./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec3_product31.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec3_product31.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash beb678f648eb46083c76f273f6eef79e0abada1343858eba26829a720997a379 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:58:39,621 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:58:39,623 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:58:39,657 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:58:39,658 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:58:39,661 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:58:39,663 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:58:39,669 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:58:39,670 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:58:39,671 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:58:39,672 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:58:39,673 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:58:39,673 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:58:39,674 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:58:39,675 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:58:39,676 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:58:39,677 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:58:39,678 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:58:39,679 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:58:39,681 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:58:39,682 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:58:39,684 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:58:39,685 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:58:39,686 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:58:39,688 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:58:39,692 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:58:39,692 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:58:39,693 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:58:39,694 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:58:39,695 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:58:39,695 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:58:39,696 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:58:39,697 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:58:39,698 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:58:39,699 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:58:39,700 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:58:39,701 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:58:39,701 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:58:39,701 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:58:39,702 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:58:39,703 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:58:39,704 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:58:39,732 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:58:39,732 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:58:39,733 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:58:39,733 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:58:39,733 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:58:39,734 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:58:39,734 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:58:39,734 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:58:39,741 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:58:39,742 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:58:39,742 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:58:39,742 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:58:39,742 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:58:39,742 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:58:39,743 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:58:39,743 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:58:39,743 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:58:39,743 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:58:39,743 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:58:39,743 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:58:39,744 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:58:39,744 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:58:39,744 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:58:39,744 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:58:39,744 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:39,745 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:58:39,745 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:58:39,745 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:58:39,745 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:58:39,745 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:58:39,746 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:58:39,746 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:58:39,746 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:58:39,746 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> beb678f648eb46083c76f273f6eef79e0abada1343858eba26829a720997a379 [2022-02-20 17:58:39,926 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:58:39,945 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:58:39,948 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:58:39,949 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:58:39,949 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:58:39,950 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec3_product31.cil.c [2022-02-20 17:58:40,002 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/267034922/1da6291e416143329232aa85895a6b1f/FLAG4d5bdfb97 [2022-02-20 17:58:40,527 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:58:40,528 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product31.cil.c [2022-02-20 17:58:40,556 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/267034922/1da6291e416143329232aa85895a6b1f/FLAG4d5bdfb97 [2022-02-20 17:58:41,024 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/267034922/1da6291e416143329232aa85895a6b1f [2022-02-20 17:58:41,027 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:58:41,028 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:58:41,028 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:41,029 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:58:41,033 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:58:41,034 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,035 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4055b207 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41, skipping insertion in model container [2022-02-20 17:58:41,036 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,041 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:58:41,112 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:58:41,449 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product31.cil.c[42138,42151] [2022-02-20 17:58:41,531 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:41,540 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:58:41,652 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product31.cil.c[42138,42151] [2022-02-20 17:58:41,678 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:41,706 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:58:41,706 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41 WrapperNode [2022-02-20 17:58:41,706 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:41,707 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:41,708 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:58:41,708 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:58:41,714 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,758 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,819 INFO L137 Inliner]: procedures = 132, calls = 227, calls flagged for inlining = 61, calls inlined = 56, statements flattened = 1050 [2022-02-20 17:58:41,820 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:41,820 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:58:41,821 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:58:41,821 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:58:41,828 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,828 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,833 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,833 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,869 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,878 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,882 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,890 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:58:41,891 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:58:41,891 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:58:41,891 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:58:41,892 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (1/1) ... [2022-02-20 17:58:41,898 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:41,909 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:41,932 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:58:41,945 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:58:41,975 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:58:41,976 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:58:41,976 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:58:41,976 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:58:41,976 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:58:41,976 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:58:41,976 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:58:41,976 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:58:41,976 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:58:41,976 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:58:41,977 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:58:41,977 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:58:41,977 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:58:41,977 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:58:41,977 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:58:41,977 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:58:41,978 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:58:41,978 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:58:41,978 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:58:41,978 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:58:41,978 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:58:41,978 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:58:41,978 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:58:41,979 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:58:41,979 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:58:41,979 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:58:41,979 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:58:41,979 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:58:41,979 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:58:41,980 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:58:41,980 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:58:41,980 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:58:41,980 INFO L130 BoogieDeclarations]: Found specification of procedure __automaton_fail [2022-02-20 17:58:41,980 INFO L138 BoogieDeclarations]: Found implementation of procedure __automaton_fail [2022-02-20 17:58:41,980 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:58:41,981 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:58:41,981 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:58:41,981 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:58:41,981 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:58:41,981 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:58:41,981 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:58:41,982 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:58:41,982 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:58:41,982 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:58:41,982 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:58:41,982 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:58:41,982 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:58:41,983 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:58:41,983 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:58:41,983 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:58:41,983 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:58:41,983 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:58:41,983 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:58:42,180 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:58:42,182 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:58:43,034 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:58:43,073 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:58:43,073 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:58:43,076 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:43 BoogieIcfgContainer [2022-02-20 17:58:43,077 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:58:43,078 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:58:43,078 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:58:43,081 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:58:43,081 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:58:41" (1/3) ... [2022-02-20 17:58:43,082 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@726893ac and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:43, skipping insertion in model container [2022-02-20 17:58:43,082 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:41" (2/3) ... [2022-02-20 17:58:43,082 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@726893ac and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:43, skipping insertion in model