#false} is VALID [2022-02-20 17:58:34,303 INFO L290 TraceCheckUtils]: 41: Hoare triple {5237#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {5237#false} is VALID [2022-02-20 17:58:34,303 INFO L290 TraceCheckUtils]: 42: Hoare triple {5237#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5237#false} is VALID [2022-02-20 17:58:34,303 INFO L290 TraceCheckUtils]: 43: Hoare triple {5237#false} assume !false; {5237#false} is VALID [2022-02-20 17:58:34,304 INFO L290 TraceCheckUtils]: 44: Hoare triple {5237#false} assume test_~splverifierCounter~0#1 < 4; {5237#false} is VALID [2022-02-20 17:58:34,304 INFO L290 TraceCheckUtils]: 45: Hoare triple {5237#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5237#false} is VALID [2022-02-20 17:58:34,304 INFO L290 TraceCheckUtils]: 46: Hoare triple {5237#false} assume !(0 == test_~op1~0#1); {5237#false} is VALID [2022-02-20 17:58:34,304 INFO L290 TraceCheckUtils]: 47: Hoare triple {5237#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {5237#false} is VALID [2022-02-20 17:58:34,304 INFO L290 TraceCheckUtils]: 48: Hoare triple {5237#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5237#false} is VALID [2022-02-20 17:58:34,304 INFO L290 TraceCheckUtils]: 49: Hoare triple {5237#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5237#false} is VALID [2022-02-20 17:58:34,305 INFO L290 TraceCheckUtils]: 50: Hoare triple {5237#false} assume { :end_inline_setClientAutoResponse } true; {5237#false} is VALID [2022-02-20 17:58:34,305 INFO L290 TraceCheckUtils]: 51: Hoare triple {5237#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5237#false} is VALID [2022-02-20 17:58:34,305 INFO L290 TraceCheckUtils]: 52: Hoare triple {5237#false} assume !false; {5237#false} is VALID [2022-02-20 17:58:34,305 INFO L290 TraceCheckUtils]: 53: Hoare triple {5237#false} assume !(test_~splverifierCounter~0#1 < 4); {5237#false} is VALID [2022-02-20 17:58:34,305 INFO L290 TraceCheckUtils]: 54: Hoare triple {5237#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {5237#false} is VALID [2022-02-20 17:58:34,305 INFO L272 TraceCheckUtils]: 55: Hoare triple {5237#false} call sendEmail(~bob~0, ~rjh~0); {5237#false} is VALID [2022-02-20 17:58:34,306 INFO L290 TraceCheckUtils]: 56: Hoare triple {5237#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5237#false} is VALID [2022-02-20 17:58:34,306 INFO L272 TraceCheckUtils]: 57: Hoare triple {5237#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5313#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:34,306 INFO L290 TraceCheckUtils]: 58: Hoare triple {5313#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,306 INFO L290 TraceCheckUtils]: 59: Hoare triple {5236#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,306 INFO L290 TraceCheckUtils]: 60: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,306 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5236#true} {5237#false} #1027#return; {5237#false} is VALID [2022-02-20 17:58:34,306 INFO L272 TraceCheckUtils]: 62: Hoare triple {5237#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5314#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:34,307 INFO L290 TraceCheckUtils]: 63: Hoare triple {5314#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,307 INFO L290 TraceCheckUtils]: 64: Hoare triple {5236#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,307 INFO L290 TraceCheckUtils]: 65: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,307 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5236#true} {5237#false} #1029#return; {5237#false} is VALID [2022-02-20 17:58:34,307 INFO L290 TraceCheckUtils]: 67: Hoare triple {5237#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {5237#false} is VALID [2022-02-20 17:58:34,307 INFO L290 TraceCheckUtils]: 68: Hoare triple {5237#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {5237#false} is VALID [2022-02-20 17:58:34,308 INFO L272 TraceCheckUtils]: 69: Hoare triple {5237#false} call outgoing(~sender#1, ~email~0#1); {5237#false} is VALID [2022-02-20 17:58:34,308 INFO L290 TraceCheckUtils]: 70: Hoare triple {5237#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {5237#false} is VALID [2022-02-20 17:58:34,308 INFO L272 TraceCheckUtils]: 71: Hoare triple {5237#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {5236#true} is VALID [2022-02-20 17:58:34,308 INFO L290 TraceCheckUtils]: 72: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5236#true} is VALID [2022-02-20 17:58:34,308 INFO L290 TraceCheckUtils]: 73: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5236#true} is VALID [2022-02-20 17:58:34,308 INFO L290 TraceCheckUtils]: 74: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,308 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5236#true} {5237#false} #971#return; {5237#false} is VALID [2022-02-20 17:58:34,309 INFO L290 TraceCheckUtils]: 76: Hoare triple {5237#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {5237#false} is VALID [2022-02-20 17:58:34,309 INFO L290 TraceCheckUtils]: 77: Hoare triple {5237#false} assume 0 == sign_~privkey~1#1; {5237#false} is VALID [2022-02-20 17:58:34,309 INFO L290 TraceCheckUtils]: 78: Hoare triple {5237#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {5237#false} is VALID [2022-02-20 17:58:34,309 INFO L272 TraceCheckUtils]: 79: Hoare triple {5237#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {5236#true} is VALID [2022-02-20 17:58:34,309 INFO L290 TraceCheckUtils]: 80: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~7; {5236#true} is VALID [2022-02-20 17:58:34,309 INFO L290 TraceCheckUtils]: 81: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {5236#true} is VALID [2022-02-20 17:58:34,310 INFO L290 TraceCheckUtils]: 82: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,310 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5236#true} {5237#false} #973#return; {5237#false} is VALID [2022-02-20 17:58:34,310 INFO L290 TraceCheckUtils]: 84: Hoare triple {5237#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {5237#false} is VALID [2022-02-20 17:58:34,310 INFO L272 TraceCheckUtils]: 85: Hoare triple {5237#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {5236#true} is VALID [2022-02-20 17:58:34,310 INFO L290 TraceCheckUtils]: 86: Hoare triple {5236#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {5236#true} is VALID [2022-02-20 17:58:34,310 INFO L290 TraceCheckUtils]: 87: Hoare triple {5236#true} assume 1 == ~handle; {5236#true} is VALID [2022-02-20 17:58:34,310 INFO L290 TraceCheckUtils]: 88: Hoare triple {5236#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {5236#true} is VALID [2022-02-20 17:58:34,311 INFO L290 TraceCheckUtils]: 89: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,311 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5236#true} {5237#false} #975#return; {5237#false} is VALID [2022-02-20 17:58:34,311 INFO L290 TraceCheckUtils]: 91: Hoare triple {5237#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {5237#false} is VALID [2022-02-20 17:58:34,311 INFO L290 TraceCheckUtils]: 92: Hoare triple {5237#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {5237#false} is VALID [2022-02-20 17:58:34,311 INFO L290 TraceCheckUtils]: 93: Hoare triple {5237#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {5237#false} is VALID [2022-02-20 17:58:34,311 INFO L290 TraceCheckUtils]: 94: Hoare triple {5237#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {5237#false} is VALID [2022-02-20 17:58:34,312 INFO L290 TraceCheckUtils]: 95: Hoare triple {5237#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {5237#false} is VALID [2022-02-20 17:58:34,312 INFO L272 TraceCheckUtils]: 96: Hoare triple {5237#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {5313#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:34,312 INFO L290 TraceCheckUtils]: 97: Hoare triple {5313#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,312 INFO L290 TraceCheckUtils]: 98: Hoare triple {5236#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,312 INFO L290 TraceCheckUtils]: 99: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,312 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {5236#true} {5237#false} #981#return; {5237#false} is VALID [2022-02-20 17:58:34,312 INFO L290 TraceCheckUtils]: 101: Hoare triple {5237#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {5237#false} is VALID [2022-02-20 17:58:34,313 INFO L272 TraceCheckUtils]: 102: Hoare triple {5237#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {5236#true} is VALID [2022-02-20 17:58:34,313 INFO L290 TraceCheckUtils]: 103: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~12; {5236#true} is VALID [2022-02-20 17:58:34,313 INFO L290 TraceCheckUtils]: 104: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {5236#true} is VALID [2022-02-20 17:58:34,313 INFO L290 TraceCheckUtils]: 105: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,313 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {5236#true} {5237#false} #983#return; {5237#false} is VALID [2022-02-20 17:58:34,313 INFO L290 TraceCheckUtils]: 107: Hoare triple {5237#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {5237#false} is VALID [2022-02-20 17:58:34,314 INFO L290 TraceCheckUtils]: 108: Hoare triple {5237#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {5237#false} is VALID [2022-02-20 17:58:34,314 INFO L272 TraceCheckUtils]: 109: Hoare triple {5237#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {5236#true} is VALID [2022-02-20 17:58:34,314 INFO L290 TraceCheckUtils]: 110: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~7; {5236#true} is VALID [2022-02-20 17:58:34,314 INFO L290 TraceCheckUtils]: 111: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {5236#true} is VALID [2022-02-20 17:58:34,314 INFO L290 TraceCheckUtils]: 112: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,314 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {5236#true} {5237#false} #985#return; {5237#false} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 114: Hoare triple {5237#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {5237#false} is VALID [2022-02-20 17:58:34,315 INFO L272 TraceCheckUtils]: 115: Hoare triple {5237#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {5236#true} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 116: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~35; {5236#true} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 117: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5236#true} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 118: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,315 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {5236#true} {5237#false} #987#return; {5237#false} is VALID [2022-02-20 17:58:34,315 INFO L290 TraceCheckUtils]: 120: Hoare triple {5237#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {5237#false} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 121: Hoare triple {5237#false} assume !(0 != incoming_~privkey~0#1); {5237#false} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 122: Hoare triple {5237#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {5237#false} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 123: Hoare triple {5237#false} assume 1 == ~sent_signed~0; {5237#false} is VALID [2022-02-20 17:58:34,316 INFO L272 TraceCheckUtils]: 124: Hoare triple {5237#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {5236#true} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 125: Hoare triple {5236#true} ~handle := #in~handle;havoc ~retValue_acc~6; {5236#true} is VALID [2022-02-20 17:58:34,316 INFO L290 TraceCheckUtils]: 126: Hoare triple {5236#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {5236#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 127: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,317 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {5236#true} {5237#false} #999#return; {5237#false} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 129: Hoare triple {5237#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {5237#false} is VALID [2022-02-20 17:58:34,317 INFO L272 TraceCheckUtils]: 130: Hoare triple {5237#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {5236#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 131: Hoare triple {5236#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {5236#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 132: Hoare triple {5236#true} assume 1 == ~handle; {5236#true} is VALID [2022-02-20 17:58:34,317 INFO L290 TraceCheckUtils]: 133: Hoare triple {5236#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {5236#true} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 134: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,318 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {5236#true} {5237#false} #1001#return; {5237#false} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 136: Hoare triple {5237#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {5237#false} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 137: Hoare triple {5237#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {5237#false} is VALID [2022-02-20 17:58:34,318 INFO L272 TraceCheckUtils]: 138: Hoare triple {5237#false} call __automaton_fail(); {5237#false} is VALID [2022-02-20 17:58:34,318 INFO L290 TraceCheckUtils]: 139: Hoare triple {5237#false} assume !false; {5237#false} is VALID [2022-02-20 17:58:34,319 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:34,319 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:34,319 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [892135467] [2022-02-20 17:58:34,319 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [892135467] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:34,320 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1870090175] [2022-02-20 17:58:34,320 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:34,320 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:34,320 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:34,321 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:34,322 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:58:34,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,587 INFO L263 TraceCheckSpWp]: Trace formula consists of 1226 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:58:34,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:34,646 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:34,968 INFO L290 TraceCheckUtils]: 0: Hoare triple {5236#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {5236#true} is VALID [2022-02-20 17:58:34,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {5236#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {5236#true} is VALID [2022-02-20 17:58:34,969 INFO L290 TraceCheckUtils]: 2: Hoare triple {5236#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5236#true} is VALID [2022-02-20 17:58:34,969 INFO L290 TraceCheckUtils]: 3: Hoare triple {5236#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {5236#true} is VALID [2022-02-20 17:58:34,969 INFO L290 TraceCheckUtils]: 4: Hoare triple {5236#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {5236#true} is VALID [2022-02-20 17:58:34,969 INFO L290 TraceCheckUtils]: 5: Hoare triple {5236#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5236#true} is VALID [2022-02-20 17:58:34,970 INFO L272 TraceCheckUtils]: 6: Hoare triple {5236#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5236#true} is VALID [2022-02-20 17:58:34,970 INFO L290 TraceCheckUtils]: 7: Hoare triple {5236#true} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,970 INFO L290 TraceCheckUtils]: 8: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,970 INFO L290 TraceCheckUtils]: 9: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,970 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5236#true} {5236#true} #1041#return; {5236#true} is VALID [2022-02-20 17:58:34,970 INFO L290 TraceCheckUtils]: 11: Hoare triple {5236#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5236#true} is VALID [2022-02-20 17:58:34,971 INFO L272 TraceCheckUtils]: 12: Hoare triple {5236#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5236#true} is VALID [2022-02-20 17:58:34,971 INFO L290 TraceCheckUtils]: 13: Hoare triple {5236#true} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,971 INFO L290 TraceCheckUtils]: 14: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,971 INFO L290 TraceCheckUtils]: 15: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,971 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5236#true} {5236#true} #1043#return; {5236#true} is VALID [2022-02-20 17:58:34,971 INFO L290 TraceCheckUtils]: 17: Hoare triple {5236#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5236#true} is VALID [2022-02-20 17:58:34,971 INFO L272 TraceCheckUtils]: 18: Hoare triple {5236#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5236#true} is VALID [2022-02-20 17:58:34,972 INFO L290 TraceCheckUtils]: 19: Hoare triple {5236#true} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,972 INFO L290 TraceCheckUtils]: 20: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,972 INFO L290 TraceCheckUtils]: 21: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,972 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5236#true} {5236#true} #1045#return; {5236#true} is VALID [2022-02-20 17:58:34,972 INFO L290 TraceCheckUtils]: 23: Hoare triple {5236#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5236#true} is VALID [2022-02-20 17:58:34,972 INFO L272 TraceCheckUtils]: 24: Hoare triple {5236#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5236#true} is VALID [2022-02-20 17:58:34,972 INFO L290 TraceCheckUtils]: 25: Hoare triple {5236#true} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,973 INFO L290 TraceCheckUtils]: 26: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,973 INFO L290 TraceCheckUtils]: 27: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,973 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5236#true} {5236#true} #1047#return; {5236#true} is VALID [2022-02-20 17:58:34,973 INFO L290 TraceCheckUtils]: 29: Hoare triple {5236#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5236#true} is VALID [2022-02-20 17:58:34,973 INFO L272 TraceCheckUtils]: 30: Hoare triple {5236#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5236#true} is VALID [2022-02-20 17:58:34,973 INFO L290 TraceCheckUtils]: 31: Hoare triple {5236#true} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,973 INFO L290 TraceCheckUtils]: 32: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,974 INFO L290 TraceCheckUtils]: 33: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,974 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5236#true} {5236#true} #1049#return; {5236#true} is VALID [2022-02-20 17:58:34,974 INFO L290 TraceCheckUtils]: 35: Hoare triple {5236#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5236#true} is VALID [2022-02-20 17:58:34,974 INFO L272 TraceCheckUtils]: 36: Hoare triple {5236#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5236#true} is VALID [2022-02-20 17:58:34,974 INFO L290 TraceCheckUtils]: 37: Hoare triple {5236#true} ~handle := #in~handle;~value := #in~value; {5236#true} is VALID [2022-02-20 17:58:34,974 INFO L290 TraceCheckUtils]: 38: Hoare triple {5236#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5236#true} is VALID [2022-02-20 17:58:34,974 INFO L290 TraceCheckUtils]: 39: Hoare triple {5236#true} assume true; {5236#true} is VALID [2022-02-20 17:58:34,975 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5236#true} {5236#true} #1051#return; {5236#true} is VALID [2022-02-20 17:58:34,975 INFO L290 TraceCheckUtils]: 41: Hoare triple {5236#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {5236#true} is VALID [2022-02-20 17:58:34,975 INFO L290 TraceCheckUtils]: 42: Hoare triple {5236#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5444#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:34,976 INFO L290 TraceCheckUtils]: 43: Hoare triple {5444#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5444#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:34,976 INFO L290 TraceCheckUtils]: 44: Hoare triple {5444#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5444#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:34,977 INFO L290 TraceCheckUtils]: 45: Hoare triple {5444#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5444#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:34,977 INFO L290 TraceCheckUtils]: 46: Hoare triple {5444#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5237#false} is VALID [2022-02-20 17:58:34,977 INFO L290 TraceCheckUtils]: 47: Hoare triple {5237#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {5237#false} is VALID [2022-02-20 17:58:34,977 INFO L290 TraceCheckUtils]: 48: Hoare triple {5237#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {5237#false} is VALID [2022-02-20 17:58:34,977 INFO L290 TraceCheckUtils]: 49: Hoare triple {5237#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {5237#false} is VALID [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 50: Hoare triple {5237#false} assume { :end_inline_setClientAutoResponse } true; {5237#false} is VALID [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 51: Hoare triple {5237#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {5237#false} is VALID [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 52: Hoare triple {5237#false} assume !false; {5237#false} is VALID [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 53: Hoare triple {5237#false} assume !(test_~splverifierCounter~0#1 < 4); {5237#false} is VALID [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 54: Hoare triple {5237#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {5237#false} is VALID [2022-02-20 17:58:34,978 INFO L272 TraceCheckUtils]: 55: Hoare triple {5237#false} call sendEmail(~bob~0, ~rjh~0); {5237#false} is VALID [2022-02-20 17:58:34,978 INFO L290 TraceCheckUtils]: 56: Hoare triple {5237#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5237#false} is VALID [2022-02-20 17:58:34,979 INFO L272 TraceCheckUtils]: 57: Hoare triple {5237#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5237#false} is VALID [2022-02-20 17:58:34,979 INFO L290 TraceCheckUtils]: 58: Hoare triple {5237#false} ~handle := #in~handle;~value := #in~value; {5237#false} is VALID [2022-02-20 17:58:34,979 INFO L290 TraceCheckUtils]: 59: Hoare triple {5237#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5237#false} is VALID [2022-02-20 17:58:34,979 INFO L290 TraceCheckUtils]: 60: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,979 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {5237#false} {5237#false} #1027#return; {5237#false} is VALID [2022-02-20 17:58:34,979 INFO L272 TraceCheckUtils]: 62: Hoare triple {5237#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5237#false} is VALID [2022-02-20 17:58:34,979 INFO L290 TraceCheckUtils]: 63: Hoare triple {5237#false} ~handle := #in~handle;~value := #in~value; {5237#false} is VALID [2022-02-20 17:58:34,980 INFO L290 TraceCheckUtils]: 64: Hoare triple {5237#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5237#false} is VALID [2022-02-20 17:58:34,980 INFO L290 TraceCheckUtils]: 65: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,980 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {5237#false} {5237#false} #1029#return; {5237#false} is VALID [2022-02-20 17:58:34,980 INFO L290 TraceCheckUtils]: 67: Hoare triple {5237#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {5237#false} is VALID [2022-02-20 17:58:34,980 INFO L290 TraceCheckUtils]: 68: Hoare triple {5237#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {5237#false} is VALID [2022-02-20 17:58:34,980 INFO L272 TraceCheckUtils]: 69: Hoare triple {5237#false} call outgoing(~sender#1, ~email~0#1); {5237#false} is VALID [2022-02-20 17:58:34,981 INFO L290 TraceCheckUtils]: 70: Hoare triple {5237#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {5237#false} is VALID [2022-02-20 17:58:34,981 INFO L272 TraceCheckUtils]: 71: Hoare triple {5237#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {5237#false} is VALID [2022-02-20 17:58:34,981 INFO L290 TraceCheckUtils]: 72: Hoare triple {5237#false} ~handle := #in~handle;havoc ~retValue_acc~35; {5237#false} is VALID [2022-02-20 17:58:34,981 INFO L290 TraceCheckUtils]: 73: Hoare triple {5237#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5237#false} is VALID [2022-02-20 17:58:34,981 INFO L290 TraceCheckUtils]: 74: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,981 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {5237#false} {5237#false} #971#return; {5237#false} is VALID [2022-02-20 17:58:34,981 INFO L290 TraceCheckUtils]: 76: Hoare triple {5237#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {5237#false} is VALID [2022-02-20 17:58:34,982 INFO L290 TraceCheckUtils]: 77: Hoare triple {5237#false} assume 0 == sign_~privkey~1#1; {5237#false} is VALID [2022-02-20 17:58:34,982 INFO L290 TraceCheckUtils]: 78: Hoare triple {5237#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {5237#false} is VALID [2022-02-20 17:58:34,982 INFO L272 TraceCheckUtils]: 79: Hoare triple {5237#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {5237#false} is VALID [2022-02-20 17:58:34,982 INFO L290 TraceCheckUtils]: 80: Hoare triple {5237#false} ~handle := #in~handle;havoc ~retValue_acc~7; {5237#false} is VALID [2022-02-20 17:58:34,982 INFO L290 TraceCheckUtils]: 81: Hoare triple {5237#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {5237#false} is VALID [2022-02-20 17:58:34,982 INFO L290 TraceCheckUtils]: 82: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,983 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {5237#false} {5237#false} #973#return; {5237#false} is VALID [2022-02-20 17:58:34,983 INFO L290 TraceCheckUtils]: 84: Hoare triple {5237#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {5237#false} is VALID [2022-02-20 17:58:34,983 INFO L272 TraceCheckUtils]: 85: Hoare triple {5237#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {5237#false} is VALID [2022-02-20 17:58:34,983 INFO L290 TraceCheckUtils]: 86: Hoare triple {5237#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {5237#false} is VALID [2022-02-20 17:58:34,983 INFO L290 TraceCheckUtils]: 87: Hoare triple {5237#false} assume 1 == ~handle; {5237#false} is VALID [2022-02-20 17:58:34,983 INFO L290 TraceCheckUtils]: 88: Hoare triple {5237#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {5237#false} is VALID [2022-02-20 17:58:34,983 INFO L290 TraceCheckUtils]: 89: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,984 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {5237#false} {5237#false} #975#return; {5237#false} is VALID [2022-02-20 17:58:34,984 INFO L290 TraceCheckUtils]: 91: Hoare triple {5237#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {5237#false} is VALID [2022-02-20 17:58:34,984 INFO L290 TraceCheckUtils]: 92: Hoare triple {5237#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {5237#false} is VALID [2022-02-20 17:58:34,984 INFO L290 TraceCheckUtils]: 93: Hoare triple {5237#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {5237#false} is VALID [2022-02-20 17:58:34,984 INFO L290 TraceCheckUtils]: 94: Hoare triple {5237#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {5237#false} is VALID [2022-02-20 17:58:34,985 INFO L290 TraceCheckUtils]: 95: Hoare triple {5237#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {5237#false} is VALID [2022-02-20 17:58:34,985 INFO L272 TraceCheckUtils]: 96: Hoare triple {5237#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {5237#false} is VALID [2022-02-20 17:58:34,985 INFO L290 TraceCheckUtils]: 97: Hoare triple {5237#false} ~handle := #in~handle;~value := #in~value; {5237#false} is VALID [2022-02-20 17:58:34,985 INFO L290 TraceCheckUtils]: 98: Hoare triple {5237#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5237#false} is VALID [2022-02-20 17:58:34,986 INFO L290 TraceCheckUtils]: 99: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,986 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {5237#false} {5237#false} #981#return; {5237#false} is VALID [2022-02-20 17:58:34,986 INFO L290 TraceCheckUtils]: 101: Hoare triple {5237#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {5237#false} is VALID [2022-02-20 17:58:34,986 INFO L272 TraceCheckUtils]: 102: Hoare triple {5237#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {5237#false} is VALID [2022-02-20 17:58:34,986 INFO L290 TraceCheckUtils]: 103: Hoare triple {5237#false} ~handle := #in~handle;havoc ~retValue_acc~12; {5237#false} is VALID [2022-02-20 17:58:34,986 INFO L290 TraceCheckUtils]: 104: Hoare triple {5237#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {5237#false} is VALID [2022-02-20 17:58:34,987 INFO L290 TraceCheckUtils]: 105: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,987 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {5237#false} {5237#false} #983#return; {5237#false} is VALID [2022-02-20 17:58:34,987 INFO L290 TraceCheckUtils]: 107: Hoare triple {5237#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {5237#false} is VALID [2022-02-20 17:58:34,987 INFO L290 TraceCheckUtils]: 108: Hoare triple {5237#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {5237#false} is VALID [2022-02-20 17:58:34,987 INFO L272 TraceCheckUtils]: 109: Hoare triple {5237#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {5237#false} is VALID [2022-02-20 17:58:34,987 INFO L290 TraceCheckUtils]: 110: Hoare triple {5237#false} ~handle := #in~handle;havoc ~retValue_acc~7; {5237#false} is VALID [2022-02-20 17:58:34,987 INFO L290 TraceCheckUtils]: 111: Hoare triple {5237#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {5237#false} is VALID [2022-02-20 17:58:34,988 INFO L290 TraceCheckUtils]: 112: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,989 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {5237#false} {5237#false} #985#return; {5237#false} is VALID [2022-02-20 17:58:34,989 INFO L290 TraceCheckUtils]: 114: Hoare triple {5237#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {5237#false} is VALID [2022-02-20 17:58:34,989 INFO L272 TraceCheckUtils]: 115: Hoare triple {5237#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {5237#false} is VALID [2022-02-20 17:58:34,989 INFO L290 TraceCheckUtils]: 116: Hoare triple {5237#false} ~handle := #in~handle;havoc ~retValue_acc~35; {5237#false} is VALID [2022-02-20 17:58:34,990 INFO L290 TraceCheckUtils]: 117: Hoare triple {5237#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {5237#false} is VALID [2022-02-20 17:58:34,990 INFO L290 TraceCheckUtils]: 118: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,990 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {5237#false} {5237#false} #987#return; {5237#false} is VALID [2022-02-20 17:58:34,990 INFO L290 TraceCheckUtils]: 120: Hoare triple {5237#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {5237#false} is VALID [2022-02-20 17:58:34,990 INFO L290 TraceCheckUtils]: 121: Hoare triple {5237#false} assume !(0 != incoming_~privkey~0#1); {5237#false} is VALID [2022-02-20 17:58:34,990 INFO L290 TraceCheckUtils]: 122: Hoare triple {5237#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {5237#false} is VALID [2022-02-20 17:58:34,990 INFO L290 TraceCheckUtils]: 123: Hoare triple {5237#false} assume 1 == ~sent_signed~0; {5237#false} is VALID [2022-02-20 17:58:34,991 INFO L272 TraceCheckUtils]: 124: Hoare triple {5237#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {5237#false} is VALID [2022-02-20 17:58:34,991 INFO L290 TraceCheckUtils]: 125: Hoare triple {5237#false} ~handle := #in~handle;havoc ~retValue_acc~6; {5237#false} is VALID [2022-02-20 17:58:34,991 INFO L290 TraceCheckUtils]: 126: Hoare triple {5237#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {5237#false} is VALID [2022-02-20 17:58:34,991 INFO L290 TraceCheckUtils]: 127: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,991 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {5237#false} {5237#false} #999#return; {5237#false} is VALID [2022-02-20 17:58:34,991 INFO L290 TraceCheckUtils]: 129: Hoare triple {5237#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {5237#false} is VALID [2022-02-20 17:58:34,991 INFO L272 TraceCheckUtils]: 130: Hoare triple {5237#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {5237#false} is VALID [2022-02-20 17:58:34,992 INFO L290 TraceCheckUtils]: 131: Hoare triple {5237#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {5237#false} is VALID [2022-02-20 17:58:34,992 INFO L290 TraceCheckUtils]: 132: Hoare triple {5237#false} assume 1 == ~handle; {5237#false} is VALID [2022-02-20 17:58:34,992 INFO L290 TraceCheckUtils]: 133: Hoare triple {5237#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {5237#false} is VALID [2022-02-20 17:58:34,992 INFO L290 TraceCheckUtils]: 134: Hoare triple {5237#false} assume true; {5237#false} is VALID [2022-02-20 17:58:34,992 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {5237#false} {5237#false} #1001#return; {5237#false} is VALID [2022-02-20 17:58:34,992 INFO L290 TraceCheckUtils]: 136: Hoare triple {5237#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {5237#false} is VALID [2022-02-20 17:58:34,993 INFO L290 TraceCheckUtils]: 137: Hoare triple {5237#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {5237#false} is VALID [2022-02-20 17:58:34,993 INFO L272 TraceCheckUtils]: 138: Hoare triple {5237#false} call __automaton_fail(); {5237#false} is VALID [2022-02-20 17:58:34,993 INFO L290 TraceCheckUtils]: 139: Hoare triple {5237#false} assume !false; {5237#false} is VALID [2022-02-20 17:58:34,993 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:34,993 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:34,994 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1870090175] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:34,994 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:34,994 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:34,994 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [668123587] [2022-02-20 17:58:34,994 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:34,995 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 140 [2022-02-20 17:58:34,996 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:34,996 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:35,095 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 115 edges. 115 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:35,095 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:35,095 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:35,096 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:35,096 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:35,096 INFO L87 Difference]: Start difference. First operand 352 states and 518 transitions. Second operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:35,656 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:35,656 INFO L93 Difference]: Finished difference Result 734 states and 1095 transitions. [2022-02-20 17:58:35,656 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:35,656 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 140 [2022-02-20 17:58:35,657 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:35,657 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:35,672 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1093 transitions. [2022-02-20 17:58:35,672 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:35,685 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1093 transitions. [2022-02-20 17:58:35,685 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1093 transitions. [2022-02-20 17:58:36,440 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1093 edges. 