container [2022-02-20 17:58:43,082 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:43" (3/3) ... [2022-02-20 17:58:43,084 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec3_product31.cil.c [2022-02-20 17:58:43,088 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:58:43,088 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:58:43,146 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:58:43,155 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:58:43,155 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:58:43,200 INFO L276 IsEmpty]: Start isEmpty. Operand has 380 states, 290 states have (on average 1.4965517241379311) internal successors, (434), 296 states have internal predecessors, (434), 64 states have call successors, (64), 24 states have call predecessors, (64), 24 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) [2022-02-20 17:58:43,224 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 131 [2022-02-20 17:58:43,225 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:43,226 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:43,226 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:43,232 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:43,233 INFO L85 PathProgramCache]: Analyzing trace with hash -1387818797, now seen corresponding path program 1 times [2022-02-20 17:58:43,241 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:43,241 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1939856369] [2022-02-20 17:58:43,242 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:43,242 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:43,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,618 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:43,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,635 INFO L290 TraceCheckUtils]: 0: Hoare triple {456#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,635 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,636 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {383#true} #1097#return; {383#true} is VALID [2022-02-20 17:58:43,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:43,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,656 INFO L290 TraceCheckUtils]: 0: Hoare triple {457#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,657 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,657 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,657 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {383#true} #1099#return; {383#true} is VALID [2022-02-20 17:58:43,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:43,664 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,690 INFO L290 TraceCheckUtils]: 0: Hoare triple {456#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {458#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,691 INFO L290 TraceCheckUtils]: 1: Hoare triple {458#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {459#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:43,692 INFO L290 TraceCheckUtils]: 2: Hoare triple {459#(= |setClientId_#in~handle| 1)} assume true; {459#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:43,693 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {459#(= |setClientId_#in~handle| 1)} {393#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1101#return; {384#false} is VALID [2022-02-20 17:58:43,694 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:43,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,710 INFO L290 TraceCheckUtils]: 0: Hoare triple {457#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,711 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,711 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,711 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1103#return; {384#false} is VALID [2022-02-20 17:58:43,712 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:43,714 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,721 INFO L290 TraceCheckUtils]: 0: Hoare triple {456#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,721 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,722 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,722 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1105#return; {384#false} is VALID [2022-02-20 17:58:43,727 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:43,734 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,741 INFO L290 TraceCheckUtils]: 0: Hoare triple {457#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,743 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,743 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,744 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1107#return; {384#false} is VALID [2022-02-20 17:58:43,752 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:58:43,756 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,761 INFO L290 TraceCheckUtils]: 0: Hoare triple {460#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,761 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,766 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,766 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1083#return; {384#false} is VALID [2022-02-20 17:58:43,775 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:58:43,777 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,785 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,785 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,786 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1085#return; {384#false} is VALID [2022-02-20 17:58:43,786 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:43,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,792 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~9; {383#true} is VALID [2022-02-20 17:58:43,792 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {383#true} is VALID [2022-02-20 17:58:43,793 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,793 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1015#return; {384#false} is VALID [2022-02-20 17:58:43,793 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:58:43,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,802 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~31; {383#true} is VALID [2022-02-20 17:58:43,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {383#true} is VALID [2022-02-20 17:58:43,802 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,803 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1017#return; {384#false} is VALID [2022-02-20 17:58:43,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 17:58:43,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,813 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {383#true} is VALID [2022-02-20 17:58:43,813 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle; {383#true} is VALID [2022-02-20 17:58:43,813 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {383#true} is VALID [2022-02-20 17:58:43,814 INFO L290 TraceCheckUtils]: 3: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,814 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {383#true} {384#false} #1019#return; {384#false} is VALID [2022-02-20 17:58:43,814 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:58:43,816 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,829 INFO L290 TraceCheckUtils]: 0: Hoare triple {460#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,829 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,832 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,833 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1025#return; {384#false} is VALID [2022-02-20 17:58:43,833 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:58:43,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,851 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~36; {383#true} is VALID [2022-02-20 17:58:43,852 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {383#true} is VALID [2022-02-20 17:58:43,853 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,854 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1027#return; {384#false} is VALID [2022-02-20 17:58:43,854 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:58:43,856 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,861 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~31; {383#true} is VALID [2022-02-20 17:58:43,861 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {383#true} is VALID [2022-02-20 17:58:43,862 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,862 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1029#return; {384#false} is VALID [2022-02-20 17:58:43,862 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:58:43,866 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,871 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~9; {383#true} is VALID [2022-02-20 17:58:43,872 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {383#true} is VALID [2022-02-20 17:58:43,872 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,872 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1031#return; {384#false} is VALID [2022-02-20 17:58:43,873 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:58:43,874 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,878 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~30; {383#true} is VALID [2022-02-20 17:58:43,878 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {383#true} is VALID [2022-02-20 17:58:43,878 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,879 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {383#true} {384#false} #1043#return; {384#false} is VALID [2022-02-20 17:58:43,879 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 17:58:43,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:43,884 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {383#true} is VALID [2022-02-20 17:58:43,884 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume 1 == ~handle; {383#true} is VALID [2022-02-20 17:58:43,884 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {383#true} is VALID [2022-02-20 17:58:43,885 INFO L290 TraceCheckUtils]: 3: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,885 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {383#true} {384#false} #1045#return; {384#false} is VALID [2022-02-20 17:58:43,886 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {383#true} is VALID [2022-02-20 17:58:43,886 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {383#true} is VALID [2022-02-20 17:58:43,887 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {383#true} is VALID [2022-02-20 17:58:43,887 INFO L290 TraceCheckUtils]: 3: Hoare triple {383#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {383#true} is VALID [2022-02-20 17:58:43,887 INFO L290 TraceCheckUtils]: 4: Hoare triple {383#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {383#true} is VALID [2022-02-20 17:58:43,888 INFO L290 TraceCheckUtils]: 5: Hoare triple {383#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {383#true} is VALID [2022-02-20 17:58:43,889 INFO L272 TraceCheckUtils]: 6: Hoare triple {383#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {456#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,889 INFO L290 TraceCheckUtils]: 7: Hoare triple {456#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,889 INFO L290 TraceCheckUtils]: 8: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,890 INFO L290 TraceCheckUtils]: 9: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,890 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {383#true} {383#true} #1097#return; {383#true} is VALID [2022-02-20 17:58:43,890 INFO L290 TraceCheckUtils]: 11: Hoare triple {383#true} assume { :end_inline_setup_bob__wrappee__Base } true; {383#true} is VALID [2022-02-20 17:58:43,891 INFO L272 TraceCheckUtils]: 12: Hoare triple {383#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {457#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,892 INFO L290 TraceCheckUtils]: 13: Hoare triple {457#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,892 INFO L290 TraceCheckUtils]: 14: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,892 INFO L290 TraceCheckUtils]: 15: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,892 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {383#true} {383#true} #1099#return; {383#true} is VALID [2022-02-20 17:58:43,893 INFO L290 TraceCheckUtils]: 17: Hoare triple {383#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {393#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:43,894 INFO L272 TraceCheckUtils]: 18: Hoare triple {393#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {456#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,895 INFO L290 TraceCheckUtils]: 19: Hoare triple {456#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {458#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:43,895 INFO L290 TraceCheckUtils]: 20: Hoare triple {458#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {459#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:43,896 INFO L290 TraceCheckUtils]: 21: Hoare triple {459#(= |setClientId_#in~handle| 1)} assume true; {459#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:43,897 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {459#(= |setClientId_#in~handle| 1)} {393#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1101#return; {384#false} is VALID [2022-02-20 17:58:43,897 INFO L290 TraceCheckUtils]: 23: Hoare triple {384#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {384#false} is VALID [2022-02-20 17:58:43,897 INFO L272 TraceCheckUtils]: 24: Hoare triple {384#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {457#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,898 INFO L290 TraceCheckUtils]: 25: Hoare triple {457#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,898 INFO L290 TraceCheckUtils]: 26: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,898 INFO L290 TraceCheckUtils]: 27: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,898 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {383#true} {384#false} #1103#return; {384#false} is VALID [2022-02-20 17:58:43,899 INFO L290 TraceCheckUtils]: 29: Hoare triple {384#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {384#false} is VALID [2022-02-20 17:58:43,899 INFO L272 TraceCheckUtils]: 30: Hoare triple {384#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {456#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:43,899 INFO L290 TraceCheckUtils]: 31: Hoare triple {456#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,900 INFO L290 TraceCheckUtils]: 32: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,900 INFO L290 TraceCheckUtils]: 33: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,900 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {383#true} {384#false} #1105#return; {384#false} is VALID [2022-02-20 17:58:43,900 INFO L290 TraceCheckUtils]: 35: Hoare triple {384#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {384#false} is VALID [2022-02-20 17:58:43,901 INFO L272 TraceCheckUtils]: 36: Hoare triple {384#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {457#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:43,901 INFO L290 TraceCheckUtils]: 37: Hoare triple {457#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,901 INFO L290 TraceCheckUtils]: 38: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,901 INFO L290 TraceCheckUtils]: 39: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,902 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {383#true} {384#false} #1107#return; {384#false} is VALID [2022-02-20 17:58:43,902 INFO L290 TraceCheckUtils]: 41: Hoare triple {384#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {384#false} is VALID [2022-02-20 17:58:43,902 INFO L290 TraceCheckUtils]: 42: Hoare triple {384#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {384#false} is VALID [2022-02-20 17:58:43,903 INFO L290 TraceCheckUtils]: 43: Hoare triple {384#false} assume false; {384#false} is VALID [2022-02-20 17:58:43,903 INFO L290 TraceCheckUtils]: 44: Hoare triple {384#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {384#false} is VALID [2022-02-20 17:58:43,903 INFO L272 TraceCheckUtils]: 45: Hoare triple {384#false} call sendEmail(~bob~0, ~rjh~0); {384#false} is VALID [2022-02-20 17:58:43,903 INFO L290 TraceCheckUtils]: 46: Hoare triple {384#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {384#false} is VALID [2022-02-20 17:58:43,904 INFO L272 TraceCheckUtils]: 47: Hoare triple {384#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {460#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:43,904 INFO L290 TraceCheckUtils]: 48: Hoare triple {460#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,904 INFO L290 TraceCheckUtils]: 49: Hoare triple {383#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,904 INFO L290 TraceCheckUtils]: 50: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,905 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {383#true} {384#false} #1083#return; {384#false} is VALID [2022-02-20 17:58:43,905 INFO L272 TraceCheckUtils]: 52: Hoare triple {384#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {461#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:43,905 INFO L290 TraceCheckUtils]: 53: Hoare triple {461#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,905 INFO L290 TraceCheckUtils]: 54: Hoare triple {383#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,906 INFO L290 TraceCheckUtils]: 55: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,906 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {383#true} {384#false} #1085#return; {384#false} is VALID [2022-02-20 17:58:43,906 INFO L290 TraceCheckUtils]: 57: Hoare triple {384#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {384#false} is VALID [2022-02-20 17:58:43,906 INFO L290 TraceCheckUtils]: 58: Hoare triple {384#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {384#false} is VALID [2022-02-20 17:58:43,907 INFO L272 TraceCheckUtils]: 59: Hoare triple {384#false} call outgoing(~sender#1, ~email~0#1); {384#false} is VALID [2022-02-20 17:58:43,907 INFO L290 TraceCheckUtils]: 60: Hoare triple {384#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {384#false} is VALID [2022-02-20 17:58:43,907 INFO L272 TraceCheckUtils]: 61: Hoare triple {384#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {383#true} is VALID [2022-02-20 17:58:43,908 INFO L290 TraceCheckUtils]: 62: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~9; {383#true} is VALID [2022-02-20 17:58:43,908 INFO L290 TraceCheckUtils]: 63: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {383#true} is VALID [2022-02-20 17:58:43,908 INFO L290 TraceCheckUtils]: 64: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,908 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {383#true} {384#false} #1015#return; {384#false} is VALID [2022-02-20 17:58:43,908 INFO L290 TraceCheckUtils]: 66: Hoare triple {384#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {384#false} is VALID [2022-02-20 17:58:43,909 INFO L290 TraceCheckUtils]: 67: Hoare triple {384#false} assume 0 == sign_~privkey~1#1; {384#false} is VALID [2022-02-20 17:58:43,909 INFO L290 TraceCheckUtils]: 68: Hoare triple {384#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {384#false} is VALID [2022-02-20 17:58:43,909 INFO L272 TraceCheckUtils]: 69: Hoare triple {384#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {383#true} is VALID [2022-02-20 17:58:43,910 INFO L290 TraceCheckUtils]: 70: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~31; {383#true} is VALID [2022-02-20 17:58:43,910 INFO L290 TraceCheckUtils]: 71: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {383#true} is VALID [2022-02-20 17:58:43,910 INFO L290 TraceCheckUtils]: 72: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,910 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {383#true} {384#false} #1017#return; {384#false} is VALID [2022-02-20 17:58:43,910 INFO L290 TraceCheckUtils]: 74: Hoare triple {384#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {384#false} is VALID [2022-02-20 17:58:43,911 INFO L272 TraceCheckUtils]: 75: Hoare triple {384#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {383#true} is VALID [2022-02-20 17:58:43,911 INFO L290 TraceCheckUtils]: 76: Hoare triple {383#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {383#true} is VALID [2022-02-20 17:58:43,911 INFO L290 TraceCheckUtils]: 77: Hoare triple {383#true} assume 1 == ~handle; {383#true} is VALID [2022-02-20 17:58:43,911 INFO L290 TraceCheckUtils]: 78: Hoare triple {383#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {383#true} is VALID [2022-02-20 17:58:43,912 INFO L290 TraceCheckUtils]: 79: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,912 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {383#true} {384#false} #1019#return; {384#false} is VALID [2022-02-20 17:58:43,912 INFO L290 TraceCheckUtils]: 81: Hoare triple {384#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {384#false} is VALID [2022-02-20 17:58:43,913 INFO L290 TraceCheckUtils]: 82: Hoare triple {384#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {384#false} is VALID [2022-02-20 17:58:43,913 INFO L290 TraceCheckUtils]: 83: Hoare triple {384#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {384#false} is VALID [2022-02-20 17:58:43,913 INFO L290 TraceCheckUtils]: 84: Hoare triple {384#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {384#false} is VALID [2022-02-20 17:58:43,913 INFO L290 TraceCheckUtils]: 85: Hoare triple {384#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {384#false} is VALID [2022-02-20 17:58:43,914 INFO L272 TraceCheckUtils]: 86: Hoare triple {384#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {460#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:43,914 INFO L290 TraceCheckUtils]: 87: Hoare triple {460#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:43,914 INFO L290 TraceCheckUtils]: 88: Hoare triple {383#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:43,914 INFO L290 TraceCheckUtils]: 89: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,915 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {383#true} {384#false} #1025#return; {384#false} is VALID [2022-02-20 17:58:43,915 INFO L290 TraceCheckUtils]: 91: Hoare triple {384#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {384#false} is VALID [2022-02-20 17:58:43,915 INFO L272 TraceCheckUtils]: 92: Hoare triple {384#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {383#true} is VALID [2022-02-20 17:58:43,915 INFO L290 TraceCheckUtils]: 93: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~36; {383#true} is VALID [2022-02-20 17:58:43,916 INFO L290 TraceCheckUtils]: 94: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {383#true} is VALID [2022-02-20 17:58:43,916 INFO L290 TraceCheckUtils]: 95: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,916 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {383#true} {384#false} #1027#return; {384#false} is VALID [2022-02-20 17:58:43,916 INFO L290 TraceCheckUtils]: 97: Hoare triple {384#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {384#false} is VALID [2022-02-20 17:58:43,917 INFO L290 TraceCheckUtils]: 98: Hoare triple {384#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {384#false} is VALID [2022-02-20 17:58:43,917 INFO L272 TraceCheckUtils]: 99: Hoare triple {384#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {383#true} is VALID [2022-02-20 17:58:43,917 INFO L290 TraceCheckUtils]: 100: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~31; {383#true} is VALID [2022-02-20 17:58:43,917 INFO L290 TraceCheckUtils]: 101: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {383#true} is VALID [2022-02-20 17:58:43,918 INFO L290 TraceCheckUtils]: 102: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,918 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {383#true} {384#false} #1029#return; {384#false} is VALID [2022-02-20 17:58:43,918 INFO L290 TraceCheckUtils]: 104: Hoare triple {384#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {384#false} is VALID [2022-02-20 17:58:43,918 INFO L272 TraceCheckUtils]: 105: Hoare triple {384#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {383#true} is VALID [2022-02-20 17:58:43,919 INFO L290 TraceCheckUtils]: 106: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~9; {383#true} is VALID [2022-02-20 17:58:43,919 INFO L290 TraceCheckUtils]: 107: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {383#true} is VALID [2022-02-20 17:58:43,919 INFO L290 TraceCheckUtils]: 108: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,919 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {383#true} {384#false} #1031#return; {384#false} is VALID [2022-02-20 17:58:43,919 INFO L290 TraceCheckUtils]: 110: Hoare triple {384#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {384#false} is VALID [2022-02-20 17:58:43,920 INFO L290 TraceCheckUtils]: 111: Hoare triple {384#false} assume !(0 != incoming_~privkey~0#1); {384#false} is VALID [2022-02-20 17:58:43,920 INFO L290 TraceCheckUtils]: 112: Hoare triple {384#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {384#false} is VALID [2022-02-20 17:58:43,920 INFO L290 TraceCheckUtils]: 113: Hoare triple {384#false} assume 1 == ~sent_signed~0; {384#false} is VALID [2022-02-20 17:58:43,921 INFO L272 TraceCheckUtils]: 114: Hoare triple {384#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {383#true} is VALID [2022-02-20 17:58:43,921 INFO L290 TraceCheckUtils]: 115: Hoare triple {383#true} ~handle := #in~handle;havoc ~retValue_acc~30; {383#true} is VALID [2022-02-20 17:58:43,921 INFO L290 TraceCheckUtils]: 116: Hoare triple {383#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {383#true} is VALID [2022-02-20 17:58:43,921 INFO L290 TraceCheckUtils]: 117: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,921 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {383#true} {384#false} #1043#return; {384#false} is VALID [2022-02-20 17:58:43,922 INFO L290 TraceCheckUtils]: 119: Hoare triple {384#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {384#false} is VALID [2022-02-20 17:58:43,922 INFO L272 TraceCheckUtils]: 120: Hoare triple {384#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {383#true} is VALID [2022-02-20 17:58:43,922 INFO L290 TraceCheckUtils]: 121: Hoare triple {383#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {383#true} is VALID [2022-02-20 17:58:43,922 INFO L290 TraceCheckUtils]: 122: Hoare triple {383#true} assume 1 == ~handle; {383#true} is VALID [2022-02-20 17:58:43,923 INFO L290 TraceCheckUtils]: 123: Hoare triple {383#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {383#true} is VALID [2022-02-20 17:58:43,923 INFO L290 TraceCheckUtils]: 124: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:43,923 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {383#true} {384#false} #1045#return; {384#false} is VALID [2022-02-20 17:58:43,923 INFO L290 TraceCheckUtils]: 126: Hoare triple {384#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {384#false} is VALID [2022-02-20 17:58:43,924 INFO L290 TraceCheckUtils]: 127: Hoare triple {384#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {384#false} is VALID [2022-02-20 17:58:43,924 INFO L272 TraceCheckUtils]: 128: Hoare triple {384#false} call __automaton_fail(); {384#false} is VALID [2022-02-20 17:58:43,924 INFO L290 TraceCheckUtils]: 129: Hoare triple {384#false} assume !false; {384#false} is VALID [2022-02-20 17:58:43,925 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 35 trivial. 