1093 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:36,457 INFO L225 Difference]: With dead ends: 734 [2022-02-20 17:58:36,457 INFO L226 Difference]: Without dead ends: 409 [2022-02-20 17:58:36,458 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 177 GetRequests, 169 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:36,459 INFO L933 BasicCegarLoop]: 532 mSDtfsCounter, 107 mSDsluCounter, 469 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 122 SdHoareTripleChecker+Valid, 1001 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:36,459 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [122 Valid, 1001 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:36,460 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 409 states. [2022-02-20 17:58:36,475 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 409 to 401. [2022-02-20 17:58:36,476 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:36,477 INFO L82 GeneralOperation]: Start isEquivalent. First operand 409 states. Second operand has 401 states, 308 states have (on average 1.5162337662337662) internal successors, (467), 312 states have internal predecessors, (467), 69 states have call successors, (69), 24 states have call predecessors, (69), 23 states have return successors, (66), 66 states have call predecessors, (66), 66 states have call successors, (66) [2022-02-20 17:58:36,478 INFO L74 IsIncluded]: Start isIncluded. First operand 409 states. Second operand has 401 states, 308 states have (on average 1.5162337662337662) internal successors, (467), 312 states have internal predecessors, (467), 69 states have call successors, (69), 24 states have call predecessors, (69), 23 states have return successors, (66), 66 states have call predecessors, (66), 66 states have call successors, (66) [2022-02-20 17:58:36,479 INFO L87 Difference]: Start difference. First operand 409 states. Second operand has 401 states, 308 states have (on average 1.5162337662337662) internal successors, (467), 312 states have internal predecessors, (467), 69 states have call successors, (69), 24 states have call predecessors, (69), 23 states have return successors, (66), 66 states have call predecessors, (66), 66 states have call successors, (66) [2022-02-20 17:58:36,496 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:36,496 INFO L93 Difference]: Finished difference Result 409 states and 611 transitions. [2022-02-20 17:58:36,496 INFO L276 IsEmpty]: Start isEmpty. Operand 409 states and 611 transitions. [2022-02-20 17:58:36,499 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:36,499 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:36,500 INFO L74 IsIncluded]: Start isIncluded. First operand has 401 states, 308 states have (on average 1.5162337662337662) internal successors, (467), 312 states have internal predecessors, (467), 69 states have call successors, (69), 24 states have call predecessors, (69), 23 states have return successors, (66), 66 states have call predecessors, (66), 66 states have call successors, (66) Second operand 409 states. [2022-02-20 17:58:36,501 INFO L87 Difference]: Start difference. First operand has 401 states, 308 states have (on average 1.5162337662337662) internal successors, (467), 312 states have internal predecessors, (467), 69 states have call successors, (69), 24 states have call predecessors, (69), 23 states have return successors, (66), 66 states have call predecessors, (66), 66 states have call successors, (66) Second operand 409 states. [2022-02-20 17:58:36,517 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:36,517 INFO L93 Difference]: Finished difference Result 409 states and 611 transitions. [2022-02-20 17:58:36,517 INFO L276 IsEmpty]: Start isEmpty. Operand 409 states and 611 transitions. [2022-02-20 17:58:36,519 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:36,520 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:36,520 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:36,520 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:36,521 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 401 states, 308 states have (on average 1.5162337662337662) internal successors, (467), 312 states have internal predecessors, (467), 69 states have call successors, (69), 24 states have call predecessors, (69), 23 states have return successors, (66), 66 states have call predecessors, (66), 66 states have call successors, (66) [2022-02-20 17:58:36,539 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 401 states to 401 states and 602 transitions. [2022-02-20 17:58:36,539 INFO L78 Accepts]: Start accepts. Automaton has 401 states and 602 transitions. Word has length 140 [2022-02-20 17:58:36,539 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:36,539 INFO L470 AbstractCegarLoop]: Abstraction has 401 states and 602 transitions. [2022-02-20 17:58:36,540 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 26.0) internal successors, (78), 3 states have internal predecessors, (78), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:36,540 INFO L276 IsEmpty]: Start isEmpty. Operand 401 states and 602 transitions. [2022-02-20 17:58:36,542 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 142 [2022-02-20 17:58:36,542 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:36,542 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:36,568 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:36,759 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:36,760 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:36,760 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:36,760 INFO L85 PathProgramCache]: Analyzing trace with hash 888237591, now seen corresponding path program 1 times [2022-02-20 17:58:36,760 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:36,760 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [9628284] [2022-02-20 17:58:36,761 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:36,761 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:36,805 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:36,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,850 INFO L290 TraceCheckUtils]: 0: Hoare triple {8227#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,850 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,850 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,850 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8154#true} #1041#return; {8154#true} is VALID [2022-02-20 17:58:36,857 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:36,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,861 INFO L290 TraceCheckUtils]: 0: Hoare triple {8228#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,861 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,861 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,861 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8154#true} #1043#return; {8154#true} is VALID [2022-02-20 17:58:36,862 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:36,864 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,877 INFO L290 TraceCheckUtils]: 0: Hoare triple {8227#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8229#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:36,878 INFO L290 TraceCheckUtils]: 1: Hoare triple {8229#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8230#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:36,878 INFO L290 TraceCheckUtils]: 2: Hoare triple {8230#(= |setClientId_#in~handle| 1)} assume true; {8230#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:36,879 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8230#(= |setClientId_#in~handle| 1)} {8164#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1045#return; {8155#false} is VALID [2022-02-20 17:58:36,879 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:36,882 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {8228#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,884 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,884 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,885 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #1047#return; {8155#false} is VALID [2022-02-20 17:58:36,885 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:36,886 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,888 INFO L290 TraceCheckUtils]: 0: Hoare triple {8227#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,889 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,889 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #1049#return; {8155#false} is VALID [2022-02-20 17:58:36,889 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:36,891 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,893 INFO L290 TraceCheckUtils]: 0: Hoare triple {8228#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,893 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,893 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,894 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #1051#return; {8155#false} is VALID [2022-02-20 17:58:36,901 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:58:36,902 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,904 INFO L290 TraceCheckUtils]: 0: Hoare triple {8231#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,904 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,904 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,905 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #1027#return; {8155#false} is VALID [2022-02-20 17:58:36,913 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:58:36,915 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,917 INFO L290 TraceCheckUtils]: 0: Hoare triple {8232#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,917 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,917 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,917 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #1029#return; {8155#false} is VALID [2022-02-20 17:58:36,917 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:58:36,918 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,920 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8154#true} is VALID [2022-02-20 17:58:36,921 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8154#true} is VALID [2022-02-20 17:58:36,921 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,921 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #971#return; {8155#false} is VALID [2022-02-20 17:58:36,921 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:58:36,922 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,924 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~7; {8154#true} is VALID [2022-02-20 17:58:36,924 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {8154#true} is VALID [2022-02-20 17:58:36,924 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,925 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #973#return; {8155#false} is VALID [2022-02-20 17:58:36,925 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:58:36,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,928 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {8154#true} is VALID [2022-02-20 17:58:36,928 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle; {8154#true} is VALID [2022-02-20 17:58:36,928 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {8154#true} is VALID [2022-02-20 17:58:36,928 INFO L290 TraceCheckUtils]: 3: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,929 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8154#true} {8155#false} #975#return; {8155#false} is VALID [2022-02-20 17:58:36,929 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:58:36,930 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,932 INFO L290 TraceCheckUtils]: 0: Hoare triple {8231#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,932 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,932 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,932 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #981#return; {8155#false} is VALID [2022-02-20 17:58:36,933 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:58:36,934 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,937 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~12; {8154#true} is VALID [2022-02-20 17:58:36,937 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {8154#true} is VALID [2022-02-20 17:58:36,937 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,937 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #983#return; {8155#false} is VALID [2022-02-20 17:58:36,938 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 17:58:36,939 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,941 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~7; {8154#true} is VALID [2022-02-20 17:58:36,941 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {8154#true} is VALID [2022-02-20 17:58:36,941 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,942 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #985#return; {8155#false} is VALID [2022-02-20 17:58:36,942 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 17:58:36,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8154#true} is VALID [2022-02-20 17:58:36,945 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8154#true} is VALID [2022-02-20 17:58:36,945 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,945 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #987#return; {8155#false} is VALID [2022-02-20 17:58:36,946 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:58:36,947 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,949 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~6; {8154#true} is VALID [2022-02-20 17:58:36,949 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {8154#true} is VALID [2022-02-20 17:58:36,949 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,949 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8154#true} {8155#false} #999#return; {8155#false} is VALID [2022-02-20 17:58:36,950 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:58:36,951 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:36,953 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {8154#true} is VALID [2022-02-20 17:58:36,953 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume 1 == ~handle; {8154#true} is VALID [2022-02-20 17:58:36,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {8154#true} is VALID [2022-02-20 17:58:36,953 INFO L290 TraceCheckUtils]: 3: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,954 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8154#true} {8155#false} #1001#return; {8155#false} is VALID [2022-02-20 17:58:36,954 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8154#true} is VALID [2022-02-20 17:58:36,954 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {8154#true} is VALID [2022-02-20 17:58:36,954 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8154#true} is VALID [2022-02-20 17:58:36,954 INFO L290 TraceCheckUtils]: 3: Hoare triple {8154#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {8154#true} is VALID [2022-02-20 17:58:36,954 INFO L290 TraceCheckUtils]: 4: Hoare triple {8154#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {8154#true} is VALID [2022-02-20 17:58:36,955 INFO L290 TraceCheckUtils]: 5: Hoare triple {8154#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8154#true} is VALID [2022-02-20 17:58:36,955 INFO L272 TraceCheckUtils]: 6: Hoare triple {8154#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8227#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:36,956 INFO L290 TraceCheckUtils]: 7: Hoare triple {8227#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,956 INFO L290 TraceCheckUtils]: 8: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,956 INFO L290 TraceCheckUtils]: 9: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,956 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8154#true} {8154#true} #1041#return; {8154#true} is VALID [2022-02-20 17:58:36,956 INFO L290 TraceCheckUtils]: 11: Hoare triple {8154#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8154#true} is VALID [2022-02-20 17:58:36,957 INFO L272 TraceCheckUtils]: 12: Hoare triple {8154#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8228#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:36,957 INFO L290 TraceCheckUtils]: 13: Hoare triple {8228#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,957 INFO L290 TraceCheckUtils]: 14: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,957 INFO L290 TraceCheckUtils]: 15: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,958 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8154#true} {8154#true} #1043#return; {8154#true} is VALID [2022-02-20 17:58:36,958 INFO L290 TraceCheckUtils]: 17: Hoare triple {8154#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8164#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:36,959 INFO L272 TraceCheckUtils]: 18: Hoare triple {8164#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8227#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:36,959 INFO L290 TraceCheckUtils]: 19: Hoare triple {8227#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8229#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:36,960 INFO L290 TraceCheckUtils]: 20: Hoare triple {8229#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8230#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:36,960 INFO L290 TraceCheckUtils]: 21: Hoare triple {8230#(= |setClientId_#in~handle| 1)} assume true; {8230#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:36,961 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8230#(= |setClientId_#in~handle| 1)} {8164#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1045#return; {8155#false} is VALID [2022-02-20 17:58:36,961 INFO L290 TraceCheckUtils]: 23: Hoare triple {8155#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8155#false} is VALID [2022-02-20 17:58:36,961 INFO L272 TraceCheckUtils]: 24: Hoare triple {8155#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8228#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:36,961 INFO L290 TraceCheckUtils]: 25: Hoare triple {8228#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,961 INFO L290 TraceCheckUtils]: 26: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,961 INFO L290 TraceCheckUtils]: 27: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,962 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8154#true} {8155#false} #1047#return; {8155#false} is VALID [2022-02-20 17:58:36,962 INFO L290 TraceCheckUtils]: 29: Hoare triple {8155#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8155#false} is VALID [2022-02-20 17:58:36,962 INFO L272 TraceCheckUtils]: 30: Hoare triple {8155#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8227#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:36,962 INFO L290 TraceCheckUtils]: 31: Hoare triple {8227#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,962 INFO L290 TraceCheckUtils]: 32: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,962 INFO L290 TraceCheckUtils]: 33: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,963 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8154#true} {8155#false} #1049#return; {8155#false} is VALID [2022-02-20 17:58:36,963 INFO L290 TraceCheckUtils]: 35: Hoare triple {8155#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8155#false} is VALID [2022-02-20 17:58:36,963 INFO L272 TraceCheckUtils]: 36: Hoare triple {8155#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8228#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:36,963 INFO L290 TraceCheckUtils]: 37: Hoare triple {8228#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,963 INFO L290 TraceCheckUtils]: 38: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,963 INFO L290 TraceCheckUtils]: 39: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,963 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8154#true} {8155#false} #1051#return; {8155#false} is VALID [2022-02-20 17:58:36,964 INFO L290 TraceCheckUtils]: 41: Hoare triple {8155#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {8155#false} is VALID [2022-02-20 17:58:36,964 INFO L290 TraceCheckUtils]: 42: Hoare triple {8155#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8155#false} is VALID [2022-02-20 17:58:36,964 INFO L290 TraceCheckUtils]: 43: Hoare triple {8155#false} assume !false; {8155#false} is VALID [2022-02-20 17:58:36,964 INFO L290 TraceCheckUtils]: 44: Hoare triple {8155#false} assume test_~splverifierCounter~0#1 < 4; {8155#false} is VALID [2022-02-20 17:58:36,964 INFO L290 TraceCheckUtils]: 45: Hoare triple {8155#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8155#false} is VALID [2022-02-20 17:58:36,964 INFO L290 TraceCheckUtils]: 46: Hoare triple {8155#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {8155#false} is VALID [2022-02-20 17:58:36,965 INFO L290 TraceCheckUtils]: 47: Hoare triple {8155#false} assume !(0 != test_~tmp___9~0#1); {8155#false} is VALID [2022-02-20 17:58:36,965 INFO L290 TraceCheckUtils]: 48: Hoare triple {8155#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {8155#false} is VALID [2022-02-20 17:58:36,965 INFO L290 TraceCheckUtils]: 49: Hoare triple {8155#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8155#false} is VALID [2022-02-20 17:58:36,965 INFO L290 TraceCheckUtils]: 50: Hoare triple {8155#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8155#false} is VALID [2022-02-20 17:58:36,965 INFO L290 TraceCheckUtils]: 51: Hoare triple {8155#false} assume { :end_inline_setClientAutoResponse } true; {8155#false} is VALID [2022-02-20 17:58:36,965 INFO L290 TraceCheckUtils]: 52: Hoare triple {8155#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8155#false} is VALID [2022-02-20 17:58:36,965 INFO L290 TraceCheckUtils]: 53: Hoare triple {8155#false} assume !false; {8155#false} is VALID [2022-02-20 17:58:36,966 INFO L290 TraceCheckUtils]: 54: Hoare triple {8155#false} assume !(test_~splverifierCounter~0#1 < 4); {8155#false} is VALID [2022-02-20 17:58:36,966 INFO L290 TraceCheckUtils]: 55: Hoare triple {8155#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {8155#false} is VALID [2022-02-20 17:58:36,966 INFO L272 TraceCheckUtils]: 56: Hoare triple {8155#false} call sendEmail(~bob~0, ~rjh~0); {8155#false} is VALID [2022-02-20 17:58:36,966 INFO L290 TraceCheckUtils]: 57: Hoare triple {8155#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8155#false} is VALID [2022-02-20 17:58:36,966 INFO L272 TraceCheckUtils]: 58: Hoare triple {8155#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8231#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:36,966 INFO L290 TraceCheckUtils]: 59: Hoare triple {8231#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,967 INFO L290 TraceCheckUtils]: 60: Hoare triple {8154#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,967 INFO L290 TraceCheckUtils]: 61: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,967 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8154#true} {8155#false} #1027#return; {8155#false} is VALID [2022-02-20 17:58:36,967 INFO L272 TraceCheckUtils]: 63: Hoare triple {8155#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8232#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:36,967 INFO L290 TraceCheckUtils]: 64: Hoare triple {8232#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,967 INFO L290 TraceCheckUtils]: 65: Hoare triple {8154#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,967 INFO L290 TraceCheckUtils]: 66: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,968 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8154#true} {8155#false} #1029#return; {8155#false} is VALID [2022-02-20 17:58:36,968 INFO L290 TraceCheckUtils]: 68: Hoare triple {8155#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {8155#false} is VALID [2022-02-20 17:58:36,968 INFO L290 TraceCheckUtils]: 69: Hoare triple {8155#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {8155#false} is VALID [2022-02-20 17:58:36,968 INFO L272 TraceCheckUtils]: 70: Hoare triple {8155#false} call outgoing(~sender#1, ~email~0#1); {8155#false} is VALID [2022-02-20 17:58:36,968 INFO L290 TraceCheckUtils]: 71: Hoare triple {8155#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {8155#false} is VALID [2022-02-20 17:58:36,968 INFO L272 TraceCheckUtils]: 72: Hoare triple {8155#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {8154#true} is VALID [2022-02-20 17:58:36,969 INFO L290 TraceCheckUtils]: 73: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8154#true} is VALID [2022-02-20 17:58:36,969 INFO L290 TraceCheckUtils]: 74: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8154#true} is VALID [2022-02-20 17:58:36,969 INFO L290 TraceCheckUtils]: 75: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,969 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8154#true} {8155#false} #971#return; {8155#false} is VALID [2022-02-20 17:58:36,969 INFO L290 TraceCheckUtils]: 77: Hoare triple {8155#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {8155#false} is VALID [2022-02-20 17:58:36,969 INFO L290 TraceCheckUtils]: 78: Hoare triple {8155#false} assume 0 == sign_~privkey~1#1; {8155#false} is VALID [2022-02-20 17:58:36,969 INFO L290 TraceCheckUtils]: 79: Hoare triple {8155#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {8155#false} is VALID [2022-02-20 17:58:36,970 INFO L272 TraceCheckUtils]: 80: Hoare triple {8155#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {8154#true} is VALID [2022-02-20 17:58:36,970 INFO L290 TraceCheckUtils]: 81: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~7; {8154#true} is VALID [2022-02-20 17:58:36,970 INFO L290 TraceCheckUtils]: 82: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {8154#true} is VALID [2022-02-20 17:58:36,970 INFO L290 TraceCheckUtils]: 83: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,970 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {8154#true} {8155#false} #973#return; {8155#false} is VALID [2022-02-20 17:58:36,970 INFO L290 TraceCheckUtils]: 85: Hoare triple {8155#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {8155#false} is VALID [2022-02-20 17:58:36,971 INFO L272 TraceCheckUtils]: 86: Hoare triple {8155#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {8154#true} is VALID [2022-02-20 17:58:36,971 INFO L290 TraceCheckUtils]: 87: Hoare triple {8154#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {8154#true} is VALID [2022-02-20 17:58:36,971 INFO L290 TraceCheckUtils]: 88: Hoare triple {8154#true} assume 1 == ~handle; {8154#true} is VALID [2022-02-20 17:58:36,971 INFO L290 TraceCheckUtils]: 89: Hoare triple {8154#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {8154#true} is VALID [2022-02-20 17:58:36,971 INFO L290 TraceCheckUtils]: 90: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,971 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {8154#true} {8155#false} #975#return; {8155#false} is VALID [2022-02-20 17:58:36,971 INFO L290 TraceCheckUtils]: 92: Hoare triple {8155#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {8155#false} is VALID [2022-02-20 17:58:36,972 INFO L290 TraceCheckUtils]: 93: Hoare triple {8155#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {8155#false} is VALID [2022-02-20 17:58:36,972 INFO L290 TraceCheckUtils]: 94: Hoare triple {8155#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {8155#false} is VALID [2022-02-20 17:58:36,972 INFO L290 TraceCheckUtils]: 95: Hoare triple {8155#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {8155#false} is VALID [2022-02-20 17:58:36,972 INFO L290 TraceCheckUtils]: 96: Hoare triple {8155#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {8155#false} is VALID [2022-02-20 17:58:36,972 INFO L272 TraceCheckUtils]: 97: Hoare triple {8155#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {8231#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:36,972 INFO L290 TraceCheckUtils]: 98: Hoare triple {8231#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:36,973 INFO L290 TraceCheckUtils]: 99: Hoare triple {8154#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:36,973 INFO L290 TraceCheckUtils]: 100: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,973 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {8154#true} {8155#false} #981#return; {8155#false} is VALID [2022-02-20 17:58:36,973 INFO L290 TraceCheckUtils]: 102: Hoare triple {8155#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {8155#false} is VALID [2022-02-20 17:58:36,973 INFO L272 TraceCheckUtils]: 103: Hoare triple {8155#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {8154#true} is VALID [2022-02-20 17:58:36,973 INFO L290 TraceCheckUtils]: 104: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~12; {8154#true} is VALID [2022-02-20 17:58:36,973 INFO L290 TraceCheckUtils]: 105: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {8154#true} is VALID [2022-02-20 17:58:36,974 INFO L290 TraceCheckUtils]: 106: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,974 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {8154#true} {8155#false} #983#return; {8155#false} is VALID [2022-02-20 17:58:36,974 INFO L290 TraceCheckUtils]: 108: Hoare triple {8155#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {8155#false} is VALID [2022-02-20 17:58:36,974 INFO L290 TraceCheckUtils]: 109: Hoare triple {8155#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {8155#false} is VALID [2022-02-20 17:58:36,974 INFO L272 TraceCheckUtils]: 110: Hoare triple {8155#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {8154#true} is VALID [2022-02-20 17:58:36,974 INFO L290 TraceCheckUtils]: 111: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~7; {8154#true} is VALID [2022-02-20 17:58:36,975 INFO L290 TraceCheckUtils]: 112: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {8154#true} is VALID [2022-02-20 17:58:36,975 INFO L290 TraceCheckUtils]: 113: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,975 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {8154#true} {8155#false} #985#return; {8155#false} is VALID [2022-02-20 17:58:36,975 INFO L290 TraceCheckUtils]: 115: Hoare triple {8155#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {8155#false} is VALID [2022-02-20 17:58:36,975 INFO L272 TraceCheckUtils]: 116: Hoare triple {8155#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {8154#true} is VALID [2022-02-20 17:58:36,975 INFO L290 TraceCheckUtils]: 117: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~35; {8154#true} is VALID [2022-02-20 17:58:36,975 INFO L290 TraceCheckUtils]: 118: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8154#true} is VALID [2022-02-20 17:58:36,976 INFO L290 TraceCheckUtils]: 119: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,976 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {8154#true} {8155#false} #987#return; {8155#false} is VALID [2022-02-20 17:58:36,976 INFO L290 TraceCheckUtils]: 121: Hoare triple {8155#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {8155#false} is VALID [2022-02-20 17:58:36,976 INFO L290 TraceCheckUtils]: 122: Hoare triple {8155#false} assume !(0 != incoming_~privkey~0#1); {8155#false} is VALID [2022-02-20 17:58:36,976 INFO L290 TraceCheckUtils]: 123: Hoare triple {8155#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {8155#false} is VALID [2022-02-20 17:58:36,976 INFO L290 TraceCheckUtils]: 124: Hoare triple {8155#false} assume 1 == ~sent_signed~0; {8155#false} is VALID [2022-02-20 17:58:36,977 INFO L272 TraceCheckUtils]: 125: Hoare triple {8155#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {8154#true} is VALID [2022-02-20 17:58:36,977 INFO L290 TraceCheckUtils]: 126: Hoare triple {8154#true} ~handle := #in~handle;havoc ~retValue_acc~6; {8154#true} is VALID [2022-02-20 17:58:36,977 INFO L290 TraceCheckUtils]: 127: Hoare triple {8154#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {8154#true} is VALID [2022-02-20 17:58:36,977 INFO L290 TraceCheckUtils]: 128: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,977 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {8154#true} {8155#false} #999#return; {8155#false} is VALID [2022-02-20 17:58:36,977 INFO L290 TraceCheckUtils]: 130: Hoare triple {8155#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {8155#false} is VALID [2022-02-20 17:58:36,977 INFO L272 TraceCheckUtils]: 131: Hoare triple {8155#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {8154#true} is VALID [2022-02-20 17:58:36,978 INFO L290 TraceCheckUtils]: 132: Hoare triple {8154#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {8154#true} is VALID [2022-02-20 17:58:36,978 INFO L290 TraceCheckUtils]: 133: Hoare triple {8154#true} assume 1 == ~handle; {8154#true} is VALID [2022-02-20 17:58:36,978 INFO L290 TraceCheckUtils]: 134: Hoare triple {8154#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {8154#true} is VALID [2022-02-20 17:58:36,978 INFO L290 TraceCheckUtils]: 135: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:36,978 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {8154#true} {8155#false} #1001#return; {8155#false} is VALID [2022-02-20 17:58:36,978 INFO L290 TraceCheckUtils]: 137: Hoare triple {8155#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {8155#false} is VALID [2022-02-20 17:58:36,979 INFO L290 TraceCheckUtils]: 138: Hoare triple {8155#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {8155#false} is VALID [2022-02-20 17:58:36,979 INFO L272 TraceCheckUtils]: 139: Hoare triple {8155#false} call __automaton_fail(); {8155#false} is VALID [2022-02-20 17:58:36,979 INFO L290 TraceCheckUtils]: 140: Hoare triple {8155#false} assume !false; {8155#false} is VALID [2022-02-20 17:58:36,979 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:36,980 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:36,980 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [9628284] [2022-02-20 17:58:36,980 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [9628284] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:36,980 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [906247654] [2022-02-20 17:58:36,980 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:36,980 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:36,981 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:36,982 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:36,983 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:58:37,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:37,265 INFO L263 TraceCheckSpWp]: Trace formula consists of 1233 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:58:37,315 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:37,319 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:37,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {8154#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {8154#true} is VALID [2022-02-20 17:58:37,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {8154#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {8154#true} is VALID [2022-02-20 17:58:37,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {8154#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8154#true} is VALID [2022-02-20 17:58:37,704 INFO L290 TraceCheckUtils]: 3: Hoare triple {8154#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {8154#true} is VALID [2022-02-20 17:58:37,704 INFO L290 TraceCheckUtils]: 4: Hoare triple {8154#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {8154#true} is VALID [2022-02-20 17:58:37,704 INFO L290 TraceCheckUtils]: 5: Hoare triple {8154#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8154#true} is VALID [2022-02-20 17:58:37,704 INFO L272 TraceCheckUtils]: 6: Hoare triple {8154#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8154#true} is VALID [2022-02-20 17:58:37,704 INFO L290 TraceCheckUtils]: 7: Hoare triple {8154#true} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:37,705 INFO L290 TraceCheckUtils]: 8: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:37,705 INFO L290 TraceCheckUtils]: 9: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:37,705 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8154#true} {8154#true} #1041#return; {8154#true} is VALID [2022-02-20 17:58:37,705 INFO L290 TraceCheckUtils]: 11: Hoare triple {8154#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8154#true} is VALID [2022-02-20 17:58:37,705 INFO L272 TraceCheckUtils]: 12: Hoare triple {8154#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8154#true} is VALID [2022-02-20 17:58:37,705 INFO L290 TraceCheckUtils]: 13: Hoare triple {8154#true} ~handle := #in~handle;~value := #in~value; {8154#true} is VALID [2022-02-20 17:58:37,705 INFO L290 TraceCheckUtils]: 14: Hoare triple {8154#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8154#true} is VALID [2022-02-20 17:58:37,705 INFO L290 TraceCheckUtils]: 15: Hoare triple {8154#true} assume true; {8154#true} is VALID [2022-02-20 17:58:37,705 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8154#true} {8154#true} #1043#return; {8154#true} is VALID [2022-02-20 17:58:37,706 INFO L290 TraceCheckUtils]: 17: Hoare triple {8154#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8287#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:37,706 INFO L272 TraceCheckUtils]: 18: Hoare triple {8287#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8154#true} is VALID [2022-02-20 17:58:37,707 INFO L290 TraceCheckUtils]: 19: Hoare triple {8154#true} ~handle := #in~handle;~value := #in~value; {8294#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:58:37,707 INFO L290 TraceCheckUtils]: 20: Hoare triple {8294#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8298#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:37,707 INFO L290 TraceCheckUtils]: 21: Hoare triple {8298#(<= |setClientId_#in~handle| 1)} assume true; {8298#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:37,708 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8298#(<= |setClientId_#in~handle| 1)} {8287#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1045#return; {8155#false} is VALID [2022-02-20 17:58:37,708 INFO L290 TraceCheckUtils]: 23: Hoare triple {8155#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8155#false} is VALID [2022-02-20 17:58:37,708 INFO L272 TraceCheckUtils]: 24: Hoare triple {8155#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8155#false} is VALID [2022-02-20 17:58:37,709 INFO L290 TraceCheckUtils]: 25: Hoare triple {8155#false} ~handle := #in~handle;~value := #in~value; {8155#false} is VALID [2022-02-20 17:58:37,709 INFO L290 TraceCheckUtils]: 26: Hoare triple {8155#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8155#false} is VALID [2022-02-20 17:58:37,709 INFO L290 TraceCheckUtils]: 27: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,709 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8155#false} {8155#false} #1047#return; {8155#false} is VALID [2022-02-20 17:58:37,709 INFO L290 TraceCheckUtils]: 29: Hoare triple {8155#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8155#false} is VALID [2022-02-20 17:58:37,709 INFO L272 TraceCheckUtils]: 30: Hoare triple {8155#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8155#false} is VALID [2022-02-20 17:58:37,709 INFO L290 TraceCheckUtils]: 31: Hoare triple {8155#false} ~handle := #in~handle;~value := #in~value; {8155#false} is VALID [2022-02-20 17:58:37,709 INFO L290 TraceCheckUtils]: 32: Hoare triple {8155#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8155#false} is VALID [2022-02-20 17:58:37,709 INFO L290 TraceCheckUtils]: 33: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,710 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8155#false} {8155#false} #1049#return; {8155#false} is VALID [2022-02-20 17:58:37,710 INFO L290 TraceCheckUtils]: 35: Hoare triple {8155#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8155#false} is VALID [2022-02-20 17:58:37,710 INFO L272 TraceCheckUtils]: 36: Hoare triple {8155#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8155#false} is VALID [2022-02-20 17:58:37,710 INFO L290 TraceCheckUtils]: 37: Hoare triple {8155#false} ~handle := #in~handle;~value := #in~value; {8155#false} is VALID [2022-02-20 17:58:37,710 INFO L290 TraceCheckUtils]: 38: Hoare triple {8155#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8155#false} is VALID [2022-02-20 17:58:37,710 INFO L290 TraceCheckUtils]: 39: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,710 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8155#false} {8155#false} #1051#return; {8155#false} is VALID [2022-02-20 17:58:37,710 INFO L290 TraceCheckUtils]: 41: Hoare triple {8155#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {8155#false} is VALID [2022-02-20 17:58:37,710 INFO L290 TraceCheckUtils]: 42: Hoare triple {8155#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8155#false} is VALID [2022-02-20 17:58:37,711 INFO L290 TraceCheckUtils]: 43: Hoare triple {8155#false} assume !false; {8155#false} is VALID [2022-02-20 17:58:37,711 INFO L290 TraceCheckUtils]: 44: Hoare triple {8155#false} assume test_~splverifierCounter~0#1 < 4; {8155#false} is VALID [2022-02-20 17:58:37,711 INFO L290 TraceCheckUtils]: 45: Hoare triple {8155#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8155#false} is VALID [2022-02-20 17:58:37,711 INFO L290 TraceCheckUtils]: 46: Hoare triple {8155#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {8155#false} is VALID [2022-02-20 17:58:37,711 INFO L290 TraceCheckUtils]: 47: Hoare triple {8155#false} assume !