0 not checked. [2022-02-20 17:58:43,926 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:43,926 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1939856369] [2022-02-20 17:58:43,926 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1939856369] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:43,927 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1897709714] [2022-02-20 17:58:43,927 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:43,927 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:43,928 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:43,929 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:43,951 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:58:44,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:44,312 INFO L263 TraceCheckSpWp]: Trace formula consists of 1198 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:58:44,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:44,394 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:44,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {383#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {383#true} is VALID [2022-02-20 17:58:44,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {383#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {383#true} is VALID [2022-02-20 17:58:44,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {383#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {383#true} is VALID [2022-02-20 17:58:44,767 INFO L290 TraceCheckUtils]: 3: Hoare triple {383#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {383#true} is VALID [2022-02-20 17:58:44,767 INFO L290 TraceCheckUtils]: 4: Hoare triple {383#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {383#true} is VALID [2022-02-20 17:58:44,767 INFO L290 TraceCheckUtils]: 5: Hoare triple {383#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {383#true} is VALID [2022-02-20 17:58:44,768 INFO L272 TraceCheckUtils]: 6: Hoare triple {383#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {383#true} is VALID [2022-02-20 17:58:44,768 INFO L290 TraceCheckUtils]: 7: Hoare triple {383#true} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:44,768 INFO L290 TraceCheckUtils]: 8: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:44,768 INFO L290 TraceCheckUtils]: 9: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:44,768 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {383#true} {383#true} #1097#return; {383#true} is VALID [2022-02-20 17:58:44,769 INFO L290 TraceCheckUtils]: 11: Hoare triple {383#true} assume { :end_inline_setup_bob__wrappee__Base } true; {383#true} is VALID [2022-02-20 17:58:44,769 INFO L272 TraceCheckUtils]: 12: Hoare triple {383#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {383#true} is VALID [2022-02-20 17:58:44,769 INFO L290 TraceCheckUtils]: 13: Hoare triple {383#true} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:44,769 INFO L290 TraceCheckUtils]: 14: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:44,769 INFO L290 TraceCheckUtils]: 15: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:44,770 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {383#true} {383#true} #1099#return; {383#true} is VALID [2022-02-20 17:58:44,770 INFO L290 TraceCheckUtils]: 17: Hoare triple {383#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {383#true} is VALID [2022-02-20 17:58:44,770 INFO L272 TraceCheckUtils]: 18: Hoare triple {383#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {383#true} is VALID [2022-02-20 17:58:44,770 INFO L290 TraceCheckUtils]: 19: Hoare triple {383#true} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:44,770 INFO L290 TraceCheckUtils]: 20: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:44,771 INFO L290 TraceCheckUtils]: 21: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:44,771 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {383#true} {383#true} #1101#return; {383#true} is VALID [2022-02-20 17:58:44,771 INFO L290 TraceCheckUtils]: 23: Hoare triple {383#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {383#true} is VALID [2022-02-20 17:58:44,771 INFO L272 TraceCheckUtils]: 24: Hoare triple {383#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {383#true} is VALID [2022-02-20 17:58:44,771 INFO L290 TraceCheckUtils]: 25: Hoare triple {383#true} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:44,771 INFO L290 TraceCheckUtils]: 26: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:44,772 INFO L290 TraceCheckUtils]: 27: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:44,772 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {383#true} {383#true} #1103#return; {383#true} is VALID [2022-02-20 17:58:44,772 INFO L290 TraceCheckUtils]: 29: Hoare triple {383#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {383#true} is VALID [2022-02-20 17:58:44,772 INFO L272 TraceCheckUtils]: 30: Hoare triple {383#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {383#true} is VALID [2022-02-20 17:58:44,773 INFO L290 TraceCheckUtils]: 31: Hoare triple {383#true} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:44,773 INFO L290 TraceCheckUtils]: 32: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:44,773 INFO L290 TraceCheckUtils]: 33: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:44,773 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {383#true} {383#true} #1105#return; {383#true} is VALID [2022-02-20 17:58:44,773 INFO L290 TraceCheckUtils]: 35: Hoare triple {383#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {383#true} is VALID [2022-02-20 17:58:44,774 INFO L272 TraceCheckUtils]: 36: Hoare triple {383#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {383#true} is VALID [2022-02-20 17:58:44,774 INFO L290 TraceCheckUtils]: 37: Hoare triple {383#true} ~handle := #in~handle;~value := #in~value; {383#true} is VALID [2022-02-20 17:58:44,776 INFO L290 TraceCheckUtils]: 38: Hoare triple {383#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {383#true} is VALID [2022-02-20 17:58:44,781 INFO L290 TraceCheckUtils]: 39: Hoare triple {383#true} assume true; {383#true} is VALID [2022-02-20 17:58:44,782 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {383#true} {383#true} #1107#return; {383#true} is VALID [2022-02-20 17:58:44,782 INFO L290 TraceCheckUtils]: 41: Hoare triple {383#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {383#true} is VALID [2022-02-20 17:58:44,783 INFO L290 TraceCheckUtils]: 42: Hoare triple {383#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {383#true} is VALID [2022-02-20 17:58:44,786 INFO L290 TraceCheckUtils]: 43: Hoare triple {383#true} assume false; {384#false} is VALID [2022-02-20 17:58:44,787 INFO L290 TraceCheckUtils]: 44: Hoare triple {384#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {384#false} is VALID [2022-02-20 17:58:44,788 INFO L272 TraceCheckUtils]: 45: Hoare triple {384#false} call sendEmail(~bob~0, ~rjh~0); {384#false} is VALID [2022-02-20 17:58:44,789 INFO L290 TraceCheckUtils]: 46: Hoare triple {384#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {384#false} is VALID [2022-02-20 17:58:44,789 INFO L272 TraceCheckUtils]: 47: Hoare triple {384#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {384#false} is VALID [2022-02-20 17:58:44,789 INFO L290 TraceCheckUtils]: 48: Hoare triple {384#false} ~handle := #in~handle;~value := #in~value; {384#false} is VALID [2022-02-20 17:58:44,789 INFO L290 TraceCheckUtils]: 49: Hoare triple {384#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {384#false} is VALID [2022-02-20 17:58:44,789 INFO L290 TraceCheckUtils]: 50: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,790 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {384#false} {384#false} #1083#return; {384#false} is VALID [2022-02-20 17:58:44,790 INFO L272 TraceCheckUtils]: 52: Hoare triple {384#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {384#false} is VALID [2022-02-20 17:58:44,790 INFO L290 TraceCheckUtils]: 53: Hoare triple {384#false} ~handle := #in~handle;~value := #in~value; {384#false} is VALID [2022-02-20 17:58:44,790 INFO L290 TraceCheckUtils]: 54: Hoare triple {384#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {384#false} is VALID [2022-02-20 17:58:44,790 INFO L290 TraceCheckUtils]: 55: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,790 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {384#false} {384#false} #1085#return; {384#false} is VALID [2022-02-20 17:58:44,791 INFO L290 TraceCheckUtils]: 57: Hoare triple {384#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {384#false} is VALID [2022-02-20 17:58:44,791 INFO L290 TraceCheckUtils]: 58: Hoare triple {384#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {384#false} is VALID [2022-02-20 17:58:44,791 INFO L272 TraceCheckUtils]: 59: Hoare triple {384#false} call outgoing(~sender#1, ~email~0#1); {384#false} is VALID [2022-02-20 17:58:44,791 INFO L290 TraceCheckUtils]: 60: Hoare triple {384#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {384#false} is VALID [2022-02-20 17:58:44,791 INFO L272 TraceCheckUtils]: 61: Hoare triple {384#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {384#false} is VALID [2022-02-20 17:58:44,792 INFO L290 TraceCheckUtils]: 62: Hoare triple {384#false} ~handle := #in~handle;havoc ~retValue_acc~9; {384#false} is VALID [2022-02-20 17:58:44,792 INFO L290 TraceCheckUtils]: 63: Hoare triple {384#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {384#false} is VALID [2022-02-20 17:58:44,792 INFO L290 TraceCheckUtils]: 64: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,792 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {384#false} {384#false} #1015#return; {384#false} is VALID [2022-02-20 17:58:44,792 INFO L290 TraceCheckUtils]: 66: Hoare triple {384#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {384#false} is VALID [2022-02-20 17:58:44,792 INFO L290 TraceCheckUtils]: 67: Hoare triple {384#false} assume 0 == sign_~privkey~1#1; {384#false} is VALID [2022-02-20 17:58:44,792 INFO L290 TraceCheckUtils]: 68: Hoare triple {384#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {384#false} is VALID [2022-02-20 17:58:44,793 INFO L272 TraceCheckUtils]: 69: Hoare triple {384#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {384#false} is VALID [2022-02-20 17:58:44,793 INFO L290 TraceCheckUtils]: 70: Hoare triple {384#false} ~handle := #in~handle;havoc ~retValue_acc~31; {384#false} is VALID [2022-02-20 17:58:44,793 INFO L290 TraceCheckUtils]: 71: Hoare triple {384#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {384#false} is VALID [2022-02-20 17:58:44,793 INFO L290 TraceCheckUtils]: 72: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,793 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {384#false} {384#false} #1017#return; {384#false} is VALID [2022-02-20 17:58:44,793 INFO L290 TraceCheckUtils]: 74: Hoare triple {384#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {384#false} is VALID [2022-02-20 17:58:44,793 INFO L272 TraceCheckUtils]: 75: Hoare triple {384#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {384#false} is VALID [2022-02-20 17:58:44,793 INFO L290 TraceCheckUtils]: 76: Hoare triple {384#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {384#false} is VALID [2022-02-20 17:58:44,793 INFO L290 TraceCheckUtils]: 77: Hoare triple {384#false} assume 1 == ~handle; {384#false} is VALID [2022-02-20 17:58:44,793 INFO L290 TraceCheckUtils]: 78: Hoare triple {384#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {384#false} is VALID [2022-02-20 17:58:44,794 INFO L290 TraceCheckUtils]: 79: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,794 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {384#false} {384#false} #1019#return; {384#false} is VALID [2022-02-20 17:58:44,794 INFO L290 TraceCheckUtils]: 81: Hoare triple {384#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {384#false} is VALID [2022-02-20 17:58:44,794 INFO L290 TraceCheckUtils]: 82: Hoare triple {384#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {384#false} is VALID [2022-02-20 17:58:44,794 INFO L290 TraceCheckUtils]: 83: Hoare triple {384#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {384#false} is VALID [2022-02-20 17:58:44,794 INFO L290 TraceCheckUtils]: 84: Hoare triple {384#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {384#false} is VALID [2022-02-20 17:58:44,794 INFO L290 TraceCheckUtils]: 85: Hoare triple {384#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {384#false} is VALID [2022-02-20 17:58:44,794 INFO L272 TraceCheckUtils]: 86: Hoare triple {384#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {384#false} is VALID [2022-02-20 17:58:44,794 INFO L290 TraceCheckUtils]: 87: Hoare triple {384#false} ~handle := #in~handle;~value := #in~value; {384#false} is VALID [2022-02-20 17:58:44,794 INFO L290 TraceCheckUtils]: 88: Hoare triple {384#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {384#false} is VALID [2022-02-20 17:58:44,794 INFO L290 TraceCheckUtils]: 89: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {384#false} {384#false} #1025#return; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L290 TraceCheckUtils]: 91: Hoare triple {384#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L272 TraceCheckUtils]: 92: Hoare triple {384#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {384#false} is VALID [2022-02-20 17:58:44,795 INFO L290 TraceCheckUtils]: 93: Hoare triple {384#false} ~handle := #in~handle;havoc ~retValue_acc~36; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L290 TraceCheckUtils]: 94: Hoare triple {384#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L290 TraceCheckUtils]: 95: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {384#false} {384#false} #1027#return; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L290 TraceCheckUtils]: 97: Hoare triple {384#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L290 TraceCheckUtils]: 98: Hoare triple {384#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L272 TraceCheckUtils]: 99: Hoare triple {384#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {384#false} is VALID [2022-02-20 17:58:44,795 INFO L290 TraceCheckUtils]: 100: Hoare triple {384#false} ~handle := #in~handle;havoc ~retValue_acc~31; {384#false} is VALID [2022-02-20 17:58:44,795 INFO L290 TraceCheckUtils]: 101: Hoare triple {384#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L290 TraceCheckUtils]: 102: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {384#false} {384#false} #1029#return; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L290 TraceCheckUtils]: 104: Hoare triple {384#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L272 TraceCheckUtils]: 105: Hoare triple {384#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {384#false} is VALID [2022-02-20 17:58:44,796 INFO L290 TraceCheckUtils]: 106: Hoare triple {384#false} ~handle := #in~handle;havoc ~retValue_acc~9; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L290 TraceCheckUtils]: 107: Hoare triple {384#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L290 TraceCheckUtils]: 108: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {384#false} {384#false} #1031#return; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L290 TraceCheckUtils]: 110: Hoare triple {384#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L290 TraceCheckUtils]: 111: Hoare triple {384#false} assume !(0 != incoming_~privkey~0#1); {384#false} is VALID [2022-02-20 17:58:44,796 INFO L290 TraceCheckUtils]: 112: Hoare triple {384#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {384#false} is VALID [2022-02-20 17:58:44,796 INFO L290 TraceCheckUtils]: 113: Hoare triple {384#false} assume 1 == ~sent_signed~0; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L272 TraceCheckUtils]: 114: Hoare triple {384#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {384#false} is VALID [2022-02-20 17:58:44,797 INFO L290 TraceCheckUtils]: 115: Hoare triple {384#false} ~handle := #in~handle;havoc ~retValue_acc~30; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L290 TraceCheckUtils]: 116: Hoare triple {384#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L290 TraceCheckUtils]: 117: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {384#false} {384#false} #1043#return; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L290 TraceCheckUtils]: 119: Hoare triple {384#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L272 TraceCheckUtils]: 120: Hoare triple {384#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {384#false} is VALID [2022-02-20 17:58:44,797 INFO L290 TraceCheckUtils]: 121: Hoare triple {384#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L290 TraceCheckUtils]: 122: Hoare triple {384#false} assume 1 == ~handle; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L290 TraceCheckUtils]: 123: Hoare triple {384#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L290 TraceCheckUtils]: 124: Hoare triple {384#false} assume true; {384#false} is VALID [2022-02-20 17:58:44,797 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {384#false} {384#false} #1045#return; {384#false} is VALID [2022-02-20 17:58:44,798 INFO L290 TraceCheckUtils]: 126: Hoare triple {384#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {384#false} is VALID [2022-02-20 17:58:44,798 INFO L290 TraceCheckUtils]: 127: Hoare triple {384#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {384#false} is VALID [2022-02-20 17:58:44,798 INFO L272 TraceCheckUtils]: 128: Hoare triple {384#false} call __automaton_fail(); {384#false} is VALID [2022-02-20 17:58:44,798 INFO L290 TraceCheckUtils]: 129: Hoare triple {384#false} assume !false; {384#false} is VALID [2022-02-20 17:58:44,798 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:44,798 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:44,799 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1897709714] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:44,799 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:44,799 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:58:44,801 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1688682310] [2022-02-20 17:58:44,801 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:44,806 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 130 [2022-02-20 17:58:44,808 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:44,810 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:44,913 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 105 edges. 105 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:44,913 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:58:44,913 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:44,940 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:58:44,941 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:44,946 INFO L87 Difference]: Start difference. First operand has 380 states, 290 states have (on average 1.4965517241379311) internal successors, (434), 296 states have internal predecessors, (434), 64 states have call successors, (64), 24 states have call predecessors, (64), 24 states have return successors, (64), 63 states have call predecessors, (64), 64 states have call successors, (64) Second operand has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:45,348 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:45,349 INFO L93 Difference]: Finished difference Result 605 states and 878 transitions. [2022-02-20 17:58:45,349 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:58:45,349 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 130 [2022-02-20 17:58:45,350 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:45,351 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:45,372 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 878 transitions. [2022-02-20 17:58:45,373 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:45,410 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 878 transitions. [2022-02-20 17:58:45,410 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 878 transitions. [2022-02-20 17:58:46,108 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 878 edges. 878 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:46,154 INFO L225 Difference]: With dead ends: 605 [2022-02-20 17:58:46,155 INFO L226 Difference]: Without dead ends: 372 [2022-02-20 17:58:46,163 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 167 GetRequests, 160 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:46,167 INFO L933 BasicCegarLoop]: 556 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 556 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:46,169 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 556 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:46,190 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 372 states. [2022-02-20 17:58:46,250 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 372 to 372. [2022-02-20 17:58:46,251 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:46,258 INFO L82 GeneralOperation]: Start isEquivalent. First operand 372 states. Second operand has 372 states, 284 states have (on average 1.4894366197183098) internal successors, (423), 288 states have internal predecessors, (423), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:58:46,262 INFO L74 IsIncluded]: Start isIncluded. First operand 372 states. Second operand has 372 states, 284 states have (on average 1.4894366197183098) internal successors, (423), 288 states have internal predecessors, (423), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:58:46,267 INFO L87 Difference]: Start difference. First operand 372 states. Second operand has 372 states, 284 states have (on average 1.4894366197183098) internal successors, (423), 288 states have internal predecessors, (423), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:58:46,292 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:46,292 INFO L93 Difference]: Finished difference Result 372 states and 548 transitions. [2022-02-20 17:58:46,292 INFO L276 IsEmpty]: Start isEmpty. Operand 372 states and 548 transitions. [2022-02-20 17:58:46,295 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:46,295 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:46,296 INFO L74 IsIncluded]: Start isIncluded. First operand has 372 states, 284 states have (on average 1.4894366197183098) internal successors, (423), 288 states have internal predecessors, (423), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) Second operand 372 states. [2022-02-20 17:58:46,300 INFO L87 Difference]: Start difference. First operand has 372 states, 284 states have (on average 1.4894366197183098) internal successors, (423), 288 states have internal predecessors, (423), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) Second operand 372 states. [2022-02-20 17:58:46,335 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:46,336 INFO L93 Difference]: Finished difference Result 372 states and 548 transitions. [2022-02-20 17:58:46,336 INFO L276 IsEmpty]: Start isEmpty. Operand 372 states and 548 transitions. [2022-02-20 17:58:46,337 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:46,337 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:46,338 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:46,338 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:46,339 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 372 states, 284 states have (on average 1.4894366197183098) internal successors, (423), 288 states have internal predecessors, (423), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:58:46,357 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 372 states to 372 states and 548 transitions. [2022-02-20 17:58:46,359 INFO L78 Accepts]: Start accepts. Automaton has 372 states and 548 transitions. Word has length 130 [2022-02-20 17:58:46,361 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:46,361 INFO L470 AbstractCegarLoop]: Abstraction has 372 states and 548 transitions. [2022-02-20 17:58:46,362 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 34.0) internal successors, (68), 2 states have internal predecessors, (68), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:46,362 INFO L276 IsEmpty]: Start isEmpty. Operand 372 states and 548 transitions. [2022-02-20 17:58:46,369 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 132 [2022-02-20 17:58:46,369 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:46,370 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:46,399 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:46,595 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:58:46,596 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:46,596 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:46,596 INFO L85 PathProgramCache]: Analyzing trace with hash 440913668, now seen corresponding path program 1 times [2022-02-20 17:58:46,597 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:46,597 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [590956880] [2022-02-20 17:58:46,597 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:46,597 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:46,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:46,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,692 INFO L290 TraceCheckUtils]: 0: Hoare triple {3041#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,692 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,693 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,698 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2968#true} #1097#return; {2968#true} is VALID [2022-02-20 17:58:46,704 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:46,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,708 INFO L290 TraceCheckUtils]: 0: Hoare triple {3042#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,708 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,708 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,708 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2968#true} #1099#return; {2968#true} is VALID [2022-02-20 17:58:46,709 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:46,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {3041#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3043#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:46,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {3043#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3044#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:46,728 INFO L290 TraceCheckUtils]: 2: Hoare triple {3044#(= |setClientId_#in~handle| 1)} assume true; {3044#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:46,728 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3044#(= |setClientId_#in~handle| 1)} {2978#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1101#return; {2969#false} is VALID [2022-02-20 17:58:46,729 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:46,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,736 INFO L290 TraceCheckUtils]: 0: Hoare triple {3042#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,736 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,736 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,736 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1103#return; {2969#false} is VALID [2022-02-20 17:58:46,737 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:46,740 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,742 INFO L290 TraceCheckUtils]: 0: Hoare triple {3041#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,742 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,742 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,743 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1105#return; {2969#false} is VALID [2022-02-20 17:58:46,743 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:46,745 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {3042#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,749 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,749 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1107#return; {2969#false} is VALID [2022-02-20 17:58:46,756 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:58:46,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,760 