(0 != test_~tmp___9~0#1); {8155#false} is VALID [2022-02-20 17:58:37,711 INFO L290 TraceCheckUtils]: 48: Hoare triple {8155#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {8155#false} is VALID [2022-02-20 17:58:37,711 INFO L290 TraceCheckUtils]: 49: Hoare triple {8155#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {8155#false} is VALID [2022-02-20 17:58:37,711 INFO L290 TraceCheckUtils]: 50: Hoare triple {8155#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {8155#false} is VALID [2022-02-20 17:58:37,711 INFO L290 TraceCheckUtils]: 51: Hoare triple {8155#false} assume { :end_inline_setClientAutoResponse } true; {8155#false} is VALID [2022-02-20 17:58:37,712 INFO L290 TraceCheckUtils]: 52: Hoare triple {8155#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {8155#false} is VALID [2022-02-20 17:58:37,712 INFO L290 TraceCheckUtils]: 53: Hoare triple {8155#false} assume !false; {8155#false} is VALID [2022-02-20 17:58:37,712 INFO L290 TraceCheckUtils]: 54: Hoare triple {8155#false} assume !(test_~splverifierCounter~0#1 < 4); {8155#false} is VALID [2022-02-20 17:58:37,712 INFO L290 TraceCheckUtils]: 55: Hoare triple {8155#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {8155#false} is VALID [2022-02-20 17:58:37,712 INFO L272 TraceCheckUtils]: 56: Hoare triple {8155#false} call sendEmail(~bob~0, ~rjh~0); {8155#false} is VALID [2022-02-20 17:58:37,712 INFO L290 TraceCheckUtils]: 57: Hoare triple {8155#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8155#false} is VALID [2022-02-20 17:58:37,712 INFO L272 TraceCheckUtils]: 58: Hoare triple {8155#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8155#false} is VALID [2022-02-20 17:58:37,712 INFO L290 TraceCheckUtils]: 59: Hoare triple {8155#false} ~handle := #in~handle;~value := #in~value; {8155#false} is VALID [2022-02-20 17:58:37,712 INFO L290 TraceCheckUtils]: 60: Hoare triple {8155#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L290 TraceCheckUtils]: 61: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {8155#false} {8155#false} #1027#return; {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L272 TraceCheckUtils]: 63: Hoare triple {8155#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L290 TraceCheckUtils]: 64: Hoare triple {8155#false} ~handle := #in~handle;~value := #in~value; {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L290 TraceCheckUtils]: 65: Hoare triple {8155#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L290 TraceCheckUtils]: 66: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {8155#false} {8155#false} #1029#return; {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L290 TraceCheckUtils]: 68: Hoare triple {8155#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L290 TraceCheckUtils]: 69: Hoare triple {8155#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {8155#false} is VALID [2022-02-20 17:58:37,713 INFO L272 TraceCheckUtils]: 70: Hoare triple {8155#false} call outgoing(~sender#1, ~email~0#1); {8155#false} is VALID [2022-02-20 17:58:37,714 INFO L290 TraceCheckUtils]: 71: Hoare triple {8155#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {8155#false} is VALID [2022-02-20 17:58:37,714 INFO L272 TraceCheckUtils]: 72: Hoare triple {8155#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {8155#false} is VALID [2022-02-20 17:58:37,714 INFO L290 TraceCheckUtils]: 73: Hoare triple {8155#false} ~handle := #in~handle;havoc ~retValue_acc~35; {8155#false} is VALID [2022-02-20 17:58:37,714 INFO L290 TraceCheckUtils]: 74: Hoare triple {8155#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8155#false} is VALID [2022-02-20 17:58:37,714 INFO L290 TraceCheckUtils]: 75: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,714 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {8155#false} {8155#false} #971#return; {8155#false} is VALID [2022-02-20 17:58:37,714 INFO L290 TraceCheckUtils]: 77: Hoare triple {8155#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {8155#false} is VALID [2022-02-20 17:58:37,714 INFO L290 TraceCheckUtils]: 78: Hoare triple {8155#false} assume 0 == sign_~privkey~1#1; {8155#false} is VALID [2022-02-20 17:58:37,714 INFO L290 TraceCheckUtils]: 79: Hoare triple {8155#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L272 TraceCheckUtils]: 80: Hoare triple {8155#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L290 TraceCheckUtils]: 81: Hoare triple {8155#false} ~handle := #in~handle;havoc ~retValue_acc~7; {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L290 TraceCheckUtils]: 82: Hoare triple {8155#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L290 TraceCheckUtils]: 83: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {8155#false} {8155#false} #973#return; {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L290 TraceCheckUtils]: 85: Hoare triple {8155#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L272 TraceCheckUtils]: 86: Hoare triple {8155#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L290 TraceCheckUtils]: 87: Hoare triple {8155#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L290 TraceCheckUtils]: 88: Hoare triple {8155#false} assume 1 == ~handle; {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L290 TraceCheckUtils]: 89: Hoare triple {8155#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {8155#false} is VALID [2022-02-20 17:58:37,715 INFO L290 TraceCheckUtils]: 90: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,716 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {8155#false} {8155#false} #975#return; {8155#false} is VALID [2022-02-20 17:58:37,716 INFO L290 TraceCheckUtils]: 92: Hoare triple {8155#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {8155#false} is VALID [2022-02-20 17:58:37,716 INFO L290 TraceCheckUtils]: 93: Hoare triple {8155#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {8155#false} is VALID [2022-02-20 17:58:37,716 INFO L290 TraceCheckUtils]: 94: Hoare triple {8155#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {8155#false} is VALID [2022-02-20 17:58:37,716 INFO L290 TraceCheckUtils]: 95: Hoare triple {8155#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {8155#false} is VALID [2022-02-20 17:58:37,716 INFO L290 TraceCheckUtils]: 96: Hoare triple {8155#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {8155#false} is VALID [2022-02-20 17:58:37,716 INFO L272 TraceCheckUtils]: 97: Hoare triple {8155#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {8155#false} is VALID [2022-02-20 17:58:37,716 INFO L290 TraceCheckUtils]: 98: Hoare triple {8155#false} ~handle := #in~handle;~value := #in~value; {8155#false} is VALID [2022-02-20 17:58:37,716 INFO L290 TraceCheckUtils]: 99: Hoare triple {8155#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8155#false} is VALID [2022-02-20 17:58:37,717 INFO L290 TraceCheckUtils]: 100: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,717 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {8155#false} {8155#false} #981#return; {8155#false} is VALID [2022-02-20 17:58:37,717 INFO L290 TraceCheckUtils]: 102: Hoare triple {8155#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {8155#false} is VALID [2022-02-20 17:58:37,717 INFO L272 TraceCheckUtils]: 103: Hoare triple {8155#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {8155#false} is VALID [2022-02-20 17:58:37,717 INFO L290 TraceCheckUtils]: 104: Hoare triple {8155#false} ~handle := #in~handle;havoc ~retValue_acc~12; {8155#false} is VALID [2022-02-20 17:58:37,717 INFO L290 TraceCheckUtils]: 105: Hoare triple {8155#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {8155#false} is VALID [2022-02-20 17:58:37,717 INFO L290 TraceCheckUtils]: 106: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,717 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {8155#false} {8155#false} #983#return; {8155#false} is VALID [2022-02-20 17:58:37,717 INFO L290 TraceCheckUtils]: 108: Hoare triple {8155#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {8155#false} is VALID [2022-02-20 17:58:37,718 INFO L290 TraceCheckUtils]: 109: Hoare triple {8155#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {8155#false} is VALID [2022-02-20 17:58:37,718 INFO L272 TraceCheckUtils]: 110: Hoare triple {8155#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {8155#false} is VALID [2022-02-20 17:58:37,718 INFO L290 TraceCheckUtils]: 111: Hoare triple {8155#false} ~handle := #in~handle;havoc ~retValue_acc~7; {8155#false} is VALID [2022-02-20 17:58:37,718 INFO L290 TraceCheckUtils]: 112: Hoare triple {8155#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {8155#false} is VALID [2022-02-20 17:58:37,718 INFO L290 TraceCheckUtils]: 113: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,718 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {8155#false} {8155#false} #985#return; {8155#false} is VALID [2022-02-20 17:58:37,718 INFO L290 TraceCheckUtils]: 115: Hoare triple {8155#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {8155#false} is VALID [2022-02-20 17:58:37,718 INFO L272 TraceCheckUtils]: 116: Hoare triple {8155#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {8155#false} is VALID [2022-02-20 17:58:37,718 INFO L290 TraceCheckUtils]: 117: Hoare triple {8155#false} ~handle := #in~handle;havoc ~retValue_acc~35; {8155#false} is VALID [2022-02-20 17:58:37,719 INFO L290 TraceCheckUtils]: 118: Hoare triple {8155#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {8155#false} is VALID [2022-02-20 17:58:37,719 INFO L290 TraceCheckUtils]: 119: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,719 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {8155#false} {8155#false} #987#return; {8155#false} is VALID [2022-02-20 17:58:37,719 INFO L290 TraceCheckUtils]: 121: Hoare triple {8155#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {8155#false} is VALID [2022-02-20 17:58:37,719 INFO L290 TraceCheckUtils]: 122: Hoare triple {8155#false} assume !(0 != incoming_~privkey~0#1); {8155#false} is VALID [2022-02-20 17:58:37,719 INFO L290 TraceCheckUtils]: 123: Hoare triple {8155#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {8155#false} is VALID [2022-02-20 17:58:37,719 INFO L290 TraceCheckUtils]: 124: Hoare triple {8155#false} assume 1 == ~sent_signed~0; {8155#false} is VALID [2022-02-20 17:58:37,719 INFO L272 TraceCheckUtils]: 125: Hoare triple {8155#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {8155#false} is VALID [2022-02-20 17:58:37,719 INFO L290 TraceCheckUtils]: 126: Hoare triple {8155#false} ~handle := #in~handle;havoc ~retValue_acc~6; {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L290 TraceCheckUtils]: 127: Hoare triple {8155#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L290 TraceCheckUtils]: 128: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {8155#false} {8155#false} #999#return; {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L290 TraceCheckUtils]: 130: Hoare triple {8155#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L272 TraceCheckUtils]: 131: Hoare triple {8155#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L290 TraceCheckUtils]: 132: Hoare triple {8155#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L290 TraceCheckUtils]: 133: Hoare triple {8155#false} assume 1 == ~handle; {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L290 TraceCheckUtils]: 134: Hoare triple {8155#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L290 TraceCheckUtils]: 135: Hoare triple {8155#false} assume true; {8155#false} is VALID [2022-02-20 17:58:37,720 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {8155#false} {8155#false} #1001#return; {8155#false} is VALID [2022-02-20 17:58:37,721 INFO L290 TraceCheckUtils]: 137: Hoare triple {8155#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {8155#false} is VALID [2022-02-20 17:58:37,721 INFO L290 TraceCheckUtils]: 138: Hoare triple {8155#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {8155#false} is VALID [2022-02-20 17:58:37,721 INFO L272 TraceCheckUtils]: 139: Hoare triple {8155#false} call __automaton_fail(); {8155#false} is VALID [2022-02-20 17:58:37,721 INFO L290 TraceCheckUtils]: 140: Hoare triple {8155#false} assume !false; {8155#false} is VALID [2022-02-20 17:58:37,721 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:58:37,721 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:37,722 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [906247654] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:37,722 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:37,722 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:58:37,722 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1885614091] [2022-02-20 17:58:37,722 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:37,723 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 141 [2022-02-20 17:58:37,723 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:37,723 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:37,823 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:37,824 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:37,824 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:37,824 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:37,824 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:37,825 INFO L87 Difference]: Start difference. First operand 401 states and 602 transitions. Second operand has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:38,822 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:38,823 INFO L93 Difference]: Finished difference Result 793 states and 1194 transitions. [2022-02-20 17:58:38,823 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:58:38,823 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 141 [2022-02-20 17:58:38,824 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:38,824 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:38,835 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1022 transitions. [2022-02-20 17:58:38,836 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:38,847 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1022 transitions. [2022-02-20 17:58:38,847 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1022 transitions. [2022-02-20 17:58:39,594 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1022 edges. 1022 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:39,608 INFO L225 Difference]: With dead ends: 793 [2022-02-20 17:58:39,608 INFO L226 Difference]: Without dead ends: 403 [2022-02-20 17:58:39,610 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 179 GetRequests, 168 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:58:39,610 INFO L933 BasicCegarLoop]: 507 mSDtfsCounter, 125 mSDsluCounter, 1377 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 145 SdHoareTripleChecker+Valid, 1884 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:39,611 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [145 Valid, 1884 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:39,612 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 403 states. [2022-02-20 17:58:39,663 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 403 to 403. [2022-02-20 17:58:39,664 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:39,665 INFO L82 GeneralOperation]: Start isEquivalent. First operand 403 states. Second operand has 403 states, 309 states have (on average 1.5145631067961165) internal successors, (468), 314 states have internal predecessors, (468), 69 states have call successors, (69), 24 states have call predecessors, (69), 24 states have return successors, (68), 66 states have call predecessors, (68), 66 states have call successors, (68) [2022-02-20 17:58:39,666 INFO L74 IsIncluded]: Start isIncluded. First operand 403 states. Second operand has 403 states, 309 states have (on average 1.5145631067961165) internal successors, (468), 314 states have internal predecessors, (468), 69 states have call successors, (69), 24 states have call predecessors, (69), 24 states have return successors, (68), 66 states have call predecessors, (68), 66 states have call successors, (68) [2022-02-20 17:58:39,667 INFO L87 Difference]: Start difference. First operand 403 states. Second operand has 403 states, 309 states have (on average 1.5145631067961165) internal successors, (468), 314 states have internal predecessors, (468), 69 states have call successors, (69), 24 states have call predecessors, (69), 24 states have return successors, (68), 66 states have call predecessors, (68), 66 states have call successors, (68) [2022-02-20 17:58:39,682 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:39,682 INFO L93 Difference]: Finished difference Result 403 states and 605 transitions. [2022-02-20 17:58:39,682 INFO L276 IsEmpty]: Start isEmpty. Operand 403 states and 605 transitions. [2022-02-20 17:58:39,684 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:39,684 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:39,685 INFO L74 IsIncluded]: Start isIncluded. First operand has 403 states, 309 states have (on average 1.5145631067961165) internal successors, (468), 314 states have internal predecessors, (468), 69 states have call successors, (69), 24 states have call predecessors, (69), 24 states have return successors, (68), 66 states have call predecessors, (68), 66 states have call successors, (68) Second operand 403 states. [2022-02-20 17:58:39,686 INFO L87 Difference]: Start difference. First operand has 403 states, 309 states have (on average 1.5145631067961165) internal successors, (468), 314 states have internal predecessors, (468), 69 states have call successors, (69), 24 states have call predecessors, (69), 24 states have return successors, (68), 66 states have call predecessors, (68), 66 states have call successors, (68) Second operand 403 states. [2022-02-20 17:58:39,701 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:39,701 INFO L93 Difference]: Finished difference Result 403 states and 605 transitions. [2022-02-20 17:58:39,701 INFO L276 IsEmpty]: Start isEmpty. Operand 403 states and 605 transitions. [2022-02-20 17:58:39,703 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:39,703 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:39,703 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:39,703 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:39,704 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 403 states, 309 states have (on average 1.5145631067961165) internal successors, (468), 314 states have internal predecessors, (468), 69 states have call successors, (69), 24 states have call predecessors, (69), 24 states have return successors, (68), 66 states have call predecessors, (68), 66 states have call successors, (68) [2022-02-20 17:58:39,722 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 403 states to 403 states and 605 transitions. [2022-02-20 17:58:39,722 INFO L78 Accepts]: Start accepts. Automaton has 403 states and 605 transitions. Word has length 141 [2022-02-20 17:58:39,722 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:39,722 INFO L470 AbstractCegarLoop]: Abstraction has 403 states and 605 transitions. [2022-02-20 17:58:39,723 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 21.75) internal successors, (87), 5 states have internal predecessors, (87), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:39,723 INFO L276 IsEmpty]: Start isEmpty. Operand 403 states and 605 transitions. [2022-02-20 17:58:39,726 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 143 [2022-02-20 17:58:39,726 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:39,726 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:39,754 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:39,939 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:39,939 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:39,940 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:39,940 INFO L85 PathProgramCache]: Analyzing trace with hash -757453659, now seen corresponding path program 1 times [2022-02-20 17:58:39,940 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:39,940 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [256702292] [2022-02-20 17:58:39,940 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:39,940 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:39,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,027 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:40,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {11236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,032 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,032 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11161#true} #1041#return; {11161#true} is VALID [2022-02-20 17:58:40,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:40,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {11237#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,045 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,045 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11161#true} #1043#return; {11161#true} is VALID [2022-02-20 17:58:40,045 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:40,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,063 INFO L290 TraceCheckUtils]: 0: Hoare triple {11236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11238#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:40,063 INFO L290 TraceCheckUtils]: 1: Hoare triple {11238#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11238#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:40,064 INFO L290 TraceCheckUtils]: 2: Hoare triple {11238#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11239#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:40,064 INFO L290 TraceCheckUtils]: 3: Hoare triple {11239#(= 2 |setClientId_#in~handle|)} assume true; {11239#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:40,065 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11239#(= 2 |setClientId_#in~handle|)} {11171#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1045#return; {11177#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:40,065 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:40,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,085 INFO L290 TraceCheckUtils]: 0: Hoare triple {11237#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11240#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:40,085 INFO L290 TraceCheckUtils]: 1: Hoare triple {11240#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11241#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:40,086 INFO L290 TraceCheckUtils]: 2: Hoare triple {11241#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11241#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:40,086 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11241#(= |setClientPrivateKey_#in~handle| 1)} {11177#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1047#return; {11162#false} is VALID [2022-02-20 17:58:40,087 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:58:40,089 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,091 INFO L290 TraceCheckUtils]: 0: Hoare triple {11236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,092 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,092 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,092 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #1049#return; {11162#false} is VALID [2022-02-20 17:58:40,092 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:58:40,094 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,096 INFO L290 TraceCheckUtils]: 0: Hoare triple {11237#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,096 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,097 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,097 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #1051#return; {11162#false} is VALID [2022-02-20 17:58:40,106 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:58:40,108 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,110 INFO L290 TraceCheckUtils]: 0: Hoare triple {11242#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,110 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,110 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,110 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #1027#return; {11162#false} is VALID [2022-02-20 17:58:40,119 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:58:40,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,125 INFO L290 TraceCheckUtils]: 0: Hoare triple {11243#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,125 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,125 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,125 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #1029#return; {11162#false} is VALID [2022-02-20 17:58:40,126 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:58:40,128 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,129 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~35; {11161#true} is VALID [2022-02-20 17:58:40,130 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11161#true} is VALID [2022-02-20 17:58:40,130 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,130 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #971#return; {11162#false} is VALID [2022-02-20 17:58:40,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:58:40,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,133 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~7; {11161#true} is VALID [2022-02-20 17:58:40,133 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {11161#true} is VALID [2022-02-20 17:58:40,133 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,133 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #973#return; {11162#false} is VALID [2022-02-20 17:58:40,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:58:40,134 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,136 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {11161#true} is VALID [2022-02-20 17:58:40,136 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle; {11161#true} is VALID [2022-02-20 17:58:40,136 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {11161#true} is VALID [2022-02-20 17:58:40,137 INFO L290 TraceCheckUtils]: 3: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,137 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11161#true} {11162#false} #975#return; {11162#false} is VALID [2022-02-20 17:58:40,137 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:58:40,138 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,139 INFO L290 TraceCheckUtils]: 0: Hoare triple {11242#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,140 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,140 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,140 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #981#return; {11162#false} is VALID [2022-02-20 17:58:40,140 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:58:40,141 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,143 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~12; {11161#true} is VALID [2022-02-20 17:58:40,143 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {11161#true} is VALID [2022-02-20 17:58:40,143 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,143 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #983#return; {11162#false} is VALID [2022-02-20 17:58:40,144 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:58:40,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,147 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~7; {11161#true} is VALID [2022-02-20 17:58:40,147 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {11161#true} is VALID [2022-02-20 17:58:40,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,147 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #985#return; {11162#false} is VALID [2022-02-20 17:58:40,147 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 17:58:40,148 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,150 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~35; {11161#true} is VALID [2022-02-20 17:58:40,150 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11161#true} is VALID [2022-02-20 17:58:40,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,151 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #987#return; {11162#false} is VALID [2022-02-20 17:58:40,151 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 17:58:40,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,153 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~6; {11161#true} is VALID [2022-02-20 17:58:40,154 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {11161#true} is VALID [2022-02-20 17:58:40,154 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,154 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11161#true} {11162#false} #999#return; {11162#false} is VALID [2022-02-20 17:58:40,154 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 17:58:40,155 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,157 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {11161#true} is VALID [2022-02-20 17:58:40,157 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume 1 == ~handle; {11161#true} is VALID [2022-02-20 17:58:40,157 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {11161#true} is VALID [2022-02-20 17:58:40,157 INFO L290 TraceCheckUtils]: 3: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,157 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11161#true} {11162#false} #1001#return; {11162#false} is VALID [2022-02-20 17:58:40,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11161#true} is VALID [2022-02-20 17:58:40,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {11161#true} is VALID [2022-02-20 17:58:40,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11161#true} is VALID [2022-02-20 17:58:40,158 INFO L290 TraceCheckUtils]: 3: Hoare triple {11161#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {11161#true} is VALID [2022-02-20 17:58:40,158 INFO L290 TraceCheckUtils]: 4: Hoare triple {11161#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {11161#true} is VALID [2022-02-20 17:58:40,159 INFO L290 TraceCheckUtils]: 5: Hoare triple {11161#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11161#true} is VALID [2022-02-20 17:58:40,159 INFO L272 TraceCheckUtils]: 6: Hoare triple {11161#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:40,160 INFO L290 TraceCheckUtils]: 7: Hoare triple {11236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,160 INFO L290 TraceCheckUtils]: 8: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,160 INFO L290 TraceCheckUtils]: 9: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,160 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11161#true} {11161#true} #1041#return; {11161#true} is VALID [2022-02-20 17:58:40,160 INFO L290 TraceCheckUtils]: 11: Hoare triple {11161#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11161#true} is VALID [2022-02-20 17:58:40,161 INFO L272 TraceCheckUtils]: 12: Hoare triple {11161#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11237#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:40,161 INFO L290 TraceCheckUtils]: 13: Hoare triple {11237#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,161 INFO L290 TraceCheckUtils]: 14: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,161 INFO L290 TraceCheckUtils]: 15: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,162 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11161#true} {11161#true} #1043#return; {11161#true} is VALID [2022-02-20 17:58:40,162 INFO L290 TraceCheckUtils]: 17: Hoare triple {11161#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11171#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:40,163 INFO L272 TraceCheckUtils]: 18: Hoare triple {11171#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:40,163 INFO L290 TraceCheckUtils]: 19: Hoare triple {11236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11238#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:40,164 INFO L290 TraceCheckUtils]: 20: Hoare triple {11238#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11238#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:40,164 INFO L290 TraceCheckUtils]: 21: Hoare triple {11238#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11239#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:40,164 INFO L290 TraceCheckUtils]: 22: Hoare triple {11239#(= 2 |setClientId_#in~handle|)} assume true; {11239#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:40,165 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11239#(= 2 |setClientId_#in~handle|)} {11171#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1045#return; {11177#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:40,165 INFO L290 TraceCheckUtils]: 24: Hoare triple {11177#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {11177#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:40,166 INFO L272 TraceCheckUtils]: 25: Hoare triple {11177#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11237#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:40,167 INFO L290 TraceCheckUtils]: 26: Hoare triple {11237#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11240#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:40,167 INFO L290 TraceCheckUtils]: 27: Hoare triple {11240#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11241#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:40,167 INFO L290 TraceCheckUtils]: 28: Hoare triple {11241#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11241#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:40,168 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11241#(= |setClientPrivateKey_#in~handle| 1)} {11177#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1047#return; {11162#false} is VALID [2022-02-20 17:58:40,168 INFO L290 TraceCheckUtils]: 30: Hoare triple {11162#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11162#false} is VALID [2022-02-20 17:58:40,168 INFO L272 TraceCheckUtils]: 31: Hoare triple {11162#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:40,168 INFO L290 TraceCheckUtils]: 32: Hoare triple {11236#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,169 INFO L290 TraceCheckUtils]: 33: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,169 INFO L290 TraceCheckUtils]: 34: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,169 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11161#true} {11162#false} #1049#return; {11162#false} is VALID [2022-02-20 17:58:40,169 INFO L290 TraceCheckUtils]: 36: Hoare triple {11162#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11162#false} is VALID [2022-02-20 17:58:40,169 INFO L272 TraceCheckUtils]: 37: Hoare triple {11162#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11237#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:40,169 INFO L290 TraceCheckUtils]: 38: Hoare triple {11237#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,170 INFO L290 TraceCheckUtils]: 39: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,170 INFO L290 TraceCheckUtils]: 40: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,170 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11161#true} {11162#false} #1051#return; {11162#false} is VALID [2022-02-20 17:58:40,170 INFO L290 TraceCheckUtils]: 42: Hoare triple {11162#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {11162#false} is VALID [2022-02-20 17:58:40,170 INFO L290 TraceCheckUtils]: 43: Hoare triple {11162#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11162#false} is VALID [2022-02-20 17:58:40,170 INFO L290 TraceCheckUtils]: 44: Hoare triple {11162#false} assume !false; {11162#false} is VALID [2022-02-20 17:58:40,171 INFO L290 TraceCheckUtils]: 45: Hoare triple {11162#false} assume test_~splverifierCounter~0#1 < 4; {11162#false} is VALID [2022-02-20 17:58:40,171 INFO L290 TraceCheckUtils]: 46: Hoare triple {11162#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11162#false} is VALID [2022-02-20 17:58:40,171 INFO L290 TraceCheckUtils]: 47: Hoare triple {11162#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {11162#false} is VALID [2022-02-20 17:58:40,171 INFO L290 TraceCheckUtils]: 48: Hoare triple {11162#false} assume !(0 != test_~tmp___9~0#1); {11162#false} is VALID [2022-02-20 17:58:40,171 INFO L290 TraceCheckUtils]: 49: Hoare triple {11162#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {11162#false} is VALID [2022-02-20 17:58:40,172 INFO L290 TraceCheckUtils]: 50: Hoare triple {11162#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11162#false} is VALID [2022-02-20 17:58:40,172 INFO L290 TraceCheckUtils]: 51: Hoare triple {11162#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11162#false} is VALID [2022-02-20 17:58:40,172 INFO L290 TraceCheckUtils]: 52: Hoare triple {11162#false} assume { :end_inline_setClientAutoResponse } true; {11162#false} is VALID [2022-02-20 17:58:40,172 INFO L290 TraceCheckUtils]: 53: Hoare triple {11162#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11162#false} is VALID [2022-02-20 17:58:40,172 INFO L290 TraceCheckUtils]: 54: Hoare triple {11162#false} assume !false; {11162#false} is VALID [2022-02-20 17:58:40,172 INFO L290 TraceCheckUtils]: 55: Hoare triple {11162#false} assume !