INFO L290 TraceCheckUtils]: 0: Hoare triple {3045#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,760 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,761 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,761 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1083#return; {2969#false} is VALID [2022-02-20 17:58:46,769 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:58:46,770 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,772 INFO L290 TraceCheckUtils]: 0: Hoare triple {3046#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,772 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,772 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,773 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1085#return; {2969#false} is VALID [2022-02-20 17:58:46,773 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:46,774 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,775 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2968#true} is VALID [2022-02-20 17:58:46,776 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2968#true} is VALID [2022-02-20 17:58:46,776 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,776 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1015#return; {2969#false} is VALID [2022-02-20 17:58:46,776 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:58:46,779 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,785 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~31; {2968#true} is VALID [2022-02-20 17:58:46,785 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {2968#true} is VALID [2022-02-20 17:58:46,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,785 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1017#return; {2969#false} is VALID [2022-02-20 17:58:46,785 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:58:46,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,788 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {2968#true} is VALID [2022-02-20 17:58:46,789 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle; {2968#true} is VALID [2022-02-20 17:58:46,789 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {2968#true} is VALID [2022-02-20 17:58:46,789 INFO L290 TraceCheckUtils]: 3: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,789 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2968#true} {2969#false} #1019#return; {2969#false} is VALID [2022-02-20 17:58:46,789 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:58:46,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,792 INFO L290 TraceCheckUtils]: 0: Hoare triple {3045#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,792 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,792 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,793 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1025#return; {2969#false} is VALID [2022-02-20 17:58:46,793 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:58:46,794 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,796 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2968#true} is VALID [2022-02-20 17:58:46,796 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {2968#true} is VALID [2022-02-20 17:58:46,796 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,796 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1027#return; {2969#false} is VALID [2022-02-20 17:58:46,796 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:58:46,797 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,799 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~31; {2968#true} is VALID [2022-02-20 17:58:46,799 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {2968#true} is VALID [2022-02-20 17:58:46,799 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,799 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1029#return; {2969#false} is VALID [2022-02-20 17:58:46,799 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:58:46,800 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,802 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2968#true} is VALID [2022-02-20 17:58:46,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2968#true} is VALID [2022-02-20 17:58:46,802 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,802 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1031#return; {2969#false} is VALID [2022-02-20 17:58:46,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:46,803 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,805 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~30; {2968#true} is VALID [2022-02-20 17:58:46,805 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {2968#true} is VALID [2022-02-20 17:58:46,806 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,806 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {2968#true} {2969#false} #1043#return; {2969#false} is VALID [2022-02-20 17:58:46,806 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 17:58:46,807 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,809 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {2968#true} is VALID [2022-02-20 17:58:46,809 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume 1 == ~handle; {2968#true} is VALID [2022-02-20 17:58:46,809 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {2968#true} is VALID [2022-02-20 17:58:46,809 INFO L290 TraceCheckUtils]: 3: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,810 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2968#true} {2969#false} #1045#return; {2969#false} is VALID [2022-02-20 17:58:46,810 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2968#true} is VALID [2022-02-20 17:58:46,810 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {2968#true} is VALID [2022-02-20 17:58:46,810 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2968#true} is VALID [2022-02-20 17:58:46,810 INFO L290 TraceCheckUtils]: 3: Hoare triple {2968#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {2968#true} is VALID [2022-02-20 17:58:46,810 INFO L290 TraceCheckUtils]: 4: Hoare triple {2968#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {2968#true} is VALID [2022-02-20 17:58:46,811 INFO L290 TraceCheckUtils]: 5: Hoare triple {2968#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2968#true} is VALID [2022-02-20 17:58:46,811 INFO L272 TraceCheckUtils]: 6: Hoare triple {2968#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3041#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:46,812 INFO L290 TraceCheckUtils]: 7: Hoare triple {3041#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,812 INFO L290 TraceCheckUtils]: 8: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,812 INFO L290 TraceCheckUtils]: 9: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,812 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2968#true} {2968#true} #1097#return; {2968#true} is VALID [2022-02-20 17:58:46,812 INFO L290 TraceCheckUtils]: 11: Hoare triple {2968#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2968#true} is VALID [2022-02-20 17:58:46,813 INFO L272 TraceCheckUtils]: 12: Hoare triple {2968#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3042#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:46,813 INFO L290 TraceCheckUtils]: 13: Hoare triple {3042#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,813 INFO L290 TraceCheckUtils]: 14: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,814 INFO L290 TraceCheckUtils]: 15: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,814 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2968#true} {2968#true} #1099#return; {2968#true} is VALID [2022-02-20 17:58:46,814 INFO L290 TraceCheckUtils]: 17: Hoare triple {2968#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2978#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:46,815 INFO L272 TraceCheckUtils]: 18: Hoare triple {2978#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3041#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:46,815 INFO L290 TraceCheckUtils]: 19: Hoare triple {3041#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3043#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:46,816 INFO L290 TraceCheckUtils]: 20: Hoare triple {3043#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3044#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:46,816 INFO L290 TraceCheckUtils]: 21: Hoare triple {3044#(= |setClientId_#in~handle| 1)} assume true; {3044#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:46,817 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3044#(= |setClientId_#in~handle| 1)} {2978#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1101#return; {2969#false} is VALID [2022-02-20 17:58:46,817 INFO L290 TraceCheckUtils]: 23: Hoare triple {2969#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {2969#false} is VALID [2022-02-20 17:58:46,817 INFO L272 TraceCheckUtils]: 24: Hoare triple {2969#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3042#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:46,817 INFO L290 TraceCheckUtils]: 25: Hoare triple {3042#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,817 INFO L290 TraceCheckUtils]: 26: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,818 INFO L290 TraceCheckUtils]: 27: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,818 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2968#true} {2969#false} #1103#return; {2969#false} is VALID [2022-02-20 17:58:46,818 INFO L290 TraceCheckUtils]: 29: Hoare triple {2969#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2969#false} is VALID [2022-02-20 17:58:46,818 INFO L272 TraceCheckUtils]: 30: Hoare triple {2969#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3041#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:46,818 INFO L290 TraceCheckUtils]: 31: Hoare triple {3041#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,818 INFO L290 TraceCheckUtils]: 32: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,818 INFO L290 TraceCheckUtils]: 33: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,819 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2968#true} {2969#false} #1105#return; {2969#false} is VALID [2022-02-20 17:58:46,819 INFO L290 TraceCheckUtils]: 35: Hoare triple {2969#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {2969#false} is VALID [2022-02-20 17:58:46,819 INFO L272 TraceCheckUtils]: 36: Hoare triple {2969#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3042#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:46,819 INFO L290 TraceCheckUtils]: 37: Hoare triple {3042#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,819 INFO L290 TraceCheckUtils]: 38: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,819 INFO L290 TraceCheckUtils]: 39: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,820 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2968#true} {2969#false} #1107#return; {2969#false} is VALID [2022-02-20 17:58:46,820 INFO L290 TraceCheckUtils]: 41: Hoare triple {2969#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {2969#false} is VALID [2022-02-20 17:58:46,820 INFO L290 TraceCheckUtils]: 42: Hoare triple {2969#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {2969#false} is VALID [2022-02-20 17:58:46,820 INFO L290 TraceCheckUtils]: 43: Hoare triple {2969#false} assume !false; {2969#false} is VALID [2022-02-20 17:58:46,820 INFO L290 TraceCheckUtils]: 44: Hoare triple {2969#false} assume !(test_~splverifierCounter~0#1 < 4); {2969#false} is VALID [2022-02-20 17:58:46,820 INFO L290 TraceCheckUtils]: 45: Hoare triple {2969#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {2969#false} is VALID [2022-02-20 17:58:46,821 INFO L272 TraceCheckUtils]: 46: Hoare triple {2969#false} call sendEmail(~bob~0, ~rjh~0); {2969#false} is VALID [2022-02-20 17:58:46,821 INFO L290 TraceCheckUtils]: 47: Hoare triple {2969#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2969#false} is VALID [2022-02-20 17:58:46,821 INFO L272 TraceCheckUtils]: 48: Hoare triple {2969#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3045#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:46,821 INFO L290 TraceCheckUtils]: 49: Hoare triple {3045#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,821 INFO L290 TraceCheckUtils]: 50: Hoare triple {2968#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,821 INFO L290 TraceCheckUtils]: 51: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,821 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2968#true} {2969#false} #1083#return; {2969#false} is VALID [2022-02-20 17:58:46,822 INFO L272 TraceCheckUtils]: 53: Hoare triple {2969#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3046#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:46,822 INFO L290 TraceCheckUtils]: 54: Hoare triple {3046#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,822 INFO L290 TraceCheckUtils]: 55: Hoare triple {2968#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,822 INFO L290 TraceCheckUtils]: 56: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,822 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2968#true} {2969#false} #1085#return; {2969#false} is VALID [2022-02-20 17:58:46,822 INFO L290 TraceCheckUtils]: 58: Hoare triple {2969#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {2969#false} is VALID [2022-02-20 17:58:46,823 INFO L290 TraceCheckUtils]: 59: Hoare triple {2969#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {2969#false} is VALID [2022-02-20 17:58:46,823 INFO L272 TraceCheckUtils]: 60: Hoare triple {2969#false} call outgoing(~sender#1, ~email~0#1); {2969#false} is VALID [2022-02-20 17:58:46,823 INFO L290 TraceCheckUtils]: 61: Hoare triple {2969#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {2969#false} is VALID [2022-02-20 17:58:46,823 INFO L272 TraceCheckUtils]: 62: Hoare triple {2969#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {2968#true} is VALID [2022-02-20 17:58:46,823 INFO L290 TraceCheckUtils]: 63: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2968#true} is VALID [2022-02-20 17:58:46,823 INFO L290 TraceCheckUtils]: 64: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2968#true} is VALID [2022-02-20 17:58:46,824 INFO L290 TraceCheckUtils]: 65: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,824 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2968#true} {2969#false} #1015#return; {2969#false} is VALID [2022-02-20 17:58:46,824 INFO L290 TraceCheckUtils]: 67: Hoare triple {2969#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {2969#false} is VALID [2022-02-20 17:58:46,824 INFO L290 TraceCheckUtils]: 68: Hoare triple {2969#false} assume 0 == sign_~privkey~1#1; {2969#false} is VALID [2022-02-20 17:58:46,824 INFO L290 TraceCheckUtils]: 69: Hoare triple {2969#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {2969#false} is VALID [2022-02-20 17:58:46,824 INFO L272 TraceCheckUtils]: 70: Hoare triple {2969#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {2968#true} is VALID [2022-02-20 17:58:46,824 INFO L290 TraceCheckUtils]: 71: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~31; {2968#true} is VALID [2022-02-20 17:58:46,825 INFO L290 TraceCheckUtils]: 72: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {2968#true} is VALID [2022-02-20 17:58:46,825 INFO L290 TraceCheckUtils]: 73: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,825 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2968#true} {2969#false} #1017#return; {2969#false} is VALID [2022-02-20 17:58:46,825 INFO L290 TraceCheckUtils]: 75: Hoare triple {2969#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {2969#false} is VALID [2022-02-20 17:58:46,825 INFO L272 TraceCheckUtils]: 76: Hoare triple {2969#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {2968#true} is VALID [2022-02-20 17:58:46,825 INFO L290 TraceCheckUtils]: 77: Hoare triple {2968#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {2968#true} is VALID [2022-02-20 17:58:46,826 INFO L290 TraceCheckUtils]: 78: Hoare triple {2968#true} assume 1 == ~handle; {2968#true} is VALID [2022-02-20 17:58:46,826 INFO L290 TraceCheckUtils]: 79: Hoare triple {2968#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {2968#true} is VALID [2022-02-20 17:58:46,826 INFO L290 TraceCheckUtils]: 80: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,826 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2968#true} {2969#false} #1019#return; {2969#false} is VALID [2022-02-20 17:58:46,826 INFO L290 TraceCheckUtils]: 82: Hoare triple {2969#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {2969#false} is VALID [2022-02-20 17:58:46,826 INFO L290 TraceCheckUtils]: 83: Hoare triple {2969#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {2969#false} is VALID [2022-02-20 17:58:46,826 INFO L290 TraceCheckUtils]: 84: Hoare triple {2969#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2969#false} is VALID [2022-02-20 17:58:46,827 INFO L290 TraceCheckUtils]: 85: Hoare triple {2969#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2969#false} is VALID [2022-02-20 17:58:46,827 INFO L290 TraceCheckUtils]: 86: Hoare triple {2969#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {2969#false} is VALID [2022-02-20 17:58:46,827 INFO L272 TraceCheckUtils]: 87: Hoare triple {2969#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {3045#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:46,827 INFO L290 TraceCheckUtils]: 88: Hoare triple {3045#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:46,827 INFO L290 TraceCheckUtils]: 89: Hoare triple {2968#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:46,827 INFO L290 TraceCheckUtils]: 90: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,828 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2968#true} {2969#false} #1025#return; {2969#false} is VALID [2022-02-20 17:58:46,828 INFO L290 TraceCheckUtils]: 92: Hoare triple {2969#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {2969#false} is VALID [2022-02-20 17:58:46,828 INFO L272 TraceCheckUtils]: 93: Hoare triple {2969#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {2968#true} is VALID [2022-02-20 17:58:46,828 INFO L290 TraceCheckUtils]: 94: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~36; {2968#true} is VALID [2022-02-20 17:58:46,828 INFO L290 TraceCheckUtils]: 95: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {2968#true} is VALID [2022-02-20 17:58:46,828 INFO L290 TraceCheckUtils]: 96: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,828 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {2968#true} {2969#false} #1027#return; {2969#false} is VALID [2022-02-20 17:58:46,829 INFO L290 TraceCheckUtils]: 98: Hoare triple {2969#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {2969#false} is VALID [2022-02-20 17:58:46,829 INFO L290 TraceCheckUtils]: 99: Hoare triple {2969#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {2969#false} is VALID [2022-02-20 17:58:46,829 INFO L272 TraceCheckUtils]: 100: Hoare triple {2969#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {2968#true} is VALID [2022-02-20 17:58:46,829 INFO L290 TraceCheckUtils]: 101: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~31; {2968#true} is VALID [2022-02-20 17:58:46,829 INFO L290 TraceCheckUtils]: 102: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {2968#true} is VALID [2022-02-20 17:58:46,829 INFO L290 TraceCheckUtils]: 103: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,830 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {2968#true} {2969#false} #1029#return; {2969#false} is VALID [2022-02-20 17:58:46,830 INFO L290 TraceCheckUtils]: 105: Hoare triple {2969#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {2969#false} is VALID [2022-02-20 17:58:46,830 INFO L272 TraceCheckUtils]: 106: Hoare triple {2969#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {2968#true} is VALID [2022-02-20 17:58:46,830 INFO L290 TraceCheckUtils]: 107: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~9; {2968#true} is VALID [2022-02-20 17:58:46,830 INFO L290 TraceCheckUtils]: 108: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2968#true} is VALID [2022-02-20 17:58:46,830 INFO L290 TraceCheckUtils]: 109: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,830 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {2968#true} {2969#false} #1031#return; {2969#false} is VALID [2022-02-20 17:58:46,831 INFO L290 TraceCheckUtils]: 111: Hoare triple {2969#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {2969#false} is VALID [2022-02-20 17:58:46,831 INFO L290 TraceCheckUtils]: 112: Hoare triple {2969#false} assume !(0 != incoming_~privkey~0#1); {2969#false} is VALID [2022-02-20 17:58:46,831 INFO L290 TraceCheckUtils]: 113: Hoare triple {2969#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {2969#false} is VALID [2022-02-20 17:58:46,831 INFO L290 TraceCheckUtils]: 114: Hoare triple {2969#false} assume 1 == ~sent_signed~0; {2969#false} is VALID [2022-02-20 17:58:46,831 INFO L272 TraceCheckUtils]: 115: Hoare triple {2969#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {2968#true} is VALID [2022-02-20 17:58:46,831 INFO L290 TraceCheckUtils]: 116: Hoare triple {2968#true} ~handle := #in~handle;havoc ~retValue_acc~30; {2968#true} is VALID [2022-02-20 17:58:46,832 INFO L290 TraceCheckUtils]: 117: Hoare triple {2968#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {2968#true} is VALID [2022-02-20 17:58:46,832 INFO L290 TraceCheckUtils]: 118: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,832 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {2968#true} {2969#false} #1043#return; {2969#false} is VALID [2022-02-20 17:58:46,832 INFO L290 TraceCheckUtils]: 120: Hoare triple {2969#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {2969#false} is VALID [2022-02-20 17:58:46,832 INFO L272 TraceCheckUtils]: 121: Hoare triple {2969#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {2968#true} is VALID [2022-02-20 17:58:46,832 INFO L290 TraceCheckUtils]: 122: Hoare triple {2968#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {2968#true} is VALID [2022-02-20 17:58:46,833 INFO L290 TraceCheckUtils]: 123: Hoare triple {2968#true} assume 1 == ~handle; {2968#true} is VALID [2022-02-20 17:58:46,833 INFO L290 TraceCheckUtils]: 124: Hoare triple {2968#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {2968#true} is VALID [2022-02-20 17:58:46,833 INFO L290 TraceCheckUtils]: 125: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:46,833 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {2968#true} {2969#false} #1045#return; {2969#false} is VALID [2022-02-20 17:58:46,833 INFO L290 TraceCheckUtils]: 127: Hoare triple {2969#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {2969#false} is VALID [2022-02-20 17:58:46,833 INFO L290 TraceCheckUtils]: 128: Hoare triple {2969#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {2969#false} is VALID [2022-02-20 17:58:46,833 INFO L272 TraceCheckUtils]: 129: Hoare triple {2969#false} call __automaton_fail(); {2969#false} is VALID [2022-02-20 17:58:46,834 INFO L290 TraceCheckUtils]: 130: Hoare triple {2969#false} assume !false; {2969#false} is VALID [2022-02-20 17:58:46,834 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 35 trivial. 0 not checked. [2022-02-20 17:58:46,834 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:46,835 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [590956880] [2022-02-20 17:58:46,835 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [590956880] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:46,835 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1566352376] [2022-02-20 17:58:46,835 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:46,835 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:46,835 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:46,837 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:46,843 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:58:47,113 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:47,117 INFO L263 TraceCheckSpWp]: Trace formula consists of 1199 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:58:47,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:47,192 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:47,562 INFO L290 TraceCheckUtils]: 0: Hoare triple {2968#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {2968#true} is VALID [2022-02-20 17:58:47,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {2968#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {2968#true} is VALID [2022-02-20 17:58:47,562 INFO L290 TraceCheckUtils]: 2: Hoare triple {2968#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2968#true} is VALID [2022-02-20 17:58:47,562 INFO L290 TraceCheckUtils]: 3: Hoare triple {2968#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {2968#true} is VALID [2022-02-20 17:58:47,562 INFO L290 TraceCheckUtils]: 4: Hoare triple {2968#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {2968#true} is VALID [2022-02-20 17:58:47,562 INFO L290 TraceCheckUtils]: 5: Hoare triple {2968#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {2968#true} is VALID [2022-02-20 17:58:47,562 INFO L272 TraceCheckUtils]: 6: Hoare triple {2968#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {2968#true} is VALID [2022-02-20 17:58:47,563 INFO L290 TraceCheckUtils]: 7: Hoare triple {2968#true} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:47,563 INFO L290 TraceCheckUtils]: 8: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:47,563 INFO L290 TraceCheckUtils]: 9: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:47,563 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2968#true} {2968#true} #1097#return; {2968#true} is VALID [2022-02-20 17:58:47,563 INFO L290 TraceCheckUtils]: 11: Hoare triple {2968#true} assume { :end_inline_setup_bob__wrappee__Base } true; {2968#true} is VALID [2022-02-20 17:58:47,563 INFO L272 TraceCheckUtils]: 12: Hoare triple {2968#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {2968#true} is VALID [2022-02-20 17:58:47,563 INFO L290 TraceCheckUtils]: 13: Hoare triple {2968#true} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:47,564 INFO L290 TraceCheckUtils]: 14: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:47,564 INFO L290 TraceCheckUtils]: 15: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:47,564 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2968#true} {2968#true} #1099#return; {2968#true} is VALID [2022-02-20 17:58:47,564 INFO L290 TraceCheckUtils]: 17: Hoare triple {2968#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {2968#true} is VALID [2022-02-20 17:58:47,564 INFO L272 TraceCheckUtils]: 18: Hoare triple {2968#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {2968#true} is VALID [2022-02-20 17:58:47,564 INFO L290 TraceCheckUtils]: 19: Hoare triple {2968#true} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:47,564 INFO L290 TraceCheckUtils]: 20: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:47,564 INFO L290 TraceCheckUtils]: 21: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:47,564 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {2968#true} {2968#true} #1101#return; {2968#true} is VALID [2022-02-20 17:58:47,565 INFO L290 TraceCheckUtils]: 23: Hoare triple {2968#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {2968#true} is VALID [2022-02-20 17:58:47,565 INFO L272 TraceCheckUtils]: 24: Hoare triple {2968#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {2968#true} is VALID [2022-02-20 17:58:47,565 INFO L290 TraceCheckUtils]: 25: Hoare triple {2968#true} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:47,565 INFO L290 TraceCheckUtils]: 26: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:47,565 INFO L290 TraceCheckUtils]: 27: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:47,565 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2968#true} {2968#true} #1103#return; {2968#true} is VALID [2022-02-20 