(test_~splverifierCounter~0#1 < 4); {11162#false} is VALID [2022-02-20 17:58:40,172 INFO L290 TraceCheckUtils]: 56: Hoare triple {11162#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {11162#false} is VALID [2022-02-20 17:58:40,173 INFO L272 TraceCheckUtils]: 57: Hoare triple {11162#false} call sendEmail(~bob~0, ~rjh~0); {11162#false} is VALID [2022-02-20 17:58:40,173 INFO L290 TraceCheckUtils]: 58: Hoare triple {11162#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11162#false} is VALID [2022-02-20 17:58:40,173 INFO L272 TraceCheckUtils]: 59: Hoare triple {11162#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11242#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:40,173 INFO L290 TraceCheckUtils]: 60: Hoare triple {11242#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,173 INFO L290 TraceCheckUtils]: 61: Hoare triple {11161#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,173 INFO L290 TraceCheckUtils]: 62: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,174 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11161#true} {11162#false} #1027#return; {11162#false} is VALID [2022-02-20 17:58:40,174 INFO L272 TraceCheckUtils]: 64: Hoare triple {11162#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11243#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:40,174 INFO L290 TraceCheckUtils]: 65: Hoare triple {11243#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,174 INFO L290 TraceCheckUtils]: 66: Hoare triple {11161#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,174 INFO L290 TraceCheckUtils]: 67: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,174 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11161#true} {11162#false} #1029#return; {11162#false} is VALID [2022-02-20 17:58:40,175 INFO L290 TraceCheckUtils]: 69: Hoare triple {11162#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {11162#false} is VALID [2022-02-20 17:58:40,175 INFO L290 TraceCheckUtils]: 70: Hoare triple {11162#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {11162#false} is VALID [2022-02-20 17:58:40,175 INFO L272 TraceCheckUtils]: 71: Hoare triple {11162#false} call outgoing(~sender#1, ~email~0#1); {11162#false} is VALID [2022-02-20 17:58:40,175 INFO L290 TraceCheckUtils]: 72: Hoare triple {11162#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {11162#false} is VALID [2022-02-20 17:58:40,175 INFO L272 TraceCheckUtils]: 73: Hoare triple {11162#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {11161#true} is VALID [2022-02-20 17:58:40,175 INFO L290 TraceCheckUtils]: 74: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~35; {11161#true} is VALID [2022-02-20 17:58:40,176 INFO L290 TraceCheckUtils]: 75: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11161#true} is VALID [2022-02-20 17:58:40,176 INFO L290 TraceCheckUtils]: 76: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,176 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {11161#true} {11162#false} #971#return; {11162#false} is VALID [2022-02-20 17:58:40,176 INFO L290 TraceCheckUtils]: 78: Hoare triple {11162#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {11162#false} is VALID [2022-02-20 17:58:40,176 INFO L290 TraceCheckUtils]: 79: Hoare triple {11162#false} assume 0 == sign_~privkey~1#1; {11162#false} is VALID [2022-02-20 17:58:40,177 INFO L290 TraceCheckUtils]: 80: Hoare triple {11162#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {11162#false} is VALID [2022-02-20 17:58:40,177 INFO L272 TraceCheckUtils]: 81: Hoare triple {11162#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {11161#true} is VALID [2022-02-20 17:58:40,177 INFO L290 TraceCheckUtils]: 82: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~7; {11161#true} is VALID [2022-02-20 17:58:40,177 INFO L290 TraceCheckUtils]: 83: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {11161#true} is VALID [2022-02-20 17:58:40,177 INFO L290 TraceCheckUtils]: 84: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,177 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {11161#true} {11162#false} #973#return; {11162#false} is VALID [2022-02-20 17:58:40,177 INFO L290 TraceCheckUtils]: 86: Hoare triple {11162#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {11162#false} is VALID [2022-02-20 17:58:40,178 INFO L272 TraceCheckUtils]: 87: Hoare triple {11162#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {11161#true} is VALID [2022-02-20 17:58:40,178 INFO L290 TraceCheckUtils]: 88: Hoare triple {11161#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {11161#true} is VALID [2022-02-20 17:58:40,178 INFO L290 TraceCheckUtils]: 89: Hoare triple {11161#true} assume 1 == ~handle; {11161#true} is VALID [2022-02-20 17:58:40,178 INFO L290 TraceCheckUtils]: 90: Hoare triple {11161#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {11161#true} is VALID [2022-02-20 17:58:40,178 INFO L290 TraceCheckUtils]: 91: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,178 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {11161#true} {11162#false} #975#return; {11162#false} is VALID [2022-02-20 17:58:40,179 INFO L290 TraceCheckUtils]: 93: Hoare triple {11162#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {11162#false} is VALID [2022-02-20 17:58:40,179 INFO L290 TraceCheckUtils]: 94: Hoare triple {11162#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {11162#false} is VALID [2022-02-20 17:58:40,179 INFO L290 TraceCheckUtils]: 95: Hoare triple {11162#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {11162#false} is VALID [2022-02-20 17:58:40,179 INFO L290 TraceCheckUtils]: 96: Hoare triple {11162#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {11162#false} is VALID [2022-02-20 17:58:40,179 INFO L290 TraceCheckUtils]: 97: Hoare triple {11162#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {11162#false} is VALID [2022-02-20 17:58:40,180 INFO L272 TraceCheckUtils]: 98: Hoare triple {11162#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {11242#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:40,180 INFO L290 TraceCheckUtils]: 99: Hoare triple {11242#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,180 INFO L290 TraceCheckUtils]: 100: Hoare triple {11161#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,180 INFO L290 TraceCheckUtils]: 101: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,180 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {11161#true} {11162#false} #981#return; {11162#false} is VALID [2022-02-20 17:58:40,180 INFO L290 TraceCheckUtils]: 103: Hoare triple {11162#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {11162#false} is VALID [2022-02-20 17:58:40,181 INFO L272 TraceCheckUtils]: 104: Hoare triple {11162#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {11161#true} is VALID [2022-02-20 17:58:40,181 INFO L290 TraceCheckUtils]: 105: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~12; {11161#true} is VALID [2022-02-20 17:58:40,181 INFO L290 TraceCheckUtils]: 106: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {11161#true} is VALID [2022-02-20 17:58:40,181 INFO L290 TraceCheckUtils]: 107: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,181 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {11161#true} {11162#false} #983#return; {11162#false} is VALID [2022-02-20 17:58:40,181 INFO L290 TraceCheckUtils]: 109: Hoare triple {11162#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {11162#false} is VALID [2022-02-20 17:58:40,182 INFO L290 TraceCheckUtils]: 110: Hoare triple {11162#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {11162#false} is VALID [2022-02-20 17:58:40,182 INFO L272 TraceCheckUtils]: 111: Hoare triple {11162#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {11161#true} is VALID [2022-02-20 17:58:40,182 INFO L290 TraceCheckUtils]: 112: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~7; {11161#true} is VALID [2022-02-20 17:58:40,182 INFO L290 TraceCheckUtils]: 113: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {11161#true} is VALID [2022-02-20 17:58:40,182 INFO L290 TraceCheckUtils]: 114: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,182 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {11161#true} {11162#false} #985#return; {11162#false} is VALID [2022-02-20 17:58:40,183 INFO L290 TraceCheckUtils]: 116: Hoare triple {11162#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {11162#false} is VALID [2022-02-20 17:58:40,183 INFO L272 TraceCheckUtils]: 117: Hoare triple {11162#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {11161#true} is VALID [2022-02-20 17:58:40,183 INFO L290 TraceCheckUtils]: 118: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~35; {11161#true} is VALID [2022-02-20 17:58:40,183 INFO L290 TraceCheckUtils]: 119: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11161#true} is VALID [2022-02-20 17:58:40,183 INFO L290 TraceCheckUtils]: 120: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,183 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {11161#true} {11162#false} #987#return; {11162#false} is VALID [2022-02-20 17:58:40,184 INFO L290 TraceCheckUtils]: 122: Hoare triple {11162#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {11162#false} is VALID [2022-02-20 17:58:40,184 INFO L290 TraceCheckUtils]: 123: Hoare triple {11162#false} assume !(0 != incoming_~privkey~0#1); {11162#false} is VALID [2022-02-20 17:58:40,184 INFO L290 TraceCheckUtils]: 124: Hoare triple {11162#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {11162#false} is VALID [2022-02-20 17:58:40,184 INFO L290 TraceCheckUtils]: 125: Hoare triple {11162#false} assume 1 == ~sent_signed~0; {11162#false} is VALID [2022-02-20 17:58:40,184 INFO L272 TraceCheckUtils]: 126: Hoare triple {11162#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {11161#true} is VALID [2022-02-20 17:58:40,184 INFO L290 TraceCheckUtils]: 127: Hoare triple {11161#true} ~handle := #in~handle;havoc ~retValue_acc~6; {11161#true} is VALID [2022-02-20 17:58:40,185 INFO L290 TraceCheckUtils]: 128: Hoare triple {11161#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {11161#true} is VALID [2022-02-20 17:58:40,185 INFO L290 TraceCheckUtils]: 129: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,185 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {11161#true} {11162#false} #999#return; {11162#false} is VALID [2022-02-20 17:58:40,185 INFO L290 TraceCheckUtils]: 131: Hoare triple {11162#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {11162#false} is VALID [2022-02-20 17:58:40,185 INFO L272 TraceCheckUtils]: 132: Hoare triple {11162#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {11161#true} is VALID [2022-02-20 17:58:40,185 INFO L290 TraceCheckUtils]: 133: Hoare triple {11161#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {11161#true} is VALID [2022-02-20 17:58:40,186 INFO L290 TraceCheckUtils]: 134: Hoare triple {11161#true} assume 1 == ~handle; {11161#true} is VALID [2022-02-20 17:58:40,186 INFO L290 TraceCheckUtils]: 135: Hoare triple {11161#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {11161#true} is VALID [2022-02-20 17:58:40,186 INFO L290 TraceCheckUtils]: 136: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,186 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {11161#true} {11162#false} #1001#return; {11162#false} is VALID [2022-02-20 17:58:40,186 INFO L290 TraceCheckUtils]: 138: Hoare triple {11162#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {11162#false} is VALID [2022-02-20 17:58:40,186 INFO L290 TraceCheckUtils]: 139: Hoare triple {11162#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {11162#false} is VALID [2022-02-20 17:58:40,187 INFO L272 TraceCheckUtils]: 140: Hoare triple {11162#false} call __automaton_fail(); {11162#false} is VALID [2022-02-20 17:58:40,187 INFO L290 TraceCheckUtils]: 141: Hoare triple {11162#false} assume !false; {11162#false} is VALID [2022-02-20 17:58:40,187 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2022-02-20 17:58:40,187 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:40,187 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [256702292] [2022-02-20 17:58:40,188 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [256702292] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:40,188 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1812919027] [2022-02-20 17:58:40,188 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:40,188 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:40,188 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:40,192 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:40,217 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:58:40,463 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,468 INFO L263 TraceCheckSpWp]: Trace formula consists of 1234 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:58:40,520 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:40,523 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:40,839 INFO L290 TraceCheckUtils]: 0: Hoare triple {11161#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {11161#true} is VALID [2022-02-20 17:58:40,839 INFO L290 TraceCheckUtils]: 1: Hoare triple {11161#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {11161#true} is VALID [2022-02-20 17:58:40,839 INFO L290 TraceCheckUtils]: 2: Hoare triple {11161#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11161#true} is VALID [2022-02-20 17:58:40,840 INFO L290 TraceCheckUtils]: 3: Hoare triple {11161#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {11161#true} is VALID [2022-02-20 17:58:40,840 INFO L290 TraceCheckUtils]: 4: Hoare triple {11161#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {11161#true} is VALID [2022-02-20 17:58:40,840 INFO L290 TraceCheckUtils]: 5: Hoare triple {11161#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11161#true} is VALID [2022-02-20 17:58:40,840 INFO L272 TraceCheckUtils]: 6: Hoare triple {11161#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11161#true} is VALID [2022-02-20 17:58:40,840 INFO L290 TraceCheckUtils]: 7: Hoare triple {11161#true} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,840 INFO L290 TraceCheckUtils]: 8: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,840 INFO L290 TraceCheckUtils]: 9: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,841 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11161#true} {11161#true} #1041#return; {11161#true} is VALID [2022-02-20 17:58:40,841 INFO L290 TraceCheckUtils]: 11: Hoare triple {11161#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11161#true} is VALID [2022-02-20 17:58:40,841 INFO L272 TraceCheckUtils]: 12: Hoare triple {11161#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11161#true} is VALID [2022-02-20 17:58:40,841 INFO L290 TraceCheckUtils]: 13: Hoare triple {11161#true} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,841 INFO L290 TraceCheckUtils]: 14: Hoare triple {11161#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,841 INFO L290 TraceCheckUtils]: 15: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,842 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11161#true} {11161#true} #1043#return; {11161#true} is VALID [2022-02-20 17:58:40,842 INFO L290 TraceCheckUtils]: 17: Hoare triple {11161#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11298#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:40,842 INFO L272 TraceCheckUtils]: 18: Hoare triple {11298#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11161#true} is VALID [2022-02-20 17:58:40,842 INFO L290 TraceCheckUtils]: 19: Hoare triple {11161#true} ~handle := #in~handle;~value := #in~value; {11161#true} is VALID [2022-02-20 17:58:40,843 INFO L290 TraceCheckUtils]: 20: Hoare triple {11161#true} assume !(1 == ~handle); {11161#true} is VALID [2022-02-20 17:58:40,843 INFO L290 TraceCheckUtils]: 21: Hoare triple {11161#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11161#true} is VALID [2022-02-20 17:58:40,843 INFO L290 TraceCheckUtils]: 22: Hoare triple {11161#true} assume true; {11161#true} is VALID [2022-02-20 17:58:40,843 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11161#true} {11298#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1045#return; {11298#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:40,844 INFO L290 TraceCheckUtils]: 24: Hoare triple {11298#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {11298#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:40,844 INFO L272 TraceCheckUtils]: 25: Hoare triple {11298#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11161#true} is VALID [2022-02-20 17:58:40,844 INFO L290 TraceCheckUtils]: 26: Hoare triple {11161#true} ~handle := #in~handle;~value := #in~value; {11326#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:58:40,845 INFO L290 TraceCheckUtils]: 27: Hoare triple {11326#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11330#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:40,845 INFO L290 TraceCheckUtils]: 28: Hoare triple {11330#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {11330#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:40,846 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11330#(<= |setClientPrivateKey_#in~handle| 1)} {11298#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1047#return; {11162#false} is VALID [2022-02-20 17:58:40,846 INFO L290 TraceCheckUtils]: 30: Hoare triple {11162#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11162#false} is VALID [2022-02-20 17:58:40,846 INFO L272 TraceCheckUtils]: 31: Hoare triple {11162#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11162#false} is VALID [2022-02-20 17:58:40,846 INFO L290 TraceCheckUtils]: 32: Hoare triple {11162#false} ~handle := #in~handle;~value := #in~value; {11162#false} is VALID [2022-02-20 17:58:40,846 INFO L290 TraceCheckUtils]: 33: Hoare triple {11162#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11162#false} is VALID [2022-02-20 17:58:40,847 INFO L290 TraceCheckUtils]: 34: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,847 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11162#false} {11162#false} #1049#return; {11162#false} is VALID [2022-02-20 17:58:40,847 INFO L290 TraceCheckUtils]: 36: Hoare triple {11162#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11162#false} is VALID [2022-02-20 17:58:40,847 INFO L272 TraceCheckUtils]: 37: Hoare triple {11162#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11162#false} is VALID [2022-02-20 17:58:40,847 INFO L290 TraceCheckUtils]: 38: Hoare triple {11162#false} ~handle := #in~handle;~value := #in~value; {11162#false} is VALID [2022-02-20 17:58:40,847 INFO L290 TraceCheckUtils]: 39: Hoare triple {11162#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11162#false} is VALID [2022-02-20 17:58:40,848 INFO L290 TraceCheckUtils]: 40: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,848 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11162#false} {11162#false} #1051#return; {11162#false} is VALID [2022-02-20 17:58:40,848 INFO L290 TraceCheckUtils]: 42: Hoare triple {11162#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {11162#false} is VALID [2022-02-20 17:58:40,848 INFO L290 TraceCheckUtils]: 43: Hoare triple {11162#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11162#false} is VALID [2022-02-20 17:58:40,848 INFO L290 TraceCheckUtils]: 44: Hoare triple {11162#false} assume !false; {11162#false} is VALID [2022-02-20 17:58:40,848 INFO L290 TraceCheckUtils]: 45: Hoare triple {11162#false} assume test_~splverifierCounter~0#1 < 4; {11162#false} is VALID [2022-02-20 17:58:40,848 INFO L290 TraceCheckUtils]: 46: Hoare triple {11162#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11162#false} is VALID [2022-02-20 17:58:40,849 INFO L290 TraceCheckUtils]: 47: Hoare triple {11162#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {11162#false} is VALID [2022-02-20 17:58:40,849 INFO L290 TraceCheckUtils]: 48: Hoare triple {11162#false} assume !(0 != test_~tmp___9~0#1); {11162#false} is VALID [2022-02-20 17:58:40,849 INFO L290 TraceCheckUtils]: 49: Hoare triple {11162#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {11162#false} is VALID [2022-02-20 17:58:40,849 INFO L290 TraceCheckUtils]: 50: Hoare triple {11162#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {11162#false} is VALID [2022-02-20 17:58:40,849 INFO L290 TraceCheckUtils]: 51: Hoare triple {11162#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {11162#false} is VALID [2022-02-20 17:58:40,849 INFO L290 TraceCheckUtils]: 52: Hoare triple {11162#false} assume { :end_inline_setClientAutoResponse } true; {11162#false} is VALID [2022-02-20 17:58:40,850 INFO L290 TraceCheckUtils]: 53: Hoare triple {11162#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {11162#false} is VALID [2022-02-20 17:58:40,850 INFO L290 TraceCheckUtils]: 54: Hoare triple {11162#false} assume !false; {11162#false} is VALID [2022-02-20 17:58:40,850 INFO L290 TraceCheckUtils]: 55: Hoare triple {11162#false} assume !(test_~splverifierCounter~0#1 < 4); {11162#false} is VALID [2022-02-20 17:58:40,850 INFO L290 TraceCheckUtils]: 56: Hoare triple {11162#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {11162#false} is VALID [2022-02-20 17:58:40,850 INFO L272 TraceCheckUtils]: 57: Hoare triple {11162#false} call sendEmail(~bob~0, ~rjh~0); {11162#false} is VALID [2022-02-20 17:58:40,850 INFO L290 TraceCheckUtils]: 58: Hoare triple {11162#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11162#false} is VALID [2022-02-20 17:58:40,850 INFO L272 TraceCheckUtils]: 59: Hoare triple {11162#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11162#false} is VALID [2022-02-20 17:58:40,851 INFO L290 TraceCheckUtils]: 60: Hoare triple {11162#false} ~handle := #in~handle;~value := #in~value; {11162#false} is VALID [2022-02-20 17:58:40,851 INFO L290 TraceCheckUtils]: 61: Hoare triple {11162#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11162#false} is VALID [2022-02-20 17:58:40,851 INFO L290 TraceCheckUtils]: 62: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,851 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {11162#false} {11162#false} #1027#return; {11162#false} is VALID [2022-02-20 17:58:40,851 INFO L272 TraceCheckUtils]: 64: Hoare triple {11162#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11162#false} is VALID [2022-02-20 17:58:40,851 INFO L290 TraceCheckUtils]: 65: Hoare triple {11162#false} ~handle := #in~handle;~value := #in~value; {11162#false} is VALID [2022-02-20 17:58:40,851 INFO L290 TraceCheckUtils]: 66: Hoare triple {11162#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11162#false} is VALID [2022-02-20 17:58:40,852 INFO L290 TraceCheckUtils]: 67: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,852 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {11162#false} {11162#false} #1029#return; {11162#false} is VALID [2022-02-20 17:58:40,852 INFO L290 TraceCheckUtils]: 69: Hoare triple {11162#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {11162#false} is VALID [2022-02-20 17:58:40,852 INFO L290 TraceCheckUtils]: 70: Hoare triple {11162#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {11162#false} is VALID [2022-02-20 17:58:40,852 INFO L272 TraceCheckUtils]: 71: Hoare triple {11162#false} call outgoing(~sender#1, ~email~0#1); {11162#false} is VALID [2022-02-20 17:58:40,852 INFO L290 TraceCheckUtils]: 72: Hoare triple {11162#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {11162#false} is VALID [2022-02-20 17:58:40,853 INFO L272 TraceCheckUtils]: 73: Hoare triple {11162#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {11162#false} is VALID [2022-02-20 17:58:40,853 INFO L290 TraceCheckUtils]: 74: Hoare triple {11162#false} ~handle := #in~handle;havoc ~retValue_acc~35; {11162#false} is VALID [2022-02-20 17:58:40,853 INFO L290 TraceCheckUtils]: 75: Hoare triple {11162#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11162#false} is VALID [2022-02-20 17:58:40,853 INFO L290 TraceCheckUtils]: 76: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,853 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {11162#false} {11162#false} #971#return; {11162#false} is VALID [2022-02-20 17:58:40,853 INFO L290 TraceCheckUtils]: 78: Hoare triple {11162#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {11162#false} is VALID [2022-02-20 17:58:40,853 INFO L290 TraceCheckUtils]: 79: Hoare triple {11162#false} assume 0 == sign_~privkey~1#1; {11162#false} is VALID [2022-02-20 17:58:40,854 INFO L290 TraceCheckUtils]: 80: Hoare triple {11162#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {11162#false} is VALID [2022-02-20 17:58:40,854 INFO L272 TraceCheckUtils]: 81: Hoare triple {11162#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {11162#false} is VALID [2022-02-20 17:58:40,854 INFO L290 TraceCheckUtils]: 82: Hoare triple {11162#false} ~handle := #in~handle;havoc ~retValue_acc~7; {11162#false} is VALID [2022-02-20 17:58:40,854 INFO L290 TraceCheckUtils]: 83: Hoare triple {11162#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {11162#false} is VALID [2022-02-20 17:58:40,854 INFO L290 TraceCheckUtils]: 84: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,854 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {11162#false} {11162#false} #973#return; {11162#false} is VALID [2022-02-20 17:58:40,855 INFO L290 TraceCheckUtils]: 86: Hoare triple {11162#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {11162#false} is VALID [2022-02-20 17:58:40,855 INFO L272 TraceCheckUtils]: 87: Hoare triple {11162#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {11162#false} is VALID [2022-02-20 17:58:40,855 INFO L290 TraceCheckUtils]: 88: Hoare triple {11162#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {11162#false} is VALID [2022-02-20 17:58:40,855 INFO L290 TraceCheckUtils]: 89: Hoare triple {11162#false} assume 1 == ~handle; {11162#false} is VALID [2022-02-20 17:58:40,855 INFO L290 TraceCheckUtils]: 90: Hoare triple {11162#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {11162#false} is VALID [2022-02-20 17:58:40,855 INFO L290 TraceCheckUtils]: 91: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,855 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {11162#false} {11162#false} #975#return; {11162#false} is VALID [2022-02-20 17:58:40,856 INFO L290 TraceCheckUtils]: 93: Hoare triple {11162#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {11162#false} is VALID [2022-02-20 17:58:40,856 INFO L290 TraceCheckUtils]: 94: Hoare triple {11162#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {11162#false} is VALID [2022-02-20 17:58:40,856 INFO L290 TraceCheckUtils]: 95: Hoare triple {11162#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {11162#false} is VALID [2022-02-20 17:58:40,856 INFO L290 TraceCheckUtils]: 96: Hoare triple {11162#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {11162#false} is VALID [2022-02-20 17:58:40,856 INFO L290 TraceCheckUtils]: 97: Hoare triple {11162#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {11162#false} is VALID [2022-02-20 17:58:40,856 INFO L272 TraceCheckUtils]: 98: Hoare triple {11162#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {11162#false} is VALID [2022-02-20 17:58:40,857 INFO L290 TraceCheckUtils]: 99: Hoare triple {11162#false} ~handle := #in~handle;~value := #in~value; {11162#false} is VALID [2022-02-20 17:58:40,857 INFO L290 TraceCheckUtils]: 100: Hoare triple {11162#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11162#false} is VALID [2022-02-20 17:58:40,857 INFO L290 TraceCheckUtils]: 101: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,857 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {11162#false} {11162#false} #981#return; {11162#false} is VALID [2022-02-20 17:58:40,857 INFO L290 TraceCheckUtils]: 103: Hoare triple {11162#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {11162#false} is VALID [2022-02-20 17:58:40,857 INFO L272 TraceCheckUtils]: 104: Hoare triple {11162#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {11162#false} is VALID [2022-02-20 17:58:40,857 INFO L290 TraceCheckUtils]: 105: Hoare triple {11162#false} ~handle := #in~handle;havoc ~retValue_acc~12; {11162#false} is VALID [2022-02-20 17:58:40,858 INFO L290 TraceCheckUtils]: 106: Hoare triple {11162#false} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {11162#false} is VALID [2022-02-20 17:58:40,858 INFO L290 TraceCheckUtils]: 107: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,858 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {11162#false} {11162#false} #983#return; {11162#false} is VALID [2022-02-20 17:58:40,858 INFO L290 TraceCheckUtils]: 109: Hoare triple {11162#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {11162#false} is VALID [2022-02-20 17:58:40,858 INFO L290 TraceCheckUtils]: 110: Hoare triple {11162#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {11162#false} is VALID [2022-02-20 17:58:40,858 INFO L272 TraceCheckUtils]: 111: Hoare triple {11162#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {11162#false} is VALID [2022-02-20 17:58:40,858 INFO L290 TraceCheckUtils]: 112: Hoare triple {11162#false} ~handle := #in~handle;havoc ~retValue_acc~7; {11162#false} is VALID [2022-02-20 17:58:40,859 INFO L290 TraceCheckUtils]: 113: Hoare triple {11162#false} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {11162#false} is VALID [2022-02-20 17:58:40,859 INFO L290 TraceCheckUtils]: 114: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,859 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {11162#false} {11162#false} #985#return; {11162#false} is VALID [2022-02-20 17:58:40,859 INFO L290 TraceCheckUtils]: 116: Hoare triple {11162#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {11162#false} is VALID [2022-02-20 17:58:40,859 INFO L272 TraceCheckUtils]: 117: Hoare triple {11162#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {11162#false} is VALID [2022-02-20 17:58:40,859 INFO L290 TraceCheckUtils]: 118: Hoare triple {11162#false} ~handle := #in~handle;havoc ~retValue_acc~35; {11162#false} is VALID [2022-02-20 17:58:40,860 INFO L290 TraceCheckUtils]: 119: Hoare triple {11162#false} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {11162#false} is VALID [2022-02-20 17:58:40,860 INFO L290 TraceCheckUtils]: 120: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,860 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {11162#false} {11162#false} #987#return; {11162#false} is VALID [2022-02-20 17:58:40,860 INFO L290 TraceCheckUtils]: 122: Hoare triple {11162#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {11162#false} is VALID [2022-02-20 17:58:40,860 INFO L290 TraceCheckUtils]: 123: Hoare triple {11162#false} assume !(0 != incoming_~privkey~0#1); {11162#false} is VALID [2022-02-20 17:58:40,860 INFO L290 TraceCheckUtils]: 124: Hoare triple {11162#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {11162#false} is VALID [2022-02-20 17:58:40,860 INFO L290 TraceCheckUtils]: 125: Hoare triple {11162#false} assume 1 == ~sent_signed~0; {11162#false} is VALID [2022-02-20 17:58:40,861 INFO L272 TraceCheckUtils]: 126: Hoare triple {11162#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {11162#false} is VALID [2022-02-20 17:58:40,861 INFO L290 TraceCheckUtils]: 127: Hoare triple {11162#false} ~handle := #in~handle;havoc ~retValue_acc~6; {11162#false} is VALID [2022-02-20 17:58:40,861 INFO L290 TraceCheckUtils]: 128: Hoare triple {11162#false} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {11162#false} is VALID [2022-02-20 17:58:40,861 INFO L290 TraceCheckUtils]: 129: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,861 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {11162#false} {11162#false} #999#return; {11162#false} is VALID [2022-02-20 17:58:40,861 INFO L290 TraceCheckUtils]: 131: Hoare triple {11162#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {11162#false} is VALID [2022-02-20 17:58:40,861 INFO L272 TraceCheckUtils]: 132: Hoare triple {11162#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {11162#false} is VALID [2022-02-20 17:58:40,862 INFO L290 TraceCheckUtils]: 133: Hoare triple {11162#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {11162#false} is VALID [2022-02-20 17:58:40,862 INFO L290 TraceCheckUtils]: 134: Hoare triple {11162#false} assume 1 == ~handle; {11162#false} is VALID [2022-02-20 17:58:40,862 INFO L290 TraceCheckUtils]: 135: Hoare triple {11162#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {11162#false} is VALID [2022-02-20 17:58:40,862 INFO L290 TraceCheckUtils]: 136: Hoare triple {11162#false} assume true; {11162#false} is VALID [2022-02-20 17:58:40,862 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {11162#false} {11162#false} #1001#return; {11162#false} is VALID [2022-02-20 17:58:40,862 INFO L290 TraceCheckUtils]: 138: Hoare triple {11162#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {11162#false} is VALID [2022-02-20 17:58:40,862 INFO L290 TraceCheckUtils]: 139: Hoare triple {11162#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {11162#false} is VALID [2022-02-20 17:58:40,863 INFO L272 TraceCheckUtils]: 140: Hoare triple {11162#false} call __automaton_fail(); {11162#false} is VALID [2022-02-20 17:58:40,863 INFO L290 TraceCheckUtils]: 141: Hoare triple {11162#false} assume !false; {11162#false} is VALID [2022-02-20 17:58:40,863 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:58:40,863 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:40,864 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1812919027] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:40,864 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:40,864 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:58:40,864 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1573886249] [2022-02-20 17:58:40,864 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:40,865 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) Word has length 142 [2022-02-20 17:58:40,865 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:40,865 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:40,965 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 126 edges. 126 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:40,966 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:40,966 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:40,966 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:40,967 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:58:40,967 INFO L87 Difference]: Start difference. First operand 403 states and 605 transitions. Second operand has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:42,018 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:42,018 INFO L93 Difference]: Finished difference Result 795 states and 1199 transitions. [2022-02-20 17:58:42,019 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:58:42,019 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) Word has length 142 [2022-02-20 17:58:42,019 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:42,019 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:42,030 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1021 transitions. [2022-02-20 17:58:42,030 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:42,048 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1021 transitions. [2022-02-20 17:58:42,049 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1021 transitions. [2022-02-20 17:58:42,763 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1021 edges. 1021 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:42,778 INFO L225 Difference]: With dead ends: 795 [2022-02-20 17:58:42,778 INFO L226 Difference]: Without dead ends: 405 [2022-02-20 17:58:42,779 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 182 GetRequests, 168 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:58:42,780 INFO L933 BasicCegarLoop]: 505 mSDtfsCounter, 124 mSDsluCounter, 1368 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 1873 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:42,780 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 1873 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 17:58:42,781 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 405 states. [2022-02-20 17:58:42,874 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 405 to 405. [2022-02-20 17:58:42,874 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:42,875 INFO L82 GeneralOperation]: Start isEquivalent. First operand 405 states. Second operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) [2022-02-20 17:58:42,876 INFO L74 IsIncluded]: Start isIncluded. First operand 405 states. Second operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) [2022-02-20 17:58:42,877 INFO L87 Difference]: Start difference. First operand 405 states. Second operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) [2022-02-20 17:58:42,893 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:42,893 INFO L93 Difference]: Finished difference Result 405 states and 611 transitions. [2022-02-20 17:58:42,893 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 611 transitions. [2022-02-20 17:58:42,895 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:42,895 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:42,897 INFO L74 IsIncluded]: Start isIncluded. First operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) Second operand 405 states. [2022-02-20 17:58:42,898 INFO L87 Difference]: Start difference. First operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) Second operand 405 states. [2022-02-20 17:58:42,911 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:42,911 INFO L93 Difference]: Finished difference Result 405 states and 611 transitions. [2022-02-20 17:58:42,911 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 611 transitions. [2022-02-20 17:58:42,913 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:42,913 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:42,913 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:42,913 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:42,914 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) [2022-02-20 17:58:42,930 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 405 states to 405 states and 611 transitions. [2022-02-20 17:58:42,931 INFO L78 Accepts]: Start accepts. Automaton has 405 states and 611 transitions. Word has length 142 [2022-02-20 17:58:42,931 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:42,931 INFO L470 AbstractCegarLoop]: Abstraction has 405 states and 611 transitions. [2022-02-20 17:58:42,932 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 17.8) internal successors, (89), 5 states have internal predecessors, (89), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:42,932 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 611 transitions. [2022-02-20 17:58:42,934 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 144 [2022-02-20 17:58:42,934 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:42,934 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:42,958 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:43,147 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:43,147 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:43,148 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:43,148 INFO L85 PathProgramCache]: Analyzing trace with hash 21931431, now seen corresponding path program 1 times [2022-02-20 17:58:43,148 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:43,148 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1712936215] [2022-02-20 17:58:43,148 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:43,148 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:43,183 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,217 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:43,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,220 INFO L290 TraceCheckUtils]: 0: Hoare triple {14256#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,220 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,221 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,222 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14181#true} #1041#return; {14181#true} is VALID [2022-02-20 17:58:43,227 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:43,230 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {14257#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,232 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,232 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14181#true} #1043#return; {14181#true} is VALID [2022-02-20 17:58:43,232 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:43,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,236 INFO L290 TraceCheckUtils]: 0: Hoare triple {14256#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,236 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume !(1 == ~handle); {14181#true} is VALID [2022-02-20 17:58:43,237 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,237 INFO L290 TraceCheckUtils]: 3: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,237 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14181#true} {14181#true} #1045#return; {14181#true} is VALID [2022-02-20 17:58:43,237 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:43,247 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,249 INFO L290 TraceCheckUtils]: 0: Hoare triple {14257#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume !(1 == ~handle); {14181#true} is VALID [2022-02-20 17:58:43,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,250 INFO L290 TraceCheckUtils]: 3: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,250 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14181#true} {14181#true} #1047#return; {14181#true} is VALID [2022-02-20 17:58:43,251 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:43,252 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,264 INFO L290 TraceCheckUtils]: 0: Hoare triple {14256#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14258#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,265 INFO L290 TraceCheckUtils]: 1: Hoare triple {14258#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14259#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:43,265 INFO L290 TraceCheckUtils]: 2: Hoare triple {14259#(= |setClientId_#in~handle| 1)} assume true; {14259#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:43,266 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14259#(= |setClientId_#in~handle| 1)} {14201#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1049#return; {14182#false} is VALID [2022-02-20 17:58:43,266 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:43,268 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,271 INFO L290 TraceCheckUtils]: 0: Hoare triple {14257#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,271 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,271 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,271 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #1051#return; {14182#false} is VALID [2022-02-20 17:58:43,278 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:58:43,279 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,281 INFO L290 TraceCheckUtils]: 0: Hoare triple {14260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,281 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,281 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,281 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #1027#return; {14182#false} is VALID [2022-02-20 17:58:43,288 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:58:43,289 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {14261#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,293 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,293 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #1029#return; {14182#false} is VALID [2022-02-20 17:58:43,293 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:58:43,294 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~35; {14181#true} is VALID [2022-02-20 17:58:43,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {14181#true} is VALID [2022-02-20 17:58:43,296 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,296 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #971#return; {14182#false} is VALID [2022-02-20 17:58:43,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:58:43,297 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,300 INFO L290 TraceCheckUtils]: 0: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~7; {14181#true} is VALID [2022-02-20 17:58:43,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {14181#true} is VALID [2022-02-20 17:58:43,300 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,301 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #973#return; {14182#false} is VALID [2022-02-20 17:58:43,301 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:58:43,302 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {14181#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {14181#true} is VALID [2022-02-20 17:58:43,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle; {14181#true} is VALID [2022-02-20 17:58:43,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {14181#true} is VALID [2022-02-20 17:58:43,307 INFO L290 TraceCheckUtils]: 3: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,307 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14181#true} {14182#false} #975#return; {14182#false} is VALID [2022-02-20 17:58:43,307 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:58:43,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,312 INFO L290 TraceCheckUtils]: 0: Hoare triple {14260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,312 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,312 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,312 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #981#return; {14182#false} is VALID [2022-02-20 17:58:43,312 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:58:43,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,315 INFO L290 TraceCheckUtils]: 0: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~12; {14181#true} is VALID [2022-02-20 17:58:43,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {14181#true} is VALID [2022-02-20 17:58:43,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,316 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #983#return; {14182#false} is VALID [2022-02-20 17:58:43,316 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:58:43,316 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,318 INFO L290 TraceCheckUtils]: 0: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~7; {14181#true} is VALID [2022-02-20 17:58:43,318 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {14181#true} is VALID [2022-02-20 17:58:43,318 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,319 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #985#return; {14182#false} is VALID [2022-02-20 17:58:43,319 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:58:43,319 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,321 INFO L290 TraceCheckUtils]: 0: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~35; {14181#true} is VALID [2022-02-20 17:58:43,321 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {14181#true} is VALID [2022-02-20 17:58:43,321 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,321 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #987#return; {14182#false} is VALID [2022-02-20 17:58:43,322 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 17:58:43,322 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,324 INFO L290 TraceCheckUtils]: 0: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~6; {14181#true} is VALID [2022-02-20 17:58:43,324 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {14181#true} is VALID [2022-02-20 17:58:43,324 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,325 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14181#true} {14182#false} #999#return; {14182#false} is VALID [2022-02-20 17:58:43,325 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 17:58:43,326 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,327 INFO L290 TraceCheckUtils]: 0: Hoare triple {14181#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {14181#true} is VALID [2022-02-20 17:58:43,327 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume 1 == ~handle; {14181#true} is VALID [2022-02-20 17:58:43,328 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {14181#true} is VALID [2022-02-20 17:58:43,328 INFO L290 TraceCheckUtils]: 3: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,328 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14181#true} {14182#false} #1001#return; {14182#false} is VALID [2022-02-20 17:58:43,328 INFO L290 TraceCheckUtils]: 0: Hoare triple {14181#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {14181#true} is VALID [2022-02-20 17:58:43,328 INFO L290 TraceCheckUtils]: 1: Hoare triple {14181#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {14181#true} is VALID [2022-02-20 17:58:43,329 INFO L290 TraceCheckUtils]: 2: Hoare triple {14181#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14181#true} is VALID [2022-02-20 17:58:43,329 INFO L290 TraceCheckUtils]: 3: Hoare triple {14181#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {14181#true} is VALID [2022-02-20 17:58:43,329 INFO L290 TraceCheckUtils]: 4: Hoare triple {14181#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {14181#true} is VALID [2022-02-20 17:58:43,329 INFO L290 TraceCheckUtils]: 5: Hoare triple {14181#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14181#true} is VALID [2022-02-20 17:58:43,330 INFO L272 TraceCheckUtils]: 6: Hoare triple {14181#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14256#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,330 INFO L290 TraceCheckUtils]: 7: Hoare triple {14256#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,330 INFO L290 TraceCheckUtils]: 8: Hoare triple {14181#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,330 INFO L290 TraceCheckUtils]: 9: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,330 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14181#true} {14181#true} #1041#return; {14181#true} is VALID [2022-02-20 17:58:43,330 INFO L290 TraceCheckUtils]: 11: Hoare triple {14181#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14181#true} is VALID [2022-02-20 17:58:43,331 INFO L272 TraceCheckUtils]: 12: Hoare triple {14181#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14257#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,331 INFO L290 TraceCheckUtils]: 13: Hoare triple {14257#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,331 INFO L290 TraceCheckUtils]: 14: Hoare triple {14181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,332 INFO L290 TraceCheckUtils]: 15: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,332 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14181#true} {14181#true} #1043#return; {14181#true} is VALID [2022-02-20 17:58:43,332 INFO L290 TraceCheckUtils]: 17: Hoare triple {14181#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14181#true} is VALID [2022-02-20 17:58:43,333 INFO L272 TraceCheckUtils]: 18: Hoare triple {14181#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14256#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,333 INFO L290 TraceCheckUtils]: 19: Hoare triple {14256#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,333 INFO L290 TraceCheckUtils]: 20: Hoare triple {14181#true} assume !(1 == ~handle); {14181#true} is VALID [2022-02-20 17:58:43,333 INFO L290 TraceCheckUtils]: 21: Hoare triple {14181#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,333 INFO L290 TraceCheckUtils]: 22: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,333 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14181#true} {14181#true} #1045#return; {14181#true} is VALID [2022-02-20 17:58:43,333 INFO L290 TraceCheckUtils]: 24: Hoare triple {14181#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14181#true} is VALID [2022-02-20 17:58:43,334 INFO L272 TraceCheckUtils]: 25: Hoare triple {14181#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14257#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,334 INFO L290 TraceCheckUtils]: 26: Hoare triple {14257#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,334 INFO L290 TraceCheckUtils]: 27: Hoare triple {14181#true} assume !(1 == ~handle); {14181#true} is VALID [2022-02-20 17:58:43,335 INFO L290 TraceCheckUtils]: 28: Hoare triple {14181#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,335 INFO L290 TraceCheckUtils]: 29: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,335 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14181#true} {14181#true} #1047#return; {14181#true} is VALID [2022-02-20 17:58:43,335 INFO L290 TraceCheckUtils]: 31: Hoare triple {14181#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14201#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:43,336 INFO L272 TraceCheckUtils]: 32: Hoare triple {14201#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14256#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,336 INFO L290 TraceCheckUtils]: 33: Hoare triple {14256#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14258#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,337 INFO L290 TraceCheckUtils]: 34: Hoare triple {14258#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14259#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:43,337 INFO L290 TraceCheckUtils]: 35: Hoare triple {14259#(= |setClientId_#in~handle| 1)} assume true; {14259#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:43,338 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {14259#(= |setClientId_#in~handle| 1)} {14201#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1049#return; {14182#false} is VALID [2022-02-20 17:58:43,338 INFO L290 TraceCheckUtils]: 37: Hoare triple {14182#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {14182#false} is VALID [2022-02-20 17:58:43,338 INFO L272 TraceCheckUtils]: 38: Hoare triple {14182#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14257#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,338 INFO L290 TraceCheckUtils]: 39: Hoare triple {14257#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,338 INFO L290 TraceCheckUtils]: 40: Hoare triple {14181#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,338 INFO L290 TraceCheckUtils]: 41: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,339 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {14181#true} {14182#false} #1051#return; {14182#false} is VALID [2022-02-20 17:58:43,339 INFO L290 TraceCheckUtils]: 43: Hoare triple {14182#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {14182#false} is VALID [2022-02-20 17:58:43,339 INFO L290 TraceCheckUtils]: 44: Hoare triple {14182#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14182#false} is VALID [2022-02-20 17:58:43,339 INFO L290 TraceCheckUtils]: 45: Hoare triple {14182#false} assume !false; {14182#false} is VALID [2022-02-20 17:58:43,339 INFO L290 TraceCheckUtils]: 46: Hoare triple {14182#false} assume test_~splverifierCounter~0#1 < 4; {14182#false} is VALID [2022-02-20 17:58:43,339 INFO L290 TraceCheckUtils]: 47: Hoare triple {14182#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14182#false} is VALID [2022-02-20 17:58:43,340 INFO L290 TraceCheckUtils]: 48: Hoare triple {14182#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {14182#false} is VALID [2022-02-20 17:58:43,340 INFO L290 TraceCheckUtils]: 49: Hoare triple {14182#false} assume !(0 != test_~tmp___9~0#1); {14182#false} is VALID [2022-02-20 17:58:43,340 INFO L290 TraceCheckUtils]: 50: Hoare triple {14182#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {14182#false} is VALID [2022-02-20 17:58:43,340 INFO L290 TraceCheckUtils]: 51: Hoare triple {14182#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {14182#false} is VALID [2022-02-20 17:58:43,340 INFO L290 TraceCheckUtils]: 52: Hoare triple {14182#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {14182#false} is VALID [2022-02-20 17:58:43,340 INFO L290 TraceCheckUtils]: 53: Hoare triple {14182#false} assume { :end_inline_setClientAutoResponse } true; {14182#false} is VALID [2022-02-20 17:58:43,340 INFO L290 TraceCheckUtils]: 54: Hoare triple {14182#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {14182#false} is VALID [2022-02-20 17:58:43,341 INFO L290 TraceCheckUtils]: 55: Hoare triple {14182#false} assume !false; {14182#false} is VALID [2022-02-20 17:58:43,341 INFO L290 TraceCheckUtils]: 56: Hoare triple {14182#false} assume !(test_~splverifierCounter~0#1 < 4); {14182#false} is VALID [2022-02-20 17:58:43,341 INFO L290 TraceCheckUtils]: 57: Hoare triple {14182#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {14182#false} is VALID [2022-02-20 17:58:43,341 INFO L272 TraceCheckUtils]: 58: Hoare triple {14182#false} call sendEmail(~bob~0, ~rjh~0); {14182#false} is VALID [2022-02-20 17:58:43,341 INFO L290 TraceCheckUtils]: 59: Hoare triple {14182#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14182#false} is VALID [2022-02-20 17:58:43,341 INFO L272 TraceCheckUtils]: 60: Hoare triple {14182#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:43,342 INFO L290 TraceCheckUtils]: 61: Hoare triple {14260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,342 INFO L290 TraceCheckUtils]: 62: Hoare triple {14181#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,342 INFO L290 TraceCheckUtils]: 63: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,342 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {14181#true} {14182#false} #1027#return; {14182#false} is VALID [2022-02-20 17:58:43,342 INFO L272 TraceCheckUtils]: 65: Hoare triple {14182#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {14261#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:43,342 INFO L290 TraceCheckUtils]: 66: Hoare triple {14261#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,342 INFO L290 TraceCheckUtils]: 67: Hoare triple {14181#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,343 INFO L290 TraceCheckUtils]: 68: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,343 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {14181#true} {14182#false} #1029#return; {14182#false} is VALID [2022-02-20 17:58:43,343 INFO L290 TraceCheckUtils]: 70: Hoare triple {14182#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {14182#false} is VALID [2022-02-20 17:58:43,343 INFO L290 TraceCheckUtils]: 71: Hoare triple {14182#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {14182#false} is VALID [2022-02-20 17:58:43,343 INFO L272 TraceCheckUtils]: 72: Hoare triple {14182#false} call outgoing(~sender#1, ~email~0#1); {14182#false} is VALID [2022-02-20 17:58:43,343 INFO L290 TraceCheckUtils]: 73: Hoare triple {14182#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {14182#false} is VALID [2022-02-20 17:58:43,343 INFO L272 TraceCheckUtils]: 74: Hoare triple {14182#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {14181#true} is VALID [2022-02-20 17:58:43,344 INFO L290 TraceCheckUtils]: 75: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~35; {14181#true} is VALID [2022-02-20 17:58:43,344 INFO L290 TraceCheckUtils]: 76: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {14181#true} is VALID [2022-02-20 17:58:43,344 INFO L290 TraceCheckUtils]: 77: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,344 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {14181#true} {14182#false} #971#return; {14182#false} is VALID [2022-02-20 17:58:43,344 INFO L290 TraceCheckUtils]: 79: Hoare triple {14182#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {14182#false} is VALID [2022-02-20 17:58:43,344 INFO L290 TraceCheckUtils]: 80: Hoare triple {14182#false} assume 0 == sign_~privkey~1#1; {14182#false} is VALID [2022-02-20 17:58:43,345 INFO L290 TraceCheckUtils]: 81: Hoare triple {14182#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {14182#false} is VALID [2022-02-20 17:58:43,345 INFO L272 TraceCheckUtils]: 82: Hoare triple {14182#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {14181#true} is VALID [2022-02-20 17:58:43,345 INFO L290 TraceCheckUtils]: 83: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~7; {14181#true} is VALID [2022-02-20 17:58:43,345 INFO L290 TraceCheckUtils]: 84: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {14181#true} is VALID [2022-02-20 17:58:43,345 INFO L290 TraceCheckUtils]: 85: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,345 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {14181#true} {14182#false} #973#return; {14182#false} is VALID [2022-02-20 17:58:43,345 INFO L290 TraceCheckUtils]: 87: Hoare triple {14182#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {14182#false} is VALID [2022-02-20 17:58:43,346 INFO L272 TraceCheckUtils]: 88: Hoare triple {14182#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {14181#true} is VALID [2022-02-20 17:58:43,346 INFO L290 TraceCheckUtils]: 89: Hoare triple {14181#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {14181#true} is VALID [2022-02-20 17:58:43,346 INFO L290 TraceCheckUtils]: 90: Hoare triple {14181#true} assume 1 == ~handle; {14181#true} is VALID [2022-02-20 17:58:43,346 INFO L290 TraceCheckUtils]: 91: Hoare triple {14181#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {14181#true} is VALID [2022-02-20 17:58:43,346 INFO L290 TraceCheckUtils]: 92: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,346 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {14181#true} {14182#false} #975#return; {14182#false} is VALID [2022-02-20 17:58:43,346 INFO L290 TraceCheckUtils]: 94: Hoare triple {14182#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {14182#false} is VALID [2022-02-20 17:58:43,347 INFO L290 TraceCheckUtils]: 95: Hoare triple {14182#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {14182#false} is VALID [2022-02-20 17:58:43,347 INFO L290 TraceCheckUtils]: 96: Hoare triple {14182#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {14182#false} is VALID [2022-02-20 17:58:43,347 INFO L290 TraceCheckUtils]: 97: Hoare triple {14182#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {14182#false} is VALID [2022-02-20 17:58:43,347 INFO L290 TraceCheckUtils]: 98: Hoare triple {14182#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {14182#false} is VALID [2022-02-20 17:58:43,347 INFO L272 TraceCheckUtils]: 99: Hoare triple {14182#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {14260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:43,347 INFO L290 TraceCheckUtils]: 100: Hoare triple {14260#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14181#true} is VALID [2022-02-20 17:58:43,348 INFO L290 TraceCheckUtils]: 101: Hoare triple {14181#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14181#true} is VALID [2022-02-20 17:58:43,348 INFO L290 TraceCheckUtils]: 102: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,348 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {14181#true} {14182#false} #981#return; {14182#false} is VALID [2022-02-20 17:58:43,348 INFO L290 TraceCheckUtils]: 104: Hoare triple {14182#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {14182#false} is VALID [2022-02-20 17:58:43,348 INFO L272 TraceCheckUtils]: 105: Hoare triple {14182#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {14181#true} is VALID [2022-02-20 17:58:43,348 INFO L290 TraceCheckUtils]: 106: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~12; {14181#true} is VALID [2022-02-20 17:58:43,349 INFO L290 TraceCheckUtils]: 107: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {14181#true} is VALID [2022-02-20 17:58:43,349 INFO L290 TraceCheckUtils]: 108: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,349 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {14181#true} {14182#false} #983#return; {14182#false} is VALID [2022-02-20 17:58:43,349 INFO L290 TraceCheckUtils]: 110: Hoare triple {14182#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {14182#false} is VALID [2022-02-20 17:58:43,349 INFO L290 TraceCheckUtils]: 111: Hoare triple {14182#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {14182#false} is VALID [2022-02-20 17:58:43,349 INFO L272 TraceCheckUtils]: 112: Hoare triple {14182#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {14181#true} is VALID [2022-02-20 17:58:43,349 INFO L290 TraceCheckUtils]: 113: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~7; {14181#true} is VALID [2022-02-20 17:58:43,350 INFO L290 TraceCheckUtils]: 114: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {14181#true} is VALID [2022-02-20 17:58:43,350 INFO L290 TraceCheckUtils]: 115: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,350 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {14181#true} {14182#false} #985#return; {14182#false} is VALID [2022-02-20 17:58:43,350 INFO L290 TraceCheckUtils]: 117: Hoare triple {14182#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {14182#false} is VALID [2022-02-20 17:58:43,350 INFO L272 TraceCheckUtils]: 118: Hoare triple {14182#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {14181#true} is VALID [2022-02-20 17:58:43,350 INFO L290 TraceCheckUtils]: 119: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~35; {14181#true} is VALID [2022-02-20 17:58:43,350 INFO L290 TraceCheckUtils]: 120: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {14181#true} is VALID [2022-02-20 17:58:43,351 INFO L290 TraceCheckUtils]: 121: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,351 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {14181#true} {14182#false} #987#return; {14182#false} is VALID [2022-02-20 17:58:43,351 INFO L290 TraceCheckUtils]: 123: Hoare triple {14182#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {14182#false} is VALID [2022-02-20 17:58:43,351 INFO L290 TraceCheckUtils]: 124: Hoare triple {14182#false} assume !(0 != incoming_~privkey~0#1); {14182#false} is VALID [2022-02-20 17:58:43,351 INFO L290 TraceCheckUtils]: 125: Hoare triple {14182#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {14182#false} is VALID [2022-02-20 17:58:43,351 INFO L290 TraceCheckUtils]: 126: Hoare triple {14182#false} assume 1 == ~sent_signed~0; {14182#false} is VALID [2022-02-20 17:58:43,352 INFO L272 TraceCheckUtils]: 127: Hoare triple {14182#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {14181#true} is VALID [2022-02-20 17:58:43,352 INFO L290 TraceCheckUtils]: 128: Hoare triple {14181#true} ~handle := #in~handle;havoc ~retValue_acc~6; {14181#true} is VALID [2022-02-20 17:58:43,352 INFO L290 TraceCheckUtils]: 129: Hoare triple {14181#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {14181#true} is VALID [2022-02-20 17:58:43,352 INFO L290 TraceCheckUtils]: 130: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,352 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {14181#true} {14182#false} #999#return; {14182#false} is VALID [2022-02-20 17:58:43,352 INFO L290 TraceCheckUtils]: 132: Hoare triple {14182#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {14182#false} is VALID [2022-02-20 17:58:43,352 INFO L272 TraceCheckUtils]: 133: Hoare triple {14182#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {14181#true} is VALID [2022-02-20 17:58:43,353 INFO L290 TraceCheckUtils]: 134: Hoare triple {14181#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {14181#true} is VALID [2022-02-20 17:58:43,353 INFO L290 TraceCheckUtils]: 135: Hoare triple {14181#true} assume 1 == ~handle; {14181#true} is VALID [2022-02-20 17:58:43,353 INFO L290 TraceCheckUtils]: 136: Hoare triple {14181#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {14181#true} is VALID [2022-02-20 17:58:43,353 INFO L290 TraceCheckUtils]: 137: Hoare triple {14181#true} assume true; {14181#true} is VALID [2022-02-20 17:58:43,353 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {14181#true} {14182#false} #1001#return; {14182#false} is VALID [2022-02-20 17:58:43,353 INFO L290 TraceCheckUtils]: 139: Hoare triple {14182#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {14182#false} is VALID [2022-02-20 17:58:43,354 INFO L290 TraceCheckUtils]: 140: Hoare triple {14182#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {14182#false} is VALID [2022-02-20 17:58:43,354 INFO L272 TraceCheckUtils]: 141: Hoare triple {14182#false} call __automaton_fail(); {14182#false} is VALID [2022-02-20 17:58:43,354 INFO L290 TraceCheckUtils]: 142: Hoare triple {14182#false} assume !false; {14182#false} is VALID [2022-02-20 17:58:43,354 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:43,354 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:43,355 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1712936215] [2022-02-20 17:58:43,355 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1712936215] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:43,355 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:43,355 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:58:43,355 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [789984042] [2022-02-20 17:58:43,355 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:43,356 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 143 [2022-02-20 17:58:43,356 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:43,357 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:43,440 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 122 edges. 122 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:43,441 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:58:43,441 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:43,442 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:58:43,442 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:43,442 INFO L87 Difference]: Start difference. First operand 405 states and 611 transitions. Second operand has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:50,240 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:50,242 INFO L93 Difference]: Finished difference Result 910 states and 1376 transitions. [2022-02-20 17:58:50,242 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:58:50,242 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 143 [2022-02-20 17:58:50,243 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:50,243 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:50,259 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1190 transitions. [2022-02-20 17:58:50,260 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:50,277 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1190 transitions. [2022-02-20 17:58:50,277 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1190 transitions. [2022-02-20 17:58:51,338 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1190 edges. 1190 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:51,361 INFO L225 Difference]: With dead ends: 910 [2022-02-20 17:58:51,361 INFO L226 Difference]: Without dead ends: 528 [2022-02-20 17:58:51,363 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:58:51,363 INFO L933 BasicCegarLoop]: 586 mSDtfsCounter, 1237 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1950 mSolverCounterSat, 456 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1254 SdHoareTripleChecker+Valid, 1401 SdHoareTripleChecker+Invalid, 2406 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 456 IncrementalHoareTripleChecker+Valid, 1950 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:51,364 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1254 Valid, 1401 Invalid, 2406 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [456 Valid, 1950 Invalid, 0 Unknown, 0 Unchecked, 3.0s Time] [2022-02-20 17:58:51,365 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 528 states. [2022-02-20 17:58:51,466 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 528 to 405. [2022-02-20 17:58:51,466 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:51,468 INFO L82 GeneralOperation]: Start isEquivalent. First operand 528 states. Second operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (72), 66 states have call predecessors, (72), 66 states have call successors, (72) [2022-02-20 17:58:51,469 INFO L74 IsIncluded]: Start isIncluded. First operand 528 states. Second operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (72), 66 states have call predecessors, (72), 66 states have call successors, (72) [2022-02-20 17:58:51,470 INFO L87 Difference]: Start difference. First operand 528 states. Second operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (72), 66 states have call predecessors, (72), 66 states have call successors, (72) [2022-02-20 17:58:51,492 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:51,492 INFO L93 Difference]: Finished difference Result 528 states and 796 transitions. [2022-02-20 17:58:51,492 INFO L276 IsEmpty]: Start isEmpty. Operand 528 states and 796 transitions. [2022-02-20 17:58:51,495 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:51,496 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:51,497 INFO L74 IsIncluded]: Start isIncluded. First operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (72), 66 states have call predecessors, (72), 66 states have call successors, (72) Second operand 528 states. [2022-02-20 17:58:51,498 INFO L87 Difference]: Start difference. First operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (72), 66 states have call predecessors, (72), 66 states have call successors, (72) Second operand 528 states. [2022-02-20 17:58:51,518 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:51,519 INFO L93 Difference]: Finished difference Result 528 states and 796 transitions. [2022-02-20 17:58:51,519 INFO L276 IsEmpty]: Start isEmpty. Operand 528 states and 796 transitions. [2022-02-20 17:58:51,522 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:51,522 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:51,522 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:51,522 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:51,524 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 405 states, 310 states have (on average 1.5129032258064516) internal successors, (469), 316 states have internal predecessors, (469), 69 states have call successors, (69), 24 states have call predecessors, (69), 25 states have return successors, (72), 66 states have call predecessors, (72), 66 states have call successors, (72) [2022-02-20 17:58:51,539 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 405 states to 405 states and 610 transitions. [2022-02-20 17:58:51,540 INFO L78 Accepts]: Start accepts. Automaton has 405 states and 610 transitions. Word has length 143 [2022-02-20 17:58:51,540 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:51,540 INFO L470 AbstractCegarLoop]: Abstraction has 405 states and 610 transitions. [2022-02-20 17:58:51,540 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.625) internal successors, (85), 5 states have internal predecessors, (85), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:51,541 INFO L276 IsEmpty]: Start isEmpty. Operand 405 states and 610 transitions. [2022-02-20 17:58:51,543 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 145 [2022-02-20 17:58:51,543 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:51,543 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:51,543 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:58:51,543 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:51,544 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:51,544 INFO L85 PathProgramCache]: Analyzing trace with hash 1166385811, now seen corresponding path program 2 times [2022-02-20 17:58:51,544 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:51,544 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2051569790] [2022-02-20 17:58:51,544 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:51,545 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:51,585 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,619 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:51,621 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,623 INFO L290 TraceCheckUtils]: 0: Hoare triple {17287#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,623 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,623 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,623 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17211#true} #1041#return; {17211#true} is VALID [2022-02-20 17:58:51,629 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:51,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,632 INFO L290 TraceCheckUtils]: 0: Hoare triple {17288#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,633 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,633 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,633 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17211#true} #1043#return; {17211#true} is VALID [2022-02-20 17:58:51,634 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:51,635 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,637 INFO L290 TraceCheckUtils]: 0: Hoare triple {17287#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,638 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume !(1 == ~handle); {17211#true} is VALID [2022-02-20 17:58:51,638 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,638 INFO L290 TraceCheckUtils]: 3: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,638 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17211#true} {17211#true} #1045#return; {17211#true} is VALID [2022-02-20 17:58:51,638 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:51,640 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,641 INFO L290 TraceCheckUtils]: 0: Hoare triple {17288#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,641 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume !(1 == ~handle); {17211#true} is VALID [2022-02-20 17:58:51,642 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,642 INFO L290 TraceCheckUtils]: 3: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,642 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17211#true} {17211#true} #1047#return; {17211#true} is VALID [2022-02-20 17:58:51,642 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:51,644 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {17287#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17289#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {17289#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17289#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {17289#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17290#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,658 INFO L290 TraceCheckUtils]: 3: Hoare triple {17290#(= 2 |setClientId_#in~handle|)} assume true; {17290#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,658 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17290#(= 2 |setClientId_#in~handle|)} {17231#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1049#return; {17212#false} is VALID [2022-02-20 17:58:51,659 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:58:51,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,662 INFO L290 TraceCheckUtils]: 0: Hoare triple {17288#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,662 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,663 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,663 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #1051#return; {17212#false} is VALID [2022-02-20 17:58:51,669 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:51,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,672 INFO L290 TraceCheckUtils]: 0: Hoare triple {17291#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,672 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,672 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,672 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #1027#return; {17212#false} is VALID [2022-02-20 17:58:51,679 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 66 [2022-02-20 17:58:51,680 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,682 INFO L290 TraceCheckUtils]: 0: Hoare triple {17292#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,682 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,682 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,682 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #1029#return; {17212#false} is VALID [2022-02-20 17:58:51,683 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:58:51,692 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,695 INFO L290 TraceCheckUtils]: 0: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~35; {17211#true} is VALID [2022-02-20 17:58:51,695 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {17211#true} is VALID [2022-02-20 17:58:51,695 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,697 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #971#return; {17212#false} is VALID [2022-02-20 17:58:51,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:58:51,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,702 INFO L290 TraceCheckUtils]: 0: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~7; {17211#true} is VALID [2022-02-20 17:58:51,702 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {17211#true} is VALID [2022-02-20 17:58:51,702 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,702 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #973#return; {17212#false} is VALID [2022-02-20 17:58:51,702 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 89 [2022-02-20 17:58:51,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {17211#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {17211#true} is VALID [2022-02-20 17:58:51,705 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle; {17211#true} is VALID [2022-02-20 17:58:51,705 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {17211#true} is VALID [2022-02-20 17:58:51,705 INFO L290 TraceCheckUtils]: 3: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,706 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17211#true} {17212#false} #975#return; {17212#false} is VALID [2022-02-20 17:58:51,706 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:58:51,707 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {17291#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,710 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #981#return; {17212#false} is VALID [2022-02-20 17:58:51,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:58:51,711 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,718 INFO L290 TraceCheckUtils]: 0: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~12; {17211#true} is VALID [2022-02-20 17:58:51,718 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {17211#true} is VALID [2022-02-20 17:58:51,718 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,718 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #983#return; {17212#false} is VALID [2022-02-20 17:58:51,719 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:58:51,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~7; {17211#true} is VALID [2022-02-20 17:58:51,722 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {17211#true} is VALID [2022-02-20 17:58:51,722 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,722 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #985#return; {17212#false} is VALID [2022-02-20 17:58:51,722 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 119 [2022-02-20 17:58:51,723 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,725 INFO L290 TraceCheckUtils]: 0: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~35; {17211#true} is VALID [2022-02-20 17:58:51,726 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {17211#true} is VALID [2022-02-20 17:58:51,726 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,726 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #987#return; {17212#false} is VALID [2022-02-20 17:58:51,726 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:58:51,727 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,730 INFO L290 TraceCheckUtils]: 0: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~6; {17211#true} is VALID [2022-02-20 17:58:51,730 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {17211#true} is VALID [2022-02-20 17:58:51,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,731 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17211#true} {17212#false} #999#return; {17212#false} is VALID [2022-02-20 17:58:51,731 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 17:58:51,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {17211#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {17211#true} is VALID [2022-02-20 17:58:51,737 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume 1 == ~handle; {17211#true} is VALID [2022-02-20 17:58:51,737 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {17211#true} is VALID [2022-02-20 17:58:51,737 INFO L290 TraceCheckUtils]: 3: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,737 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17211#true} {17212#false} #1001#return; {17212#false} is VALID [2022-02-20 17:58:51,737 INFO L290 TraceCheckUtils]: 0: Hoare triple {17211#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {17211#true} is VALID [2022-02-20 17:58:51,737 INFO L290 TraceCheckUtils]: 1: Hoare triple {17211#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {17211#true} is VALID [2022-02-20 17:58:51,738 INFO L290 TraceCheckUtils]: 2: Hoare triple {17211#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17211#true} is VALID [2022-02-20 17:58:51,738 INFO L290 TraceCheckUtils]: 3: Hoare triple {17211#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {17211#true} is VALID [2022-02-20 17:58:51,738 INFO L290 TraceCheckUtils]: 4: Hoare triple {17211#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {17211#true} is VALID [2022-02-20 17:58:51,738 INFO L290 TraceCheckUtils]: 5: Hoare triple {17211#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {17211#true} is VALID [2022-02-20 17:58:51,739 INFO L272 TraceCheckUtils]: 6: Hoare triple {17211#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {17287#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:51,739 INFO L290 TraceCheckUtils]: 7: Hoare triple {17287#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,739 INFO L290 TraceCheckUtils]: 8: Hoare triple {17211#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,739 INFO L290 TraceCheckUtils]: 9: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,739 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17211#true} {17211#true} #1041#return; {17211#true} is VALID [2022-02-20 17:58:51,740 INFO L290 TraceCheckUtils]: 11: Hoare triple {17211#true} assume { :end_inline_setup_bob__wrappee__Base } true; {17211#true} is VALID [2022-02-20 17:58:51,740 INFO L272 TraceCheckUtils]: 12: Hoare triple {17211#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {17288#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:51,740 INFO L290 TraceCheckUtils]: 13: Hoare triple {17288#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,741 INFO L290 TraceCheckUtils]: 14: Hoare triple {17211#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,741 INFO L290 TraceCheckUtils]: 15: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,741 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17211#true} {17211#true} #1043#return; {17211#true} is VALID [2022-02-20 17:58:51,741 INFO L290 TraceCheckUtils]: 17: Hoare triple {17211#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {17211#true} is VALID [2022-02-20 17:58:51,742 INFO L272 TraceCheckUtils]: 18: Hoare triple {17211#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {17287#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:51,742 INFO L290 TraceCheckUtils]: 19: Hoare triple {17287#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,742 INFO L290 TraceCheckUtils]: 20: Hoare triple {17211#true} assume !(1 == ~handle); {17211#true} is VALID [2022-02-20 17:58:51,742 INFO L290 TraceCheckUtils]: 21: Hoare triple {17211#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,742 INFO L290 TraceCheckUtils]: 22: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,742 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {17211#true} {17211#true} #1045#return; {17211#true} is VALID [2022-02-20 17:58:51,743 INFO L290 TraceCheckUtils]: 24: Hoare triple {17211#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {17211#true} is VALID [2022-02-20 17:58:51,743 INFO L272 TraceCheckUtils]: 25: Hoare triple {17211#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {17288#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:51,743 INFO L290 TraceCheckUtils]: 26: Hoare triple {17288#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,743 INFO L290 TraceCheckUtils]: 27: Hoare triple {17211#true} assume !(1 == ~handle); {17211#true} is VALID [2022-02-20 17:58:51,744 INFO L290 TraceCheckUtils]: 28: Hoare triple {17211#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,744 INFO L290 TraceCheckUtils]: 29: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,744 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {17211#true} {17211#true} #1047#return; {17211#true} is VALID [2022-02-20 17:58:51,744 INFO L290 TraceCheckUtils]: 31: Hoare triple {17211#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {17231#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:51,745 INFO L272 TraceCheckUtils]: 32: Hoare triple {17231#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {17287#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:51,745 INFO L290 TraceCheckUtils]: 33: Hoare triple {17287#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17289#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,746 INFO L290 TraceCheckUtils]: 34: Hoare triple {17289#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {17289#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,746 INFO L290 TraceCheckUtils]: 35: Hoare triple {17289#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17290#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,746 INFO L290 TraceCheckUtils]: 36: Hoare triple {17290#(= 2 |setClientId_#in~handle|)} assume true; {17290#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,747 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {17290#(= 2 |setClientId_#in~handle|)} {17231#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1049#return; {17212#false} is VALID [2022-02-20 17:58:51,747 INFO L290 TraceCheckUtils]: 38: Hoare triple {17212#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {17212#false} is VALID [2022-02-20 17:58:51,747 INFO L272 TraceCheckUtils]: 39: Hoare triple {17212#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {17288#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:51,748 INFO L290 TraceCheckUtils]: 40: Hoare triple {17288#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,748 INFO L290 TraceCheckUtils]: 41: Hoare triple {17211#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,748 INFO L290 TraceCheckUtils]: 42: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,748 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {17211#true} {17212#false} #1051#return; {17212#false} is VALID [2022-02-20 17:58:51,748 INFO L290 TraceCheckUtils]: 44: Hoare triple {17212#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {17212#false} is VALID [2022-02-20 17:58:51,748 INFO L290 TraceCheckUtils]: 45: Hoare triple {17212#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17212#false} is VALID [2022-02-20 17:58:51,748 INFO L290 TraceCheckUtils]: 46: Hoare triple {17212#false} assume !false; {17212#false} is VALID [2022-02-20 17:58:51,749 INFO L290 TraceCheckUtils]: 47: Hoare triple {17212#false} assume test_~splverifierCounter~0#1 < 4; {17212#false} is VALID [2022-02-20 17:58:51,749 INFO L290 TraceCheckUtils]: 48: Hoare triple {17212#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17212#false} is VALID [2022-02-20 17:58:51,749 INFO L290 TraceCheckUtils]: 49: Hoare triple {17212#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {17212#false} is VALID [2022-02-20 17:58:51,749 INFO L290 TraceCheckUtils]: 50: Hoare triple {17212#false} assume !(0 != test_~tmp___9~0#1); {17212#false} is VALID [2022-02-20 17:58:51,749 INFO L290 TraceCheckUtils]: 51: Hoare triple {17212#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {17212#false} is VALID [2022-02-20 17:58:51,749 INFO L290 TraceCheckUtils]: 52: Hoare triple {17212#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {17212#false} is VALID [2022-02-20 17:58:51,749 INFO L290 TraceCheckUtils]: 53: Hoare triple {17212#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {17212#false} is VALID [2022-02-20 17:58:51,750 INFO L290 TraceCheckUtils]: 54: Hoare triple {17212#false} assume { :end_inline_setClientAutoResponse } true; {17212#false} is VALID [2022-02-20 17:58:51,750 INFO L290 TraceCheckUtils]: 55: Hoare triple {17212#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {17212#false} is VALID [2022-02-20 17:58:51,750 INFO L290 TraceCheckUtils]: 56: Hoare triple {17212#false} assume !false; {17212#false} is VALID [2022-02-20 17:58:51,750 INFO L290 TraceCheckUtils]: 57: Hoare triple {17212#false} assume !(test_~splverifierCounter~0#1 < 4); {17212#false} is VALID [2022-02-20 17:58:51,750 INFO L290 TraceCheckUtils]: 58: Hoare triple {17212#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {17212#false} is VALID [2022-02-20 17:58:51,750 INFO L272 TraceCheckUtils]: 59: Hoare triple {17212#false} call sendEmail(~bob~0, ~rjh~0); {17212#false} is VALID [2022-02-20 17:58:51,750 INFO L290 TraceCheckUtils]: 60: Hoare triple {17212#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17212#false} is VALID [2022-02-20 17:58:51,751 INFO L272 TraceCheckUtils]: 61: Hoare triple {17212#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17291#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:51,751 INFO L290 TraceCheckUtils]: 62: Hoare triple {17291#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,751 INFO L290 TraceCheckUtils]: 63: Hoare triple {17211#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,751 INFO L290 TraceCheckUtils]: 64: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,751 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {17211#true} {17212#false} #1027#return; {17212#false} is VALID [2022-02-20 17:58:51,751 INFO L272 TraceCheckUtils]: 66: Hoare triple {17212#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17292#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:51,752 INFO L290 TraceCheckUtils]: 67: Hoare triple {17292#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,752 INFO L290 TraceCheckUtils]: 68: Hoare triple {17211#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,752 INFO L290 TraceCheckUtils]: 69: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,752 INFO L284 TraceCheckUtils]: 70: Hoare quadruple {17211#true} {17212#false} #1029#return; {17212#false} is VALID [2022-02-20 17:58:51,752 INFO L290 TraceCheckUtils]: 71: Hoare triple {17212#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {17212#false} is VALID [2022-02-20 17:58:51,752 INFO L290 TraceCheckUtils]: 72: Hoare triple {17212#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {17212#false} is VALID [2022-02-20 17:58:51,752 INFO L272 TraceCheckUtils]: 73: Hoare triple {17212#false} call outgoing(~sender#1, ~email~0#1); {17212#false} is VALID [2022-02-20 17:58:51,753 INFO L290 TraceCheckUtils]: 74: Hoare triple {17212#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {17212#false} is VALID [2022-02-20 17:58:51,753 INFO L272 TraceCheckUtils]: 75: Hoare triple {17212#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {17211#true} is VALID [2022-02-20 17:58:51,753 INFO L290 TraceCheckUtils]: 76: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~35; {17211#true} is VALID [2022-02-20 17:58:51,753 INFO L290 TraceCheckUtils]: 77: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {17211#true} is VALID [2022-02-20 17:58:51,753 INFO L290 TraceCheckUtils]: 78: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,753 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {17211#true} {17212#false} #971#return; {17212#false} is VALID [2022-02-20 17:58:51,753 INFO L290 TraceCheckUtils]: 80: Hoare triple {17212#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {17212#false} is VALID [2022-02-20 17:58:51,754 INFO L290 TraceCheckUtils]: 81: Hoare triple {17212#false} assume 0 == sign_~privkey~1#1; {17212#false} is VALID [2022-02-20 17:58:51,754 INFO L290 TraceCheckUtils]: 82: Hoare triple {17212#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {17212#false} is VALID [2022-02-20 17:58:51,754 INFO L272 TraceCheckUtils]: 83: Hoare triple {17212#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {17211#true} is VALID [2022-02-20 17:58:51,754 INFO L290 TraceCheckUtils]: 84: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~7; {17211#true} is VALID [2022-02-20 17:58:51,754 INFO L290 TraceCheckUtils]: 85: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {17211#true} is VALID [2022-02-20 17:58:51,754 INFO L290 TraceCheckUtils]: 86: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,755 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {17211#true} {17212#false} #973#return; {17212#false} is VALID [2022-02-20 17:58:51,755 INFO L290 TraceCheckUtils]: 88: Hoare triple {17212#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {17212#false} is VALID [2022-02-20 17:58:51,755 INFO L272 TraceCheckUtils]: 89: Hoare triple {17212#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {17211#true} is VALID [2022-02-20 17:58:51,755 INFO L290 TraceCheckUtils]: 90: Hoare triple {17211#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {17211#true} is VALID [2022-02-20 17:58:51,755 INFO L290 TraceCheckUtils]: 91: Hoare triple {17211#true} assume 1 == ~handle; {17211#true} is VALID [2022-02-20 17:58:51,755 INFO L290 TraceCheckUtils]: 92: Hoare triple {17211#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {17211#true} is VALID [2022-02-20 17:58:51,755 INFO L290 TraceCheckUtils]: 93: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,756 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {17211#true} {17212#false} #975#return; {17212#false} is VALID [2022-02-20 17:58:51,756 INFO L290 TraceCheckUtils]: 95: Hoare triple {17212#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {17212#false} is VALID [2022-02-20 17:58:51,756 INFO L290 TraceCheckUtils]: 96: Hoare triple {17212#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {17212#false} is VALID [2022-02-20 17:58:51,756 INFO L290 TraceCheckUtils]: 97: Hoare triple {17212#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {17212#false} is VALID [2022-02-20 17:58:51,756 INFO L290 TraceCheckUtils]: 98: Hoare triple {17212#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {17212#false} is VALID [2022-02-20 17:58:51,756 INFO L290 TraceCheckUtils]: 99: Hoare triple {17212#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {17212#false} is VALID [2022-02-20 17:58:51,757 INFO L272 TraceCheckUtils]: 100: Hoare triple {17212#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {17291#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:51,757 INFO L290 TraceCheckUtils]: 101: Hoare triple {17291#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17211#true} is VALID [2022-02-20 17:58:51,757 INFO L290 TraceCheckUtils]: 102: Hoare triple {17211#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17211#true} is VALID [2022-02-20 17:58:51,757 INFO L290 TraceCheckUtils]: 103: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,757 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {17211#true} {17212#false} #981#return; {17212#false} is VALID [2022-02-20 17:58:51,757 INFO L290 TraceCheckUtils]: 105: Hoare triple {17212#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {17212#false} is VALID [2022-02-20 17:58:51,757 INFO L272 TraceCheckUtils]: 106: Hoare triple {17212#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {17211#true} is VALID [2022-02-20 17:58:51,758 INFO L290 TraceCheckUtils]: 107: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~12; {17211#true} is VALID [2022-02-20 17:58:51,758 INFO L290 TraceCheckUtils]: 108: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {17211#true} is VALID [2022-02-20 17:58:51,758 INFO L290 TraceCheckUtils]: 109: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,758 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {17211#true} {17212#false} #983#return; {17212#false} is VALID [2022-02-20 17:58:51,758 INFO L290 TraceCheckUtils]: 111: Hoare triple {17212#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {17212#false} is VALID [2022-02-20 17:58:51,758 INFO L290 TraceCheckUtils]: 112: Hoare triple {17212#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {17212#false} is VALID [2022-02-20 17:58:51,758 INFO L272 TraceCheckUtils]: 113: Hoare triple {17212#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {17211#true} is VALID [2022-02-20 17:58:51,759 INFO L290 TraceCheckUtils]: 114: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~7; {17211#true} is VALID [2022-02-20 17:58:51,759 INFO L290 TraceCheckUtils]: 115: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {17211#true} is VALID [2022-02-20 17:58:51,759 INFO L290 TraceCheckUtils]: 116: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,759 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {17211#true} {17212#false} #985#return; {17212#false} is VALID [2022-02-20 17:58:51,759 INFO L290 TraceCheckUtils]: 118: Hoare triple {17212#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {17212#false} is VALID [2022-02-20 17:58:51,759 INFO L272 TraceCheckUtils]: 119: Hoare triple {17212#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {17211#true} is VALID [2022-02-20 17:58:51,760 INFO L290 TraceCheckUtils]: 120: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~35; {17211#true} is VALID [2022-02-20 17:58:51,760 INFO L290 TraceCheckUtils]: 121: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {17211#true} is VALID [2022-02-20 17:58:51,760 INFO L290 TraceCheckUtils]: 122: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,760 INFO L284 TraceCheckUtils]: 123: Hoare quadruple {17211#true} {17212#false} #987#return; {17212#false} is VALID [2022-02-20 17:58:51,760 INFO L290 TraceCheckUtils]: 124: Hoare triple {17212#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {17212#false} is VALID [2022-02-20 17:58:51,760 INFO L290 TraceCheckUtils]: 125: Hoare triple {17212#false} assume !(0 != incoming_~privkey~0#1); {17212#false} is VALID [2022-02-20 17:58:51,760 INFO L290 TraceCheckUtils]: 126: Hoare triple {17212#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {17212#false} is VALID [2022-02-20 17:58:51,761 INFO L290 TraceCheckUtils]: 127: Hoare triple {17212#false} assume 1 == ~sent_signed~0; {17212#false} is VALID [2022-02-20 17:58:51,761 INFO L272 TraceCheckUtils]: 128: Hoare triple {17212#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {17211#true} is VALID [2022-02-20 17:58:51,761 INFO L290 TraceCheckUtils]: 129: Hoare triple {17211#true} ~handle := #in~handle;havoc ~retValue_acc~6; {17211#true} is VALID [2022-02-20 17:58:51,761 INFO L290 TraceCheckUtils]: 130: Hoare triple {17211#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {17211#true} is VALID [2022-02-20 17:58:51,761 INFO L290 TraceCheckUtils]: 131: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,761 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {17211#true} {17212#false} #999#return; {17212#false} is VALID [2022-02-20 17:58:51,761 INFO L290 TraceCheckUtils]: 133: Hoare triple {17212#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {17212#false} is VALID [2022-02-20 17:58:51,762 INFO L272 TraceCheckUtils]: 134: Hoare triple {17212#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {17211#true} is VALID [2022-02-20 17:58:51,762 INFO L290 TraceCheckUtils]: 135: Hoare triple {17211#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {17211#true} is VALID [2022-02-20 17:58:51,762 INFO L290 TraceCheckUtils]: 136: Hoare triple {17211#true} assume 1 == ~handle; {17211#true} is VALID [2022-02-20 17:58:51,762 INFO L290 TraceCheckUtils]: 137: Hoare triple {17211#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {17211#true} is VALID [2022-02-20 17:58:51,762 INFO L290 TraceCheckUtils]: 138: Hoare triple {17211#true} assume true; {17211#true} is VALID [2022-02-20 17:58:51,762 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {17211#true} {17212#false} #1001#return; {17212#false} is VALID [2022-02-20 17:58:51,762 INFO L290 TraceCheckUtils]: 140: Hoare triple {17212#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {17212#false} is VALID [2022-02-20 17:58:51,763 INFO L290 TraceCheckUtils]: 141: Hoare triple {17212#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {17212#false} is VALID [2022-02-20 17:58:51,763 INFO L272 TraceCheckUtils]: 142: Hoare triple {17212#false} call __automaton_fail(); {17212#false} is VALID [2022-02-20 17:58:51,763 INFO L290 TraceCheckUtils]: 143: Hoare triple {17212#false} assume !false; {17212#false} is VALID [2022-02-20 17:58:51,763 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:51,764 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:51,764 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2051569790] [2022-02-20 17:58:51,764 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2051569790] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:51,764 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:51,764 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:58:51,764 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1499521475] [2022-02-20 17:58:51,765 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:51,766 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 144 [2022-02-20 17:58:51,766 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:51,766 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:51,858 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 123 edges. 123 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:51,858 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:58:51,858 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:51,859 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:58:51,859 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:51,859 INFO L87 Difference]: Start difference. First operand 405 states and 610 transitions. Second operand has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:58,380 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:58,380 INFO L93 Difference]: Finished difference Result 912 states and 1379 transitions. [2022-02-20 17:58:58,380 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:58:58,381 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 144 [2022-02-20 17:58:58,382 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:58,382 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:58,395 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1191 transitions. [2022-02-20 17:58:58,396 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:58,408 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1191 transitions. [2022-02-20 17:58:58,408 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1191 transitions. [2022-02-20 17:58:59,480 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1191 edges. 1191 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:59,503 INFO L225 Difference]: With dead ends: 912 [2022-02-20 17:58:59,503 INFO L226 Difference]: Without dead ends: 530 [2022-02-20 17:58:59,505 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:58:59,505 INFO L933 BasicCegarLoop]: 581 mSDtfsCounter, 1238 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 1929 mSolverCounterSat, 470 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1255 SdHoareTripleChecker+Valid, 1396 SdHoareTripleChecker+Invalid, 2399 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 470 IncrementalHoareTripleChecker+Valid, 1929 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 2.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:59,506 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1255 Valid, 1396 Invalid, 2399 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [470 Valid, 1929 Invalid, 0 Unknown, 0 Unchecked, 2.8s Time] [2022-02-20 17:58:59,507 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 530 states. [2022-02-20 17:58:59,597 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 530 to 407. [2022-02-20 17:58:59,598 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:59,599 INFO L82 GeneralOperation]: Start isEquivalent. First operand 530 states. Second operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (74), 66 states have call predecessors, (74), 66 states have call successors, (74) [2022-02-20 17:58:59,600 INFO L74 IsIncluded]: Start isIncluded. First operand 530 states. Second operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (74), 66 states have call predecessors, (74), 66 states have call successors, (74) [2022-02-20 17:58:59,601 INFO L87 Difference]: Start difference. First operand 530 states. Second operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (74), 66 states have call predecessors, (74), 66 states have call successors, (74) [2022-02-20 17:58:59,622 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:59,622 INFO L93 Difference]: Finished difference Result 530 states and 799 transitions. [2022-02-20 17:58:59,622 INFO L276 IsEmpty]: Start isEmpty. Operand 530 states and 799 transitions. [2022-02-20 17:58:59,625 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:59,626 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:59,627 INFO L74 IsIncluded]: Start isIncluded. First operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (74), 66 states have call predecessors, (74), 66 states have call successors, (74) Second operand 530 states. [2022-02-20 17:58:59,628 INFO L87 Difference]: Start difference. First operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (74), 66 states have call predecessors, (74), 66 states have call successors, (74) Second operand 530 states. [2022-02-20 17:58:59,648 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:59,648 INFO L93 Difference]: Finished difference Result 530 states and 799 transitions. [2022-02-20 17:58:59,648 INFO L276 IsEmpty]: Start isEmpty. Operand 530 states and 799 transitions. [2022-02-20 17:58:59,652 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:59,652 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:59,652 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:59,652 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:59,667 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (74), 66 states have call predecessors, (74), 66 states have call successors, (74) [2022-02-20 17:58:59,683 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 407 states to 407 states and 613 transitions. [2022-02-20 17:58:59,684 INFO L78 Accepts]: Start accepts. Automaton has 407 states and 613 transitions. Word has length 144 [2022-02-20 17:58:59,684 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:59,684 INFO L470 AbstractCegarLoop]: Abstraction has 407 states and 613 transitions. [2022-02-20 17:58:59,685 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.75) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:59,685 INFO L276 IsEmpty]: Start isEmpty. Operand 407 states and 613 transitions. [2022-02-20 17:58:59,687 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 146 [2022-02-20 17:58:59,688 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:59,688 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:59,688 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:58:59,688 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:59,689 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:59,689 INFO L85 PathProgramCache]: Analyzing trace with hash -311728212, now seen corresponding path program 1 times [2022-02-20 17:58:59,689 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:59,689 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1086491116] [2022-02-20 17:58:59,689 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:59,690 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:59,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,761 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:59,763 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {20328#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,766 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,766 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,766 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20250#true} #1041#return; {20250#true} is VALID [2022-02-20 17:58:59,772 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:59,773 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {20329#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,776 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,776 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,776 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20250#true} #1043#return; {20250#true} is VALID [2022-02-20 17:58:59,776 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:59,778 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,780 INFO L290 TraceCheckUtils]: 0: Hoare triple {20328#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,780 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume !(1 == ~handle); {20250#true} is VALID [2022-02-20 17:58:59,780 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,780 INFO L290 TraceCheckUtils]: 3: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,780 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20250#true} {20250#true} #1045#return; {20250#true} is VALID [2022-02-20 17:58:59,781 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:59,782 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {20329#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,784 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume !(1 == ~handle); {20250#true} is VALID [2022-02-20 17:58:59,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,784 INFO L290 TraceCheckUtils]: 3: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,784 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20250#true} {20250#true} #1047#return; {20250#true} is VALID [2022-02-20 17:58:59,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:59,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,801 INFO L290 TraceCheckUtils]: 0: Hoare triple {20328#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20330#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {20330#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20330#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,802 INFO L290 TraceCheckUtils]: 2: Hoare triple {20330#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {20330#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,803 INFO L290 TraceCheckUtils]: 3: Hoare triple {20330#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {20331#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,803 INFO L290 TraceCheckUtils]: 4: Hoare triple {20331#(= 3 |setClientId_#in~handle|)} assume true; {20331#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,804 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {20331#(= 3 |setClientId_#in~handle|)} {20270#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1049#return; {20277#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:58:59,804 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:58:59,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {20329#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20332#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:59,822 INFO L290 TraceCheckUtils]: 1: Hoare triple {20332#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20333#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:59,822 INFO L290 TraceCheckUtils]: 2: Hoare triple {20333#(= |setClientPrivateKey_#in~handle| 1)} assume true; {20333#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:59,823 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20333#(= |setClientPrivateKey_#in~handle| 1)} {20277#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1051#return; {20251#false} is VALID [2022-02-20 17:58:59,831 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:59,832 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,835 INFO L290 TraceCheckUtils]: 0: Hoare triple {20334#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,835 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,836 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,836 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20251#false} #1027#return; {20251#false} is VALID [2022-02-20 17:58:59,844 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2022-02-20 17:58:59,846 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,847 INFO L290 TraceCheckUtils]: 0: Hoare triple {20335#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,848 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,848 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,848 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20251#false} #1029#return; {20251#false} is VALID [2022-02-20 17:58:59,849 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:58:59,850 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~35; {20250#true} is VALID [2022-02-20 17:58:59,851 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {20250#true} is VALID [2022-02-20 17:58:59,852 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,852 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20251#false} #971#return; {20251#false} is VALID [2022-02-20 17:58:59,852 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:58:59,853 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,855 INFO L290 TraceCheckUtils]: 0: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~7; {20250#true} is VALID [2022-02-20 17:58:59,855 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {20250#true} is VALID [2022-02-20 17:58:59,855 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,856 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20251#false} #973#return; {20251#false} is VALID [2022-02-20 17:58:59,856 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:58:59,857 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,859 INFO L290 TraceCheckUtils]: 0: Hoare triple {20250#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {20250#true} is VALID [2022-02-20 17:58:59,859 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle; {20250#true} is VALID [2022-02-20 17:58:59,859 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {20250#true} is VALID [2022-02-20 17:58:59,859 INFO L290 TraceCheckUtils]: 3: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,859 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20250#true} {20251#false} #975#return; {20251#false} is VALID [2022-02-20 17:58:59,860 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:58:59,861 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,862 INFO L290 TraceCheckUtils]: 0: Hoare triple {20334#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,863 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,863 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,863 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20251#false} #981#return; {20251#false} is VALID [2022-02-20 17:58:59,863 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 17:58:59,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,868 INFO L290 TraceCheckUtils]: 0: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~12; {20250#true} is VALID [2022-02-20 17:58:59,869 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {20250#true} is VALID [2022-02-20 17:58:59,869 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,869 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20251#false} #983#return; {20251#false} is VALID [2022-02-20 17:58:59,869 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:58:59,870 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,872 INFO L290 TraceCheckUtils]: 0: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~7; {20250#true} is VALID [2022-02-20 17:58:59,872 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {20250#true} is VALID [2022-02-20 17:58:59,872 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,872 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20251#false} #985#return; {20251#false} is VALID [2022-02-20 17:58:59,873 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 17:58:59,873 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,875 INFO L290 TraceCheckUtils]: 0: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~35; {20250#true} is VALID [2022-02-20 17:58:59,875 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {20250#true} is VALID [2022-02-20 17:58:59,875 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,876 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20251#false} #987#return; {20251#false} is VALID [2022-02-20 17:58:59,876 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:58:59,877 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,885 INFO L290 TraceCheckUtils]: 0: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~6; {20250#true} is VALID [2022-02-20 17:58:59,885 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {20250#true} is VALID [2022-02-20 17:58:59,885 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,886 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {20250#true} {20251#false} #999#return; {20251#false} is VALID [2022-02-20 17:58:59,886 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 17:58:59,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:59,889 INFO L290 TraceCheckUtils]: 0: Hoare triple {20250#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {20250#true} is VALID [2022-02-20 17:58:59,889 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume 1 == ~handle; {20250#true} is VALID [2022-02-20 17:58:59,889 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {20250#true} is VALID [2022-02-20 17:58:59,889 INFO L290 TraceCheckUtils]: 3: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,889 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {20250#true} {20251#false} #1001#return; {20251#false} is VALID [2022-02-20 17:58:59,890 INFO L290 TraceCheckUtils]: 0: Hoare triple {20250#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {20250#true} is VALID [2022-02-20 17:58:59,890 INFO L290 TraceCheckUtils]: 1: Hoare triple {20250#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {20250#true} is VALID [2022-02-20 17:58:59,890 INFO L290 TraceCheckUtils]: 2: Hoare triple {20250#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {20250#true} is VALID [2022-02-20 17:58:59,890 INFO L290 TraceCheckUtils]: 3: Hoare triple {20250#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {20250#true} is VALID [2022-02-20 17:58:59,890 INFO L290 TraceCheckUtils]: 4: Hoare triple {20250#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {20250#true} is VALID [2022-02-20 17:58:59,890 INFO L290 TraceCheckUtils]: 5: Hoare triple {20250#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {20250#true} is VALID [2022-02-20 17:58:59,891 INFO L272 TraceCheckUtils]: 6: Hoare triple {20250#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {20328#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:59,891 INFO L290 TraceCheckUtils]: 7: Hoare triple {20328#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,892 INFO L290 TraceCheckUtils]: 8: Hoare triple {20250#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,892 INFO L290 TraceCheckUtils]: 9: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,892 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {20250#true} {20250#true} #1041#return; {20250#true} is VALID [2022-02-20 17:58:59,892 INFO L290 TraceCheckUtils]: 11: Hoare triple {20250#true} assume { :end_inline_setup_bob__wrappee__Base } true; {20250#true} is VALID [2022-02-20 17:58:59,893 INFO L272 TraceCheckUtils]: 12: Hoare triple {20250#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {20329#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:59,893 INFO L290 TraceCheckUtils]: 13: Hoare triple {20329#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,893 INFO L290 TraceCheckUtils]: 14: Hoare triple {20250#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,893 INFO L290 TraceCheckUtils]: 15: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,893 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {20250#true} {20250#true} #1043#return; {20250#true} is VALID [2022-02-20 17:58:59,893 INFO L290 TraceCheckUtils]: 17: Hoare triple {20250#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {20250#true} is VALID [2022-02-20 17:58:59,894 INFO L272 TraceCheckUtils]: 18: Hoare triple {20250#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {20328#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:59,894 INFO L290 TraceCheckUtils]: 19: Hoare triple {20328#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,894 INFO L290 TraceCheckUtils]: 20: Hoare triple {20250#true} assume !(1 == ~handle); {20250#true} is VALID [2022-02-20 17:58:59,894 INFO L290 TraceCheckUtils]: 21: Hoare triple {20250#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,895 INFO L290 TraceCheckUtils]: 22: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,895 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {20250#true} {20250#true} #1045#return; {20250#true} is VALID [2022-02-20 17:58:59,895 INFO L290 TraceCheckUtils]: 24: Hoare triple {20250#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {20250#true} is VALID [2022-02-20 17:58:59,896 INFO L272 TraceCheckUtils]: 25: Hoare triple {20250#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {20329#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:59,896 INFO L290 TraceCheckUtils]: 26: Hoare triple {20329#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,896 INFO L290 TraceCheckUtils]: 27: Hoare triple {20250#true} assume !(1 == ~handle); {20250#true} is VALID [2022-02-20 17:58:59,896 INFO L290 TraceCheckUtils]: 28: Hoare triple {20250#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,896 INFO L290 TraceCheckUtils]: 29: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,896 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {20250#true} {20250#true} #1047#return; {20250#true} is VALID [2022-02-20 17:58:59,897 INFO L290 TraceCheckUtils]: 31: Hoare triple {20250#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {20270#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:59,897 INFO L272 TraceCheckUtils]: 32: Hoare triple {20270#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {20328#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:59,898 INFO L290 TraceCheckUtils]: 33: Hoare triple {20328#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {20330#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,898 INFO L290 TraceCheckUtils]: 34: Hoare triple {20330#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {20330#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,898 INFO L290 TraceCheckUtils]: 35: Hoare triple {20330#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {20330#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,899 INFO L290 TraceCheckUtils]: 36: Hoare triple {20330#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {20331#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,899 INFO L290 TraceCheckUtils]: 37: Hoare triple {20331#(= 3 |setClientId_#in~handle|)} assume true; {20331#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:59,900 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {20331#(= 3 |setClientId_#in~handle|)} {20270#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1049#return; {20277#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:58:59,900 INFO L290 TraceCheckUtils]: 39: Hoare triple {20277#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {20277#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:58:59,901 INFO L272 TraceCheckUtils]: 40: Hoare triple {20277#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {20329#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:59,901 INFO L290 TraceCheckUtils]: 41: Hoare triple {20329#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {20332#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:59,902 INFO L290 TraceCheckUtils]: 42: Hoare triple {20332#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {20333#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:59,902 INFO L290 TraceCheckUtils]: 43: Hoare triple {20333#(= |setClientPrivateKey_#in~handle| 1)} assume true; {20333#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:59,902 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {20333#(= |setClientPrivateKey_#in~handle| 1)} {20277#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1051#return; {20251#false} is VALID [2022-02-20 17:58:59,903 INFO L290 TraceCheckUtils]: 45: Hoare triple {20251#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {20251#false} is VALID [2022-02-20 17:58:59,903 INFO L290 TraceCheckUtils]: 46: Hoare triple {20251#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {20251#false} is VALID [2022-02-20 17:58:59,903 INFO L290 TraceCheckUtils]: 47: Hoare triple {20251#false} assume !false; {20251#false} is VALID [2022-02-20 17:58:59,903 INFO L290 TraceCheckUtils]: 48: Hoare triple {20251#false} assume test_~splverifierCounter~0#1 < 4; {20251#false} is VALID [2022-02-20 17:58:59,903 INFO L290 TraceCheckUtils]: 49: Hoare triple {20251#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {20251#false} is VALID [2022-02-20 17:58:59,903 INFO L290 TraceCheckUtils]: 50: Hoare triple {20251#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {20251#false} is VALID [2022-02-20 17:58:59,904 INFO L290 TraceCheckUtils]: 51: Hoare triple {20251#false} assume !(0 != test_~tmp___9~0#1); {20251#false} is VALID [2022-02-20 17:58:59,904 INFO L290 TraceCheckUtils]: 52: Hoare triple {20251#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {20251#false} is VALID [2022-02-20 17:58:59,904 INFO L290 TraceCheckUtils]: 53: Hoare triple {20251#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {20251#false} is VALID [2022-02-20 17:58:59,904 INFO L290 TraceCheckUtils]: 54: Hoare triple {20251#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {20251#false} is VALID [2022-02-20 17:58:59,904 INFO L290 TraceCheckUtils]: 55: Hoare triple {20251#false} assume { :end_inline_setClientAutoResponse } true; {20251#false} is VALID [2022-02-20 17:58:59,904 INFO L290 TraceCheckUtils]: 56: Hoare triple {20251#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {20251#false} is VALID [2022-02-20 17:58:59,904 INFO L290 TraceCheckUtils]: 57: Hoare triple {20251#false} assume !false; {20251#false} is VALID [2022-02-20 17:58:59,904 INFO L290 TraceCheckUtils]: 58: Hoare triple {20251#false} assume !(test_~splverifierCounter~0#1 < 4); {20251#false} is VALID [2022-02-20 17:58:59,905 INFO L290 TraceCheckUtils]: 59: Hoare triple {20251#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {20251#false} is VALID [2022-02-20 17:58:59,905 INFO L272 TraceCheckUtils]: 60: Hoare triple {20251#false} call sendEmail(~bob~0, ~rjh~0); {20251#false} is VALID [2022-02-20 17:58:59,905 INFO L290 TraceCheckUtils]: 61: Hoare triple {20251#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {20251#false} is VALID [2022-02-20 17:58:59,905 INFO L272 TraceCheckUtils]: 62: Hoare triple {20251#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {20334#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:59,905 INFO L290 TraceCheckUtils]: 63: Hoare triple {20334#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,905 INFO L290 TraceCheckUtils]: 64: Hoare triple {20250#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,906 INFO L290 TraceCheckUtils]: 65: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,906 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {20250#true} {20251#false} #1027#return; {20251#false} is VALID [2022-02-20 17:58:59,906 INFO L272 TraceCheckUtils]: 67: Hoare triple {20251#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {20335#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:59,906 INFO L290 TraceCheckUtils]: 68: Hoare triple {20335#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,906 INFO L290 TraceCheckUtils]: 69: Hoare triple {20250#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,906 INFO L290 TraceCheckUtils]: 70: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,906 INFO L284 TraceCheckUtils]: 71: Hoare quadruple {20250#true} {20251#false} #1029#return; {20251#false} is VALID [2022-02-20 17:58:59,907 INFO L290 TraceCheckUtils]: 72: Hoare triple {20251#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {20251#false} is VALID [2022-02-20 17:58:59,907 INFO L290 TraceCheckUtils]: 73: Hoare triple {20251#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {20251#false} is VALID [2022-02-20 17:58:59,907 INFO L272 TraceCheckUtils]: 74: Hoare triple {20251#false} call outgoing(~sender#1, ~email~0#1); {20251#false} is VALID [2022-02-20 17:58:59,907 INFO L290 TraceCheckUtils]: 75: Hoare triple {20251#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {20251#false} is VALID [2022-02-20 17:58:59,907 INFO L272 TraceCheckUtils]: 76: Hoare triple {20251#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {20250#true} is VALID [2022-02-20 17:58:59,907 INFO L290 TraceCheckUtils]: 77: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~35; {20250#true} is VALID [2022-02-20 17:58:59,907 INFO L290 TraceCheckUtils]: 78: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {20250#true} is VALID [2022-02-20 17:58:59,908 INFO L290 TraceCheckUtils]: 79: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,908 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {20250#true} {20251#false} #971#return; {20251#false} is VALID [2022-02-20 17:58:59,908 INFO L290 TraceCheckUtils]: 81: Hoare triple {20251#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {20251#false} is VALID [2022-02-20 17:58:59,908 INFO L290 TraceCheckUtils]: 82: Hoare triple {20251#false} assume 0 == sign_~privkey~1#1; {20251#false} is VALID [2022-02-20 17:58:59,909 INFO L290 TraceCheckUtils]: 83: Hoare triple {20251#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {20251#false} is VALID [2022-02-20 17:58:59,909 INFO L272 TraceCheckUtils]: 84: Hoare triple {20251#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {20250#true} is VALID [2022-02-20 17:58:59,909 INFO L290 TraceCheckUtils]: 85: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~7; {20250#true} is VALID [2022-02-20 17:58:59,909 INFO L290 TraceCheckUtils]: 86: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {20250#true} is VALID [2022-02-20 17:58:59,909 INFO L290 TraceCheckUtils]: 87: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,909 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {20250#true} {20251#false} #973#return; {20251#false} is VALID [2022-02-20 17:58:59,909 INFO L290 TraceCheckUtils]: 89: Hoare triple {20251#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {20251#false} is VALID [2022-02-20 17:58:59,910 INFO L272 TraceCheckUtils]: 90: Hoare triple {20251#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {20250#true} is VALID [2022-02-20 17:58:59,910 INFO L290 TraceCheckUtils]: 91: Hoare triple {20250#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {20250#true} is VALID [2022-02-20 17:58:59,910 INFO L290 TraceCheckUtils]: 92: Hoare triple {20250#true} assume 1 == ~handle; {20250#true} is VALID [2022-02-20 17:58:59,910 INFO L290 TraceCheckUtils]: 93: Hoare triple {20250#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {20250#true} is VALID [2022-02-20 17:58:59,910 INFO L290 TraceCheckUtils]: 94: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,910 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {20250#true} {20251#false} #975#return; {20251#false} is VALID [2022-02-20 17:58:59,910 INFO L290 TraceCheckUtils]: 96: Hoare triple {20251#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {20251#false} is VALID [2022-02-20 17:58:59,911 INFO L290 TraceCheckUtils]: 97: Hoare triple {20251#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {20251#false} is VALID [2022-02-20 17:58:59,911 INFO L290 TraceCheckUtils]: 98: Hoare triple {20251#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {20251#false} is VALID [2022-02-20 17:58:59,911 INFO L290 TraceCheckUtils]: 99: Hoare triple {20251#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {20251#false} is VALID [2022-02-20 17:58:59,911 INFO L290 TraceCheckUtils]: 100: Hoare triple {20251#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {20251#false} is VALID [2022-02-20 17:58:59,911 INFO L272 TraceCheckUtils]: 101: Hoare triple {20251#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {20334#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:59,911 INFO L290 TraceCheckUtils]: 102: Hoare triple {20334#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {20250#true} is VALID [2022-02-20 17:58:59,912 INFO L290 TraceCheckUtils]: 103: Hoare triple {20250#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {20250#true} is VALID [2022-02-20 17:58:59,912 INFO L290 TraceCheckUtils]: 104: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,912 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {20250#true} {20251#false} #981#return; {20251#false} is VALID [2022-02-20 17:58:59,912 INFO L290 TraceCheckUtils]: 106: Hoare triple {20251#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {20251#false} is VALID [2022-02-20 17:58:59,912 INFO L272 TraceCheckUtils]: 107: Hoare triple {20251#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {20250#true} is VALID [2022-02-20 17:58:59,912 INFO L290 TraceCheckUtils]: 108: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~12; {20250#true} is VALID [2022-02-20 17:58:59,912 INFO L290 TraceCheckUtils]: 109: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {20250#true} is VALID [2022-02-20 17:58:59,913 INFO L290 TraceCheckUtils]: 110: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,913 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {20250#true} {20251#false} #983#return; {20251#false} is VALID [2022-02-20 17:58:59,913 INFO L290 TraceCheckUtils]: 112: Hoare triple {20251#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {20251#false} is VALID [2022-02-20 17:58:59,913 INFO L290 TraceCheckUtils]: 113: Hoare triple {20251#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {20251#false} is VALID [2022-02-20 17:58:59,914 INFO L272 TraceCheckUtils]: 114: Hoare triple {20251#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {20250#true} is VALID [2022-02-20 17:58:59,914 INFO L290 TraceCheckUtils]: 115: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~7; {20250#true} is VALID [2022-02-20 17:58:59,914 INFO L290 TraceCheckUtils]: 116: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {20250#true} is VALID [2022-02-20 17:58:59,914 INFO L290 TraceCheckUtils]: 117: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,914 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {20250#true} {20251#false} #985#return; {20251#false} is VALID [2022-02-20 17:58:59,914 INFO L290 TraceCheckUtils]: 119: Hoare triple {20251#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {20251#false} is VALID [2022-02-20 17:58:59,914 INFO L272 TraceCheckUtils]: 120: Hoare triple {20251#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {20250#true} is VALID [2022-02-20 17:58:59,915 INFO L290 TraceCheckUtils]: 121: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~35; {20250#true} is VALID [2022-02-20 17:58:59,915 INFO L290 TraceCheckUtils]: 122: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {20250#true} is VALID [2022-02-20 17:58:59,915 INFO L290 TraceCheckUtils]: 123: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,915 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {20250#true} {20251#false} #987#return; {20251#false} is VALID [2022-02-20 17:58:59,915 INFO L290 TraceCheckUtils]: 125: Hoare triple {20251#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {20251#false} is VALID [2022-02-20 17:58:59,915 INFO L290 TraceCheckUtils]: 126: Hoare triple {20251#false} assume !(0 != incoming_~privkey~0#1); {20251#false} is VALID [2022-02-20 17:58:59,915 INFO L290 TraceCheckUtils]: 127: Hoare triple {20251#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {20251#false} is VALID [2022-02-20 17:58:59,916 INFO L290 TraceCheckUtils]: 128: Hoare triple {20251#false} assume 1 == ~sent_signed~0; {20251#false} is VALID [2022-02-20 17:58:59,916 INFO L272 TraceCheckUtils]: 129: Hoare triple {20251#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {20250#true} is VALID [2022-02-20 17:58:59,916 INFO L290 TraceCheckUtils]: 130: Hoare triple {20250#true} ~handle := #in~handle;havoc ~retValue_acc~6; {20250#true} is VALID [2022-02-20 17:58:59,916 INFO L290 TraceCheckUtils]: 131: Hoare triple {20250#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {20250#true} is VALID [2022-02-20 17:58:59,916 INFO L290 TraceCheckUtils]: 132: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,916 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {20250#true} {20251#false} #999#return; {20251#false} is VALID [2022-02-20 17:58:59,917 INFO L290 TraceCheckUtils]: 134: Hoare triple {20251#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {20251#false} is VALID [2022-02-20 17:58:59,917 INFO L272 TraceCheckUtils]: 135: Hoare triple {20251#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {20250#true} is VALID [2022-02-20 17:58:59,917 INFO L290 TraceCheckUtils]: 136: Hoare triple {20250#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {20250#true} is VALID [2022-02-20 17:58:59,917 INFO L290 TraceCheckUtils]: 137: Hoare triple {20250#true} assume 1 == ~handle; {20250#true} is VALID [2022-02-20 17:58:59,917 INFO L290 TraceCheckUtils]: 138: Hoare triple {20250#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {20250#true} is VALID [2022-02-20 17:58:59,917 INFO L290 TraceCheckUtils]: 139: Hoare triple {20250#true} assume true; {20250#true} is VALID [2022-02-20 17:58:59,917 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {20250#true} {20251#false} #1001#return; {20251#false} is VALID [2022-02-20 17:58:59,918 INFO L290 TraceCheckUtils]: 141: Hoare triple {20251#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {20251#false} is VALID [2022-02-20 17:58:59,918 INFO L290 TraceCheckUtils]: 142: Hoare triple {20251#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {20251#false} is VALID [2022-02-20 17:58:59,918 INFO L272 TraceCheckUtils]: 143: Hoare triple {20251#false} call __automaton_fail(); {20251#false} is VALID [2022-02-20 17:58:59,918 INFO L290 TraceCheckUtils]: 144: Hoare triple {20251#false} assume !false; {20251#false} is VALID [2022-02-20 17:58:59,919 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2022-02-20 17:58:59,919 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:59,919 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1086491116] [2022-02-20 17:58:59,919 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1086491116] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:59,919 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:59,919 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:58:59,919 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [599679768] [2022-02-20 17:58:59,920 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:59,920 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 145 [2022-02-20 17:58:59,921 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:59,921 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:00,017 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 127 edges. 127 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:00,017 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:59:00,018 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:00,018 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:59:00,018 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:00,019 INFO L87 Difference]: Start difference. First operand 407 states and 613 transitions. Second operand has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:09,556 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:09,556 INFO L93 Difference]: Finished difference Result 910 states and 1374 transitions. [2022-02-20 17:59:09,556 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:59:09,556 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 145 [2022-02-20 17:59:09,557 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:09,557 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:09,565 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1192 transitions. [2022-02-20 17:59:09,566 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:09,578 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1192 transitions. [2022-02-20 17:59:09,578 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1192 transitions. [2022-02-20 17:59:10,575 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1192 edges. 1192 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:10,590 INFO L225 Difference]: With dead ends: 910 [2022-02-20 17:59:10,590 INFO L226 Difference]: Without dead ends: 530 [2022-02-20 17:59:10,591 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 59 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:59:10,592 INFO L933 BasicCegarLoop]: 573 mSDtfsCounter, 1344 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 3554 mSolverCounterSat, 508 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1344 SdHoareTripleChecker+Valid, 1705 SdHoareTripleChecker+Invalid, 4062 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 508 IncrementalHoareTripleChecker+Valid, 3554 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.4s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:10,592 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1344 Valid, 1705 Invalid, 4062 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [508 Valid, 3554 Invalid, 0 Unknown, 0 Unchecked, 4.4s Time] [2022-02-20 17:59:10,593 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 530 states. [2022-02-20 17:59:10,697 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 530 to 407. [2022-02-20 17:59:10,698 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:10,699 INFO L82 GeneralOperation]: Start isEquivalent. First operand 530 states. Second operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) [2022-02-20 17:59:10,700 INFO L74 IsIncluded]: Start isIncluded. First operand 530 states. Second operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) [2022-02-20 17:59:10,702 INFO L87 Difference]: Start difference. First operand 530 states. Second operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) [2022-02-20 17:59:10,722 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:10,723 INFO L93 Difference]: Finished difference Result 530 states and 798 transitions. [2022-02-20 17:59:10,723 INFO L276 IsEmpty]: Start isEmpty. Operand 530 states and 798 transitions. [2022-02-20 17:59:10,725 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:10,725 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:10,726 INFO L74 IsIncluded]: Start isIncluded. First operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) Second operand 530 states. [2022-02-20 17:59:10,727 INFO L87 Difference]: Start difference. First operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) Second operand 530 states. [2022-02-20 17:59:10,746 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:10,746 INFO L93 Difference]: Finished difference Result 530 states and 798 transitions. [2022-02-20 17:59:10,746 INFO L276 IsEmpty]: Start isEmpty. Operand 530 states and 798 transitions. [2022-02-20 17:59:10,749 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:10,749 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:10,749 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:10,749 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:10,750 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 407 states, 311 states have (on average 1.5112540192926045) internal successors, (470), 318 states have internal predecessors, (470), 69 states have call successors, (69), 24 states have call predecessors, (69), 26 states have return successors, (73), 66 states have call predecessors, (73), 66 states have call successors, (73) [2022-02-20 17:59:10,764 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 407 states to 407 states and 612 transitions. [2022-02-20 17:59:10,765 INFO L78 Accepts]: Start accepts. Automaton has 407 states and 612 transitions. Word has length 145 [2022-02-20 17:59:10,765 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:10,765 INFO L470 AbstractCegarLoop]: Abstraction has 407 states and 612 transitions. [2022-02-20 17:59:10,766 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 8.181818181818182) internal successors, (90), 8 states have internal predecessors, (90), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:10,766 INFO L276 IsEmpty]: Start isEmpty. Operand 407 states and 612 transitions. [2022-02-20 17:59:10,768 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 147 [2022-02-20 17:59:10,768 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:10,768 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:10,768 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:59:10,768 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:10,769 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:10,769 INFO L85 PathProgramCache]: Analyzing trace with hash 1467632570, now seen corresponding path program 2 times [2022-02-20 17:59:10,769 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:10,769 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2130322506] [2022-02-20 17:59:10,769 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:10,769 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:10,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,861 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:10,862 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,864 INFO L290 TraceCheckUtils]: 0: Hoare triple {23377#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,864 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,865 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,865 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23298#true} #1041#return; {23298#true} is VALID [2022-02-20 17:59:10,871 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:10,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,874 INFO L290 TraceCheckUtils]: 0: Hoare triple {23378#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,874 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,874 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,875 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23298#true} #1043#return; {23298#true} is VALID [2022-02-20 17:59:10,875 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:10,876 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,878 INFO L290 TraceCheckUtils]: 0: Hoare triple {23377#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,878 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume !(1 == ~handle); {23298#true} is VALID [2022-02-20 17:59:10,878 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,879 INFO L290 TraceCheckUtils]: 3: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,879 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23298#true} {23298#true} #1045#return; {23298#true} is VALID [2022-02-20 17:59:10,879 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:10,880 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,882 INFO L290 TraceCheckUtils]: 0: Hoare triple {23378#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,883 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume !(1 == ~handle); {23298#true} is VALID [2022-02-20 17:59:10,883 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,883 INFO L290 TraceCheckUtils]: 3: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,883 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23298#true} {23298#true} #1047#return; {23298#true} is VALID [2022-02-20 17:59:10,883 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:10,885 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,900 INFO L290 TraceCheckUtils]: 0: Hoare triple {23377#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23379#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,901 INFO L290 TraceCheckUtils]: 1: Hoare triple {23379#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23379#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,901 INFO L290 TraceCheckUtils]: 2: Hoare triple {23379#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23379#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,902 INFO L290 TraceCheckUtils]: 3: Hoare triple {23379#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23380#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,902 INFO L290 TraceCheckUtils]: 4: Hoare triple {23380#(= 3 |setClientId_#in~handle|)} assume true; {23380#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,903 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {23380#(= 3 |setClientId_#in~handle|)} {23318#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1049#return; {23325#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:10,903 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:10,905 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,921 INFO L290 TraceCheckUtils]: 0: Hoare triple {23378#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23381#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:10,922 INFO L290 TraceCheckUtils]: 1: Hoare triple {23381#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {23381#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:10,922 INFO L290 TraceCheckUtils]: 2: Hoare triple {23381#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23382#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:10,923 INFO L290 TraceCheckUtils]: 3: Hoare triple {23382#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {23382#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:10,924 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23382#(= 2 |setClientPrivateKey_#in~handle|)} {23325#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1051#return; {23299#false} is VALID [2022-02-20 17:59:10,932 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:59:10,933 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,935 INFO L290 TraceCheckUtils]: 0: Hoare triple {23383#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,935 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,935 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,935 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23299#false} #1027#return; {23299#false} is VALID [2022-02-20 17:59:10,944 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:59:10,946 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,948 INFO L290 TraceCheckUtils]: 0: Hoare triple {23384#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,948 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,948 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23299#false} #1029#return; {23299#false} is VALID [2022-02-20 17:59:10,948 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:59:10,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~35; {23298#true} is VALID [2022-02-20 17:59:10,952 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {23298#true} is VALID [2022-02-20 17:59:10,953 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,953 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23299#false} #971#return; {23299#false} is VALID [2022-02-20 17:59:10,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:59:10,954 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,956 INFO L290 TraceCheckUtils]: 0: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~7; {23298#true} is VALID [2022-02-20 17:59:10,956 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {23298#true} is VALID [2022-02-20 17:59:10,956 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,956 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23299#false} #973#return; {23299#false} is VALID [2022-02-20 17:59:10,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:59:10,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,959 INFO L290 TraceCheckUtils]: 0: Hoare triple {23298#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {23298#true} is VALID [2022-02-20 17:59:10,960 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle; {23298#true} is VALID [2022-02-20 17:59:10,960 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {23298#true} is VALID [2022-02-20 17:59:10,960 INFO L290 TraceCheckUtils]: 3: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,960 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23298#true} {23299#false} #975#return; {23299#false} is VALID [2022-02-20 17:59:10,960 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:59:10,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,963 INFO L290 TraceCheckUtils]: 0: Hoare triple {23383#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,963 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,964 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23299#false} #981#return; {23299#false} is VALID [2022-02-20 17:59:10,964 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:59:10,965 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,966 INFO L290 TraceCheckUtils]: 0: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~12; {23298#true} is VALID [2022-02-20 17:59:10,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {23298#true} is VALID [2022-02-20 17:59:10,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,967 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23299#false} #983#return; {23299#false} is VALID [2022-02-20 17:59:10,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:59:10,968 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,969 INFO L290 TraceCheckUtils]: 0: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~7; {23298#true} is VALID [2022-02-20 17:59:10,969 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {23298#true} is VALID [2022-02-20 17:59:10,970 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,970 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23299#false} #985#return; {23299#false} is VALID [2022-02-20 17:59:10,970 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 17:59:10,971 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,973 INFO L290 TraceCheckUtils]: 0: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~35; {23298#true} is VALID [2022-02-20 17:59:10,973 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {23298#true} is VALID [2022-02-20 17:59:10,973 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,973 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23299#false} #987#return; {23299#false} is VALID [2022-02-20 17:59:10,973 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 17:59:10,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,976 INFO L290 TraceCheckUtils]: 0: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~6; {23298#true} is VALID [2022-02-20 17:59:10,976 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {23298#true} is VALID [2022-02-20 17:59:10,976 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,976 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {23298#true} {23299#false} #999#return; {23299#false} is VALID [2022-02-20 17:59:10,976 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 17:59:10,977 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:10,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {23298#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {23298#true} is VALID [2022-02-20 17:59:10,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume 1 == ~handle; {23298#true} is VALID [2022-02-20 17:59:10,979 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {23298#true} is VALID [2022-02-20 17:59:10,979 INFO L290 TraceCheckUtils]: 3: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,979 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {23298#true} {23299#false} #1001#return; {23299#false} is VALID [2022-02-20 17:59:10,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {23298#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(10, 4);call #Ultimate.allocInit(12, 5);call #Ultimate.allocInit(10, 6);call #Ultimate.allocInit(18, 7);call #Ultimate.allocInit(16, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(13, 10);call #Ultimate.allocInit(16, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(21, 15);call #Ultimate.allocInit(30, 16);call #Ultimate.allocInit(9, 17);call #Ultimate.allocInit(21, 18);call #Ultimate.allocInit(30, 19);call #Ultimate.allocInit(9, 20);call #Ultimate.allocInit(25, 21);call #Ultimate.allocInit(30, 22);call #Ultimate.allocInit(9, 23);call #Ultimate.allocInit(25, 24);call #Ultimate.allocInit(44, 25);call #Ultimate.allocInit(44, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(9, 28);call #Ultimate.allocInit(11, 29);call #Ultimate.allocInit(19, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(100, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(4, 32);call write~init~int(37, 32, 0, 1);call write~init~int(100, 32, 1, 1);call write~init~int(10, 32, 2, 1);call write~init~int(0, 32, 3, 1);call #Ultimate.allocInit(10, 33);call #Ultimate.allocInit(16, 34);call #Ultimate.allocInit(20, 35);call #Ultimate.allocInit(22, 36);call #Ultimate.allocInit(13, 37);call #Ultimate.allocInit(16, 38);call #Ultimate.allocInit(15, 39);call #Ultimate.allocInit(16, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0; {23298#true} is VALID [2022-02-20 17:59:10,980 INFO L290 TraceCheckUtils]: 1: Hoare triple {23298#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret55#1, main_~retValue_acc~18#1, main_~tmp~9#1;havoc main_~retValue_acc~18#1;havoc main_~tmp~9#1;assume { :begin_inline_select_helpers } true; {23298#true} is VALID [2022-02-20 17:59:10,980 INFO L290 TraceCheckUtils]: 2: Hoare triple {23298#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {23298#true} is VALID [2022-02-20 17:59:10,980 INFO L290 TraceCheckUtils]: 3: Hoare triple {23298#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~20#1;havoc valid_product_~retValue_acc~20#1;valid_product_~retValue_acc~20#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~20#1; {23298#true} is VALID [2022-02-20 17:59:10,980 INFO L290 TraceCheckUtils]: 4: Hoare triple {23298#true} main_#t~ret55#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret55#1 && main_#t~ret55#1 <= 2147483647;main_~tmp~9#1 := main_#t~ret55#1;havoc main_#t~ret55#1; {23298#true} is VALID [2022-02-20 17:59:10,980 INFO L290 TraceCheckUtils]: 5: Hoare triple {23298#true} assume 0 != main_~tmp~9#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet52#1, setup_#t~nondet53#1, setup_#t~nondet54#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {23298#true} is VALID [2022-02-20 17:59:10,981 INFO L272 TraceCheckUtils]: 6: Hoare triple {23298#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {23377#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:10,981 INFO L290 TraceCheckUtils]: 7: Hoare triple {23377#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,981 INFO L290 TraceCheckUtils]: 8: Hoare triple {23298#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,981 INFO L290 TraceCheckUtils]: 9: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,982 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {23298#true} {23298#true} #1041#return; {23298#true} is VALID [2022-02-20 17:59:10,982 INFO L290 TraceCheckUtils]: 11: Hoare triple {23298#true} assume { :end_inline_setup_bob__wrappee__Base } true; {23298#true} is VALID [2022-02-20 17:59:10,982 INFO L272 TraceCheckUtils]: 12: Hoare triple {23298#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {23378#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:10,983 INFO L290 TraceCheckUtils]: 13: Hoare triple {23378#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,983 INFO L290 TraceCheckUtils]: 14: Hoare triple {23298#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,983 INFO L290 TraceCheckUtils]: 15: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,983 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {23298#true} {23298#true} #1043#return; {23298#true} is VALID [2022-02-20 17:59:10,983 INFO L290 TraceCheckUtils]: 17: Hoare triple {23298#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 27, 0;havoc setup_#t~nondet52#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {23298#true} is VALID [2022-02-20 17:59:10,984 INFO L272 TraceCheckUtils]: 18: Hoare triple {23298#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {23377#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:10,984 INFO L290 TraceCheckUtils]: 19: Hoare triple {23377#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,984 INFO L290 TraceCheckUtils]: 20: Hoare triple {23298#true} assume !(1 == ~handle); {23298#true} is VALID [2022-02-20 17:59:10,984 INFO L290 TraceCheckUtils]: 21: Hoare triple {23298#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,984 INFO L290 TraceCheckUtils]: 22: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,984 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {23298#true} {23298#true} #1045#return; {23298#true} is VALID [2022-02-20 17:59:10,985 INFO L290 TraceCheckUtils]: 24: Hoare triple {23298#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {23298#true} is VALID [2022-02-20 17:59:10,985 INFO L272 TraceCheckUtils]: 25: Hoare triple {23298#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {23378#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:10,985 INFO L290 TraceCheckUtils]: 26: Hoare triple {23378#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,986 INFO L290 TraceCheckUtils]: 27: Hoare triple {23298#true} assume !(1 == ~handle); {23298#true} is VALID [2022-02-20 17:59:10,986 INFO L290 TraceCheckUtils]: 28: Hoare triple {23298#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,986 INFO L290 TraceCheckUtils]: 29: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,986 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {23298#true} {23298#true} #1047#return; {23298#true} is VALID [2022-02-20 17:59:10,987 INFO L290 TraceCheckUtils]: 31: Hoare triple {23298#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 28, 0;havoc setup_#t~nondet53#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {23318#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:10,987 INFO L272 TraceCheckUtils]: 32: Hoare triple {23318#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {23377#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:10,988 INFO L290 TraceCheckUtils]: 33: Hoare triple {23377#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {23379#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,988 INFO L290 TraceCheckUtils]: 34: Hoare triple {23379#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {23379#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,988 INFO L290 TraceCheckUtils]: 35: Hoare triple {23379#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {23379#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,989 INFO L290 TraceCheckUtils]: 36: Hoare triple {23379#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {23380#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,989 INFO L290 TraceCheckUtils]: 37: Hoare triple {23380#(= 3 |setClientId_#in~handle|)} assume true; {23380#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:10,990 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {23380#(= 3 |setClientId_#in~handle|)} {23318#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1049#return; {23325#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:10,990 INFO L290 TraceCheckUtils]: 39: Hoare triple {23325#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {23325#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:10,991 INFO L272 TraceCheckUtils]: 40: Hoare triple {23325#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {23378#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:10,991 INFO L290 TraceCheckUtils]: 41: Hoare triple {23378#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {23381#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:10,991 INFO L290 TraceCheckUtils]: 42: Hoare triple {23381#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {23381#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:10,992 INFO L290 TraceCheckUtils]: 43: Hoare triple {23381#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {23382#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:10,992 INFO L290 TraceCheckUtils]: 44: Hoare triple {23382#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {23382#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:10,993 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {23382#(= 2 |setClientPrivateKey_#in~handle|)} {23325#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1051#return; {23299#false} is VALID [2022-02-20 17:59:10,993 INFO L290 TraceCheckUtils]: 46: Hoare triple {23299#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~3#1.base, setup_~__cil_tmp3~3#1.offset := 29, 0;havoc setup_#t~nondet54#1; {23299#false} is VALID [2022-02-20 17:59:10,993 INFO L290 TraceCheckUtils]: 47: Hoare triple {23299#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet67#1, test_#t~nondet68#1, test_#t~nondet69#1, test_#t~nondet70#1, test_#t~nondet71#1, test_#t~nondet72#1, test_#t~nondet73#1, test_#t~nondet74#1, test_#t~nondet75#1, test_#t~nondet76#1, test_#t~nondet77#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~11#1, test_~tmp___0~5#1, test_~tmp___1~2#1, test_~tmp___2~1#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~11#1;havoc test_~tmp___0~5#1;havoc test_~tmp___1~2#1;havoc test_~tmp___2~1#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {23299#false} is VALID [2022-02-20 17:59:10,993 INFO L290 TraceCheckUtils]: 48: Hoare triple {23299#false} assume !false; {23299#false} is VALID [2022-02-20 17:59:10,993 INFO L290 TraceCheckUtils]: 49: Hoare triple {23299#false} assume test_~splverifierCounter~0#1 < 4; {23299#false} is VALID [2022-02-20 17:59:10,993 INFO L290 TraceCheckUtils]: 50: Hoare triple {23299#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {23299#false} is VALID [2022-02-20 17:59:10,993 INFO L290 TraceCheckUtils]: 51: Hoare triple {23299#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet67#1 && test_#t~nondet67#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet67#1;havoc test_#t~nondet67#1; {23299#false} is VALID [2022-02-20 17:59:10,994 INFO L290 TraceCheckUtils]: 52: Hoare triple {23299#false} assume !(0 != test_~tmp___9~0#1); {23299#false} is VALID [2022-02-20 17:59:10,994 INFO L290 TraceCheckUtils]: 53: Hoare triple {23299#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet68#1 && test_#t~nondet68#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet68#1;havoc test_#t~nondet68#1; {23299#false} is VALID [2022-02-20 17:59:10,994 INFO L290 TraceCheckUtils]: 54: Hoare triple {23299#false} assume 0 != test_~tmp___8~0#1;assume { :begin_inline_rjhSetAutoRespond } true;assume { :begin_inline_setClientAutoResponse } true;setClientAutoResponse_#in~handle#1, setClientAutoResponse_#in~value#1 := ~rjh~0, 1;havoc setClientAutoResponse_~handle#1, setClientAutoResponse_~value#1;setClientAutoResponse_~handle#1 := setClientAutoResponse_#in~handle#1;setClientAutoResponse_~value#1 := setClientAutoResponse_#in~value#1; {23299#false} is VALID [2022-02-20 17:59:10,994 INFO L290 TraceCheckUtils]: 55: Hoare triple {23299#false} assume 1 == setClientAutoResponse_~handle#1;~__ste_client_autoResponse0~0 := setClientAutoResponse_~value#1; {23299#false} is VALID [2022-02-20 17:59:10,994 INFO L290 TraceCheckUtils]: 56: Hoare triple {23299#false} assume { :end_inline_setClientAutoResponse } true; {23299#false} is VALID [2022-02-20 17:59:10,994 INFO L290 TraceCheckUtils]: 57: Hoare triple {23299#false} assume { :end_inline_rjhSetAutoRespond } true;test_~op2~0#1 := 1; {23299#false} is VALID [2022-02-20 17:59:10,995 INFO L290 TraceCheckUtils]: 58: Hoare triple {23299#false} assume !false; {23299#false} is VALID [2022-02-20 17:59:10,995 INFO L290 TraceCheckUtils]: 59: Hoare triple {23299#false} assume !(test_~splverifierCounter~0#1 < 4); {23299#false} is VALID [2022-02-20 17:59:10,995 INFO L290 TraceCheckUtils]: 60: Hoare triple {23299#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret47#1, bobToRjh_#t~ret48#1, bobToRjh_#t~ret49#1, bobToRjh_#t~ret50#1, bobToRjh_~tmp~8#1, bobToRjh_~tmp___0~3#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~8#1;havoc bobToRjh_~tmp___0~3#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret47#1 := puts(25, 0);assume -2147483648 <= bobToRjh_#t~ret47#1 && bobToRjh_#t~ret47#1 <= 2147483647;havoc bobToRjh_#t~ret47#1; {23299#false} is VALID [2022-02-20 17:59:10,995 INFO L272 TraceCheckUtils]: 61: Hoare triple {23299#false} call sendEmail(~bob~0, ~rjh~0); {23299#false} is VALID [2022-02-20 17:59:10,995 INFO L290 TraceCheckUtils]: 62: Hoare triple {23299#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~18#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~3#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~3#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {23299#false} is VALID [2022-02-20 17:59:10,995 INFO L272 TraceCheckUtils]: 63: Hoare triple {23299#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {23383#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:10,995 INFO L290 TraceCheckUtils]: 64: Hoare triple {23383#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,996 INFO L290 TraceCheckUtils]: 65: Hoare triple {23298#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,996 INFO L290 TraceCheckUtils]: 66: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,996 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {23298#true} {23299#false} #1027#return; {23299#false} is VALID [2022-02-20 17:59:10,996 INFO L272 TraceCheckUtils]: 68: Hoare triple {23299#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {23384#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:10,996 INFO L290 TraceCheckUtils]: 69: Hoare triple {23384#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:10,996 INFO L290 TraceCheckUtils]: 70: Hoare triple {23298#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:10,996 INFO L290 TraceCheckUtils]: 71: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,997 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {23298#true} {23299#false} #1029#return; {23299#false} is VALID [2022-02-20 17:59:10,997 INFO L290 TraceCheckUtils]: 73: Hoare triple {23299#false} createEmail_~retValue_acc~3#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~3#1; {23299#false} is VALID [2022-02-20 17:59:10,997 INFO L290 TraceCheckUtils]: 74: Hoare triple {23299#false} #t~ret91#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret91#1 && #t~ret91#1 <= 2147483647;~tmp~18#1 := #t~ret91#1;havoc #t~ret91#1;~email~0#1 := ~tmp~18#1; {23299#false} is VALID [2022-02-20 17:59:10,997 INFO L272 TraceCheckUtils]: 75: Hoare triple {23299#false} call outgoing(~sender#1, ~email~0#1); {23299#false} is VALID [2022-02-20 17:59:10,997 INFO L290 TraceCheckUtils]: 76: Hoare triple {23299#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret95#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~20#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~20#1; {23299#false} is VALID [2022-02-20 17:59:10,997 INFO L272 TraceCheckUtils]: 77: Hoare triple {23299#false} call sign_#t~ret95#1 := getClientPrivateKey(sign_~client#1); {23298#true} is VALID [2022-02-20 17:59:10,998 INFO L290 TraceCheckUtils]: 78: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~35; {23298#true} is VALID [2022-02-20 17:59:10,998 INFO L290 TraceCheckUtils]: 79: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {23298#true} is VALID [2022-02-20 17:59:10,998 INFO L290 TraceCheckUtils]: 80: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,998 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {23298#true} {23299#false} #971#return; {23299#false} is VALID [2022-02-20 17:59:10,998 INFO L290 TraceCheckUtils]: 82: Hoare triple {23299#false} assume -2147483648 <= sign_#t~ret95#1 && sign_#t~ret95#1 <= 2147483647;sign_~tmp~20#1 := sign_#t~ret95#1;havoc sign_#t~ret95#1;sign_~privkey~1#1 := sign_~tmp~20#1; {23299#false} is VALID [2022-02-20 17:59:10,998 INFO L290 TraceCheckUtils]: 83: Hoare triple {23299#false} assume 0 == sign_~privkey~1#1; {23299#false} is VALID [2022-02-20 17:59:10,998 INFO L290 TraceCheckUtils]: 84: Hoare triple {23299#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AutoResponder } true;outgoing__wrappee__AutoResponder_#in~client#1, outgoing__wrappee__AutoResponder_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1, outgoing__wrappee__AutoResponder_#t~ret83#1, outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1, outgoing__wrappee__AutoResponder_~receiver~0#1, outgoing__wrappee__AutoResponder_~tmp~14#1, outgoing__wrappee__AutoResponder_~pubkey~0#1, outgoing__wrappee__AutoResponder_~tmp___0~6#1;outgoing__wrappee__AutoResponder_~client#1 := outgoing__wrappee__AutoResponder_#in~client#1;outgoing__wrappee__AutoResponder_~msg#1 := outgoing__wrappee__AutoResponder_#in~msg#1;havoc outgoing__wrappee__AutoResponder_~receiver~0#1;havoc outgoing__wrappee__AutoResponder_~tmp~14#1;havoc outgoing__wrappee__AutoResponder_~pubkey~0#1;havoc outgoing__wrappee__AutoResponder_~tmp___0~6#1; {23299#false} is VALID [2022-02-20 17:59:10,999 INFO L272 TraceCheckUtils]: 85: Hoare triple {23299#false} call outgoing__wrappee__AutoResponder_#t~ret82#1 := getEmailTo(outgoing__wrappee__AutoResponder_~msg#1); {23298#true} is VALID [2022-02-20 17:59:10,999 INFO L290 TraceCheckUtils]: 86: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~7; {23298#true} is VALID [2022-02-20 17:59:10,999 INFO L290 TraceCheckUtils]: 87: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {23298#true} is VALID [2022-02-20 17:59:10,999 INFO L290 TraceCheckUtils]: 88: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:10,999 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {23298#true} {23299#false} #973#return; {23299#false} is VALID [2022-02-20 17:59:10,999 INFO L290 TraceCheckUtils]: 90: Hoare triple {23299#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret82#1 && outgoing__wrappee__AutoResponder_#t~ret82#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp~14#1 := outgoing__wrappee__AutoResponder_#t~ret82#1;havoc outgoing__wrappee__AutoResponder_#t~ret82#1;outgoing__wrappee__AutoResponder_~receiver~0#1 := outgoing__wrappee__AutoResponder_~tmp~14#1; {23299#false} is VALID [2022-02-20 17:59:10,999 INFO L272 TraceCheckUtils]: 91: Hoare triple {23299#false} call outgoing__wrappee__AutoResponder_#t~ret83#1 := findPublicKey(outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~receiver~0#1); {23298#true} is VALID [2022-02-20 17:59:11,000 INFO L290 TraceCheckUtils]: 92: Hoare triple {23298#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {23298#true} is VALID [2022-02-20 17:59:11,000 INFO L290 TraceCheckUtils]: 93: Hoare triple {23298#true} assume 1 == ~handle; {23298#true} is VALID [2022-02-20 17:59:11,000 INFO L290 TraceCheckUtils]: 94: Hoare triple {23298#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {23298#true} is VALID [2022-02-20 17:59:11,000 INFO L290 TraceCheckUtils]: 95: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:11,001 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {23298#true} {23299#false} #975#return; {23299#false} is VALID [2022-02-20 17:59:11,001 INFO L290 TraceCheckUtils]: 97: Hoare triple {23299#false} assume -2147483648 <= outgoing__wrappee__AutoResponder_#t~ret83#1 && outgoing__wrappee__AutoResponder_#t~ret83#1 <= 2147483647;outgoing__wrappee__AutoResponder_~tmp___0~6#1 := outgoing__wrappee__AutoResponder_#t~ret83#1;havoc outgoing__wrappee__AutoResponder_#t~ret83#1;outgoing__wrappee__AutoResponder_~pubkey~0#1 := outgoing__wrappee__AutoResponder_~tmp___0~6#1; {23299#false} is VALID [2022-02-20 17:59:11,001 INFO L290 TraceCheckUtils]: 98: Hoare triple {23299#false} assume !(0 != outgoing__wrappee__AutoResponder_~pubkey~0#1); {23299#false} is VALID [2022-02-20 17:59:11,001 INFO L290 TraceCheckUtils]: 99: Hoare triple {23299#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__AutoResponder_~client#1, outgoing__wrappee__AutoResponder_~msg#1;havoc outgoing__wrappee__Keys_#t~ret81#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~13#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~42#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~42#1; {23299#false} is VALID [2022-02-20 17:59:11,001 INFO L290 TraceCheckUtils]: 100: Hoare triple {23299#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~42#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~42#1; {23299#false} is VALID [2022-02-20 17:59:11,001 INFO L290 TraceCheckUtils]: 101: Hoare triple {23299#false} outgoing__wrappee__Keys_#t~ret81#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret81#1 && outgoing__wrappee__Keys_#t~ret81#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~13#1 := outgoing__wrappee__Keys_#t~ret81#1;havoc outgoing__wrappee__Keys_#t~ret81#1; {23299#false} is VALID [2022-02-20 17:59:11,001 INFO L272 TraceCheckUtils]: 102: Hoare triple {23299#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~13#1); {23383#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:11,002 INFO L290 TraceCheckUtils]: 103: Hoare triple {23383#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {23298#true} is VALID [2022-02-20 17:59:11,002 INFO L290 TraceCheckUtils]: 104: Hoare triple {23298#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {23298#true} is VALID [2022-02-20 17:59:11,002 INFO L290 TraceCheckUtils]: 105: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:11,002 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {23298#true} {23299#false} #981#return; {23299#false} is VALID [2022-02-20 17:59:11,002 INFO L290 TraceCheckUtils]: 107: Hoare triple {23299#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret79#1, mail_#t~ret80#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~12#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~12#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1, __utac_acc__SignVerify_spec__1_#t~ret103#1, __utac_acc__SignVerify_spec__1_#t~nondet104#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret102#1 := puts(37, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret102#1 && __utac_acc__SignVerify_spec__1_#t~ret102#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret102#1; {23299#false} is VALID [2022-02-20 17:59:11,002 INFO L272 TraceCheckUtils]: 108: Hoare triple {23299#false} call __utac_acc__SignVerify_spec__1_#t~ret103#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {23298#true} is VALID [2022-02-20 17:59:11,003 INFO L290 TraceCheckUtils]: 109: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~12; {23298#true} is VALID [2022-02-20 17:59:11,003 INFO L290 TraceCheckUtils]: 110: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~12 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~12; {23298#true} is VALID [2022-02-20 17:59:11,003 INFO L290 TraceCheckUtils]: 111: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:11,003 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {23298#true} {23299#false} #983#return; {23299#false} is VALID [2022-02-20 17:59:11,003 INFO L290 TraceCheckUtils]: 113: Hoare triple {23299#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret103#1 && __utac_acc__SignVerify_spec__1_#t~ret103#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret103#1;havoc __utac_acc__SignVerify_spec__1_#t~ret103#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 38, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet104#1; {23299#false} is VALID [2022-02-20 17:59:11,003 INFO L290 TraceCheckUtils]: 114: Hoare triple {23299#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret79#1 := puts(33, 0);assume -2147483648 <= mail_#t~ret79#1 && mail_#t~ret79#1 <= 2147483647;havoc mail_#t~ret79#1; {23299#false} is VALID [2022-02-20 17:59:11,003 INFO L272 TraceCheckUtils]: 115: Hoare triple {23299#false} call mail_#t~ret80#1 := getEmailTo(mail_~msg#1); {23298#true} is VALID [2022-02-20 17:59:11,004 INFO L290 TraceCheckUtils]: 116: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~7; {23298#true} is VALID [2022-02-20 17:59:11,004 INFO L290 TraceCheckUtils]: 117: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~7 := ~__ste_email_to0~0;#res := ~retValue_acc~7; {23298#true} is VALID [2022-02-20 17:59:11,004 INFO L290 TraceCheckUtils]: 118: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:11,004 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {23298#true} {23299#false} #985#return; {23299#false} is VALID [2022-02-20 17:59:11,004 INFO L290 TraceCheckUtils]: 120: Hoare triple {23299#false} assume -2147483648 <= mail_#t~ret80#1 && mail_#t~ret80#1 <= 2147483647;mail_~tmp~12#1 := mail_#t~ret80#1;havoc mail_#t~ret80#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~12#1, mail_~msg#1;havoc incoming_#t~ret86#1, incoming_#t~ret87#1, incoming_#t~ret88#1, incoming_#t~ret89#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~16#1, incoming_~tmp___0~7#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~16#1;havoc incoming_~tmp___0~7#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {23299#false} is VALID [2022-02-20 17:59:11,004 INFO L272 TraceCheckUtils]: 121: Hoare triple {23299#false} call incoming_#t~ret86#1 := getClientPrivateKey(incoming_~client#1); {23298#true} is VALID [2022-02-20 17:59:11,005 INFO L290 TraceCheckUtils]: 122: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~35; {23298#true} is VALID [2022-02-20 17:59:11,005 INFO L290 TraceCheckUtils]: 123: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~35 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~35; {23298#true} is VALID [2022-02-20 17:59:11,005 INFO L290 TraceCheckUtils]: 124: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:11,005 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {23298#true} {23299#false} #987#return; {23299#false} is VALID [2022-02-20 17:59:11,005 INFO L290 TraceCheckUtils]: 126: Hoare triple {23299#false} assume -2147483648 <= incoming_#t~ret86#1 && incoming_#t~ret86#1 <= 2147483647;incoming_~tmp~16#1 := incoming_#t~ret86#1;havoc incoming_#t~ret86#1;incoming_~privkey~0#1 := incoming_~tmp~16#1; {23299#false} is VALID [2022-02-20 17:59:11,005 INFO L290 TraceCheckUtils]: 127: Hoare triple {23299#false} assume !(0 != incoming_~privkey~0#1); {23299#false} is VALID [2022-02-20 17:59:11,005 INFO L290 TraceCheckUtils]: 128: Hoare triple {23299#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret96#1, verify_#t~ret97#1, verify_#t~ret98#1, verify_#t~ret99#1, verify_#t~ret100#1, verify_#t~ret101#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~21#1, verify_~tmp___0~8#1, verify_~pubkey~1#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~21#1;havoc verify_~tmp___0~8#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1, __utac_acc__SignVerify_spec__2_#t~nondet106#1, __utac_acc__SignVerify_spec__2_#t~ret107#1, __utac_acc__SignVerify_spec__2_#t~ret108#1, __utac_acc__SignVerify_spec__2_#t~ret109#1, __utac_acc__SignVerify_spec__2_#t~ret110#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~22#1, __utac_acc__SignVerify_spec__2_~tmp___0~9#1, __utac_acc__SignVerify_spec__2_~tmp___1~5#1, __utac_acc__SignVerify_spec__2_~tmp___2~4#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~22#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~9#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~5#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~4#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret105#1 := puts(39, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret105#1 && __utac_acc__SignVerify_spec__2_#t~ret105#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret105#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~6#1.offset := 40, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet106#1; {23299#false} is VALID [2022-02-20 17:59:11,006 INFO L290 TraceCheckUtils]: 129: Hoare triple {23299#false} assume 1 == ~sent_signed~0; {23299#false} is VALID [2022-02-20 17:59:11,006 INFO L272 TraceCheckUtils]: 130: Hoare triple {23299#false} call __utac_acc__SignVerify_spec__2_#t~ret107#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {23298#true} is VALID [2022-02-20 17:59:11,006 INFO L290 TraceCheckUtils]: 131: Hoare triple {23298#true} ~handle := #in~handle;havoc ~retValue_acc~6; {23298#true} is VALID [2022-02-20 17:59:11,006 INFO L290 TraceCheckUtils]: 132: Hoare triple {23298#true} assume 1 == ~handle;~retValue_acc~6 := ~__ste_email_from0~0;#res := ~retValue_acc~6; {23298#true} is VALID [2022-02-20 17:59:11,006 INFO L290 TraceCheckUtils]: 133: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:11,006 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {23298#true} {23299#false} #999#return; {23299#false} is VALID [2022-02-20 17:59:11,007 INFO L290 TraceCheckUtils]: 135: Hoare triple {23299#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret107#1 && __utac_acc__SignVerify_spec__2_#t~ret107#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~22#1 := __utac_acc__SignVerify_spec__2_#t~ret107#1;havoc __utac_acc__SignVerify_spec__2_#t~ret107#1; {23299#false} is VALID [2022-02-20 17:59:11,007 INFO L272 TraceCheckUtils]: 136: Hoare triple {23299#false} call __utac_acc__SignVerify_spec__2_#t~ret108#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~22#1); {23298#true} is VALID [2022-02-20 17:59:11,007 INFO L290 TraceCheckUtils]: 137: Hoare triple {23298#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~40; {23298#true} is VALID [2022-02-20 17:59:11,007 INFO L290 TraceCheckUtils]: 138: Hoare triple {23298#true} assume 1 == ~handle; {23298#true} is VALID [2022-02-20 17:59:11,007 INFO L290 TraceCheckUtils]: 139: Hoare triple {23298#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~40 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~40; {23298#true} is VALID [2022-02-20 17:59:11,007 INFO L290 TraceCheckUtils]: 140: Hoare triple {23298#true} assume true; {23298#true} is VALID [2022-02-20 17:59:11,007 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {23298#true} {23299#false} #1001#return; {23299#false} is VALID [2022-02-20 17:59:11,008 INFO L290 TraceCheckUtils]: 142: Hoare triple {23299#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret108#1 && __utac_acc__SignVerify_spec__2_#t~ret108#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~9#1 := __utac_acc__SignVerify_spec__2_#t~ret108#1;havoc __utac_acc__SignVerify_spec__2_#t~ret108#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~9#1; {23299#false} is VALID [2022-02-20 17:59:11,008 INFO L290 TraceCheckUtils]: 143: Hoare triple {23299#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {23299#false} is VALID [2022-02-20 17:59:11,008 INFO L272 TraceCheckUtils]: 144: Hoare triple {23299#false} call __automaton_fail(); {23299#false} is VALID [2022-02-20 17:59:11,008 INFO L290 TraceCheckUtils]: 145: Hoare triple {23299#false} assume !false; {23299#false} is VALID [2022-02-20 17:59:11,008 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2022-02-20 17:59:11,009 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:11,009 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2130322506] [2022-02-20 17:59:11,009 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2130322506] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:11,009 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:11,009 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:59:11,009 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [301765367] [2022-02-20 17:59:11,010 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:11,010 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.272727272727273) internal successors, (91), 8 states have internal predecessors, (91), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 146 [2022-02-20 17:59:11,010 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:11,011 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.272727272727273) internal successors, (91), 8 states have internal predecessors, (91), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:11,103 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 128 edges. 128 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:11,103 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:59:11,103 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:11,104 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:59:11,104 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:11,104 INFO L87 Difference]: Start difference. First operand 407 states and 612 transitions. Second operand has 12 states, 11 states have (on average 8.272727272727273) internal successors, (91), 8 states have internal predecessors, (91), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17)