17:58:47,565 INFO L290 TraceCheckUtils]: 29: Hoare triple {2968#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {2968#true} is VALID [2022-02-20 17:58:47,566 INFO L272 TraceCheckUtils]: 30: Hoare triple {2968#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {2968#true} is VALID [2022-02-20 17:58:47,566 INFO L290 TraceCheckUtils]: 31: Hoare triple {2968#true} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:47,566 INFO L290 TraceCheckUtils]: 32: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:47,566 INFO L290 TraceCheckUtils]: 33: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:47,566 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {2968#true} {2968#true} #1105#return; {2968#true} is VALID [2022-02-20 17:58:47,566 INFO L290 TraceCheckUtils]: 35: Hoare triple {2968#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {2968#true} is VALID [2022-02-20 17:58:47,566 INFO L272 TraceCheckUtils]: 36: Hoare triple {2968#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {2968#true} is VALID [2022-02-20 17:58:47,566 INFO L290 TraceCheckUtils]: 37: Hoare triple {2968#true} ~handle := #in~handle;~value := #in~value; {2968#true} is VALID [2022-02-20 17:58:47,567 INFO L290 TraceCheckUtils]: 38: Hoare triple {2968#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {2968#true} is VALID [2022-02-20 17:58:47,567 INFO L290 TraceCheckUtils]: 39: Hoare triple {2968#true} assume true; {2968#true} is VALID [2022-02-20 17:58:47,567 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2968#true} {2968#true} #1107#return; {2968#true} is VALID [2022-02-20 17:58:47,567 INFO L290 TraceCheckUtils]: 41: Hoare triple {2968#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {2968#true} is VALID [2022-02-20 17:58:47,568 INFO L290 TraceCheckUtils]: 42: Hoare triple {2968#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3176#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:47,568 INFO L290 TraceCheckUtils]: 43: Hoare triple {3176#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3176#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:47,569 INFO L290 TraceCheckUtils]: 44: Hoare triple {3176#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {2969#false} is VALID [2022-02-20 17:58:47,569 INFO L290 TraceCheckUtils]: 45: Hoare triple {2969#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {2969#false} is VALID [2022-02-20 17:58:47,569 INFO L272 TraceCheckUtils]: 46: Hoare triple {2969#false} call sendEmail(~bob~0, ~rjh~0); {2969#false} is VALID [2022-02-20 17:58:47,569 INFO L290 TraceCheckUtils]: 47: Hoare triple {2969#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {2969#false} is VALID [2022-02-20 17:58:47,569 INFO L272 TraceCheckUtils]: 48: Hoare triple {2969#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {2969#false} is VALID [2022-02-20 17:58:47,569 INFO L290 TraceCheckUtils]: 49: Hoare triple {2969#false} ~handle := #in~handle;~value := #in~value; {2969#false} is VALID [2022-02-20 17:58:47,569 INFO L290 TraceCheckUtils]: 50: Hoare triple {2969#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2969#false} is VALID [2022-02-20 17:58:47,569 INFO L290 TraceCheckUtils]: 51: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,570 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {2969#false} {2969#false} #1083#return; {2969#false} is VALID [2022-02-20 17:58:47,574 INFO L272 TraceCheckUtils]: 53: Hoare triple {2969#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {2969#false} is VALID [2022-02-20 17:58:47,574 INFO L290 TraceCheckUtils]: 54: Hoare triple {2969#false} ~handle := #in~handle;~value := #in~value; {2969#false} is VALID [2022-02-20 17:58:47,574 INFO L290 TraceCheckUtils]: 55: Hoare triple {2969#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {2969#false} is VALID [2022-02-20 17:58:47,574 INFO L290 TraceCheckUtils]: 56: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,574 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {2969#false} {2969#false} #1085#return; {2969#false} is VALID [2022-02-20 17:58:47,575 INFO L290 TraceCheckUtils]: 58: Hoare triple {2969#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {2969#false} is VALID [2022-02-20 17:58:47,575 INFO L290 TraceCheckUtils]: 59: Hoare triple {2969#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {2969#false} is VALID [2022-02-20 17:58:47,575 INFO L272 TraceCheckUtils]: 60: Hoare triple {2969#false} call outgoing(~sender#1, ~email~0#1); {2969#false} is VALID [2022-02-20 17:58:47,575 INFO L290 TraceCheckUtils]: 61: Hoare triple {2969#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {2969#false} is VALID [2022-02-20 17:58:47,575 INFO L272 TraceCheckUtils]: 62: Hoare triple {2969#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {2969#false} is VALID [2022-02-20 17:58:47,575 INFO L290 TraceCheckUtils]: 63: Hoare triple {2969#false} ~handle := #in~handle;havoc ~retValue_acc~9; {2969#false} is VALID [2022-02-20 17:58:47,575 INFO L290 TraceCheckUtils]: 64: Hoare triple {2969#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2969#false} is VALID [2022-02-20 17:58:47,576 INFO L290 TraceCheckUtils]: 65: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,576 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {2969#false} {2969#false} #1015#return; {2969#false} is VALID [2022-02-20 17:58:47,576 INFO L290 TraceCheckUtils]: 67: Hoare triple {2969#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {2969#false} is VALID [2022-02-20 17:58:47,576 INFO L290 TraceCheckUtils]: 68: Hoare triple {2969#false} assume 0 == sign_~privkey~1#1; {2969#false} is VALID [2022-02-20 17:58:47,576 INFO L290 TraceCheckUtils]: 69: Hoare triple {2969#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {2969#false} is VALID [2022-02-20 17:58:47,576 INFO L272 TraceCheckUtils]: 70: Hoare triple {2969#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {2969#false} is VALID [2022-02-20 17:58:47,576 INFO L290 TraceCheckUtils]: 71: Hoare triple {2969#false} ~handle := #in~handle;havoc ~retValue_acc~31; {2969#false} is VALID [2022-02-20 17:58:47,576 INFO L290 TraceCheckUtils]: 72: Hoare triple {2969#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {2969#false} is VALID [2022-02-20 17:58:47,576 INFO L290 TraceCheckUtils]: 73: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,577 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {2969#false} {2969#false} #1017#return; {2969#false} is VALID [2022-02-20 17:58:47,577 INFO L290 TraceCheckUtils]: 75: Hoare triple {2969#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {2969#false} is VALID [2022-02-20 17:58:47,577 INFO L272 TraceCheckUtils]: 76: Hoare triple {2969#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {2969#false} is VALID [2022-02-20 17:58:47,577 INFO L290 TraceCheckUtils]: 77: Hoare triple {2969#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {2969#false} is VALID [2022-02-20 17:58:47,577 INFO L290 TraceCheckUtils]: 78: Hoare triple {2969#false} assume 1 == ~handle; {2969#false} is VALID [2022-02-20 17:58:47,577 INFO L290 TraceCheckUtils]: 79: Hoare triple {2969#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {2969#false} is VALID [2022-02-20 17:58:47,577 INFO L290 TraceCheckUtils]: 80: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,578 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {2969#false} {2969#false} #1019#return; {2969#false} is VALID [2022-02-20 17:58:47,578 INFO L290 TraceCheckUtils]: 82: Hoare triple {2969#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {2969#false} is VALID [2022-02-20 17:58:47,578 INFO L290 TraceCheckUtils]: 83: Hoare triple {2969#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {2969#false} is VALID [2022-02-20 17:58:47,578 INFO L290 TraceCheckUtils]: 84: Hoare triple {2969#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {2969#false} is VALID [2022-02-20 17:58:47,578 INFO L290 TraceCheckUtils]: 85: Hoare triple {2969#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {2969#false} is VALID [2022-02-20 17:58:47,578 INFO L290 TraceCheckUtils]: 86: Hoare triple {2969#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {2969#false} is VALID [2022-02-20 17:58:47,578 INFO L272 TraceCheckUtils]: 87: Hoare triple {2969#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {2969#false} is VALID [2022-02-20 17:58:47,578 INFO L290 TraceCheckUtils]: 88: Hoare triple {2969#false} ~handle := #in~handle;~value := #in~value; {2969#false} is VALID [2022-02-20 17:58:47,578 INFO L290 TraceCheckUtils]: 89: Hoare triple {2969#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {2969#false} is VALID [2022-02-20 17:58:47,579 INFO L290 TraceCheckUtils]: 90: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,579 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {2969#false} {2969#false} #1025#return; {2969#false} is VALID [2022-02-20 17:58:47,579 INFO L290 TraceCheckUtils]: 92: Hoare triple {2969#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {2969#false} is VALID [2022-02-20 17:58:47,579 INFO L272 TraceCheckUtils]: 93: Hoare triple {2969#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {2969#false} is VALID [2022-02-20 17:58:47,579 INFO L290 TraceCheckUtils]: 94: Hoare triple {2969#false} ~handle := #in~handle;havoc ~retValue_acc~36; {2969#false} is VALID [2022-02-20 17:58:47,579 INFO L290 TraceCheckUtils]: 95: Hoare triple {2969#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {2969#false} is VALID [2022-02-20 17:58:47,579 INFO L290 TraceCheckUtils]: 96: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,579 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {2969#false} {2969#false} #1027#return; {2969#false} is VALID [2022-02-20 17:58:47,580 INFO L290 TraceCheckUtils]: 98: Hoare triple {2969#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {2969#false} is VALID [2022-02-20 17:58:47,580 INFO L290 TraceCheckUtils]: 99: Hoare triple {2969#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {2969#false} is VALID [2022-02-20 17:58:47,580 INFO L272 TraceCheckUtils]: 100: Hoare triple {2969#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {2969#false} is VALID [2022-02-20 17:58:47,580 INFO L290 TraceCheckUtils]: 101: Hoare triple {2969#false} ~handle := #in~handle;havoc ~retValue_acc~31; {2969#false} is VALID [2022-02-20 17:58:47,580 INFO L290 TraceCheckUtils]: 102: Hoare triple {2969#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {2969#false} is VALID [2022-02-20 17:58:47,580 INFO L290 TraceCheckUtils]: 103: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,580 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {2969#false} {2969#false} #1029#return; {2969#false} is VALID [2022-02-20 17:58:47,580 INFO L290 TraceCheckUtils]: 105: Hoare triple {2969#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {2969#false} is VALID [2022-02-20 17:58:47,581 INFO L272 TraceCheckUtils]: 106: Hoare triple {2969#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {2969#false} is VALID [2022-02-20 17:58:47,581 INFO L290 TraceCheckUtils]: 107: Hoare triple {2969#false} ~handle := #in~handle;havoc ~retValue_acc~9; {2969#false} is VALID [2022-02-20 17:58:47,581 INFO L290 TraceCheckUtils]: 108: Hoare triple {2969#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {2969#false} is VALID [2022-02-20 17:58:47,581 INFO L290 TraceCheckUtils]: 109: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,581 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {2969#false} {2969#false} #1031#return; {2969#false} is VALID [2022-02-20 17:58:47,581 INFO L290 TraceCheckUtils]: 111: Hoare triple {2969#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {2969#false} is VALID [2022-02-20 17:58:47,581 INFO L290 TraceCheckUtils]: 112: Hoare triple {2969#false} assume !(0 != incoming_~privkey~0#1); {2969#false} is VALID [2022-02-20 17:58:47,581 INFO L290 TraceCheckUtils]: 113: Hoare triple {2969#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {2969#false} is VALID [2022-02-20 17:58:47,582 INFO L290 TraceCheckUtils]: 114: Hoare triple {2969#false} assume 1 == ~sent_signed~0; {2969#false} is VALID [2022-02-20 17:58:47,582 INFO L272 TraceCheckUtils]: 115: Hoare triple {2969#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {2969#false} is VALID [2022-02-20 17:58:47,582 INFO L290 TraceCheckUtils]: 116: Hoare triple {2969#false} ~handle := #in~handle;havoc ~retValue_acc~30; {2969#false} is VALID [2022-02-20 17:58:47,582 INFO L290 TraceCheckUtils]: 117: Hoare triple {2969#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {2969#false} is VALID [2022-02-20 17:58:47,582 INFO L290 TraceCheckUtils]: 118: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,582 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {2969#false} {2969#false} #1043#return; {2969#false} is VALID [2022-02-20 17:58:47,582 INFO L290 TraceCheckUtils]: 120: Hoare triple {2969#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {2969#false} is VALID [2022-02-20 17:58:47,582 INFO L272 TraceCheckUtils]: 121: Hoare triple {2969#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {2969#false} is VALID [2022-02-20 17:58:47,583 INFO L290 TraceCheckUtils]: 122: Hoare triple {2969#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {2969#false} is VALID [2022-02-20 17:58:47,583 INFO L290 TraceCheckUtils]: 123: Hoare triple {2969#false} assume 1 == ~handle; {2969#false} is VALID [2022-02-20 17:58:47,583 INFO L290 TraceCheckUtils]: 124: Hoare triple {2969#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {2969#false} is VALID [2022-02-20 17:58:47,583 INFO L290 TraceCheckUtils]: 125: Hoare triple {2969#false} assume true; {2969#false} is VALID [2022-02-20 17:58:47,583 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {2969#false} {2969#false} #1045#return; {2969#false} is VALID [2022-02-20 17:58:47,583 INFO L290 TraceCheckUtils]: 127: Hoare triple {2969#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {2969#false} is VALID [2022-02-20 17:58:47,583 INFO L290 TraceCheckUtils]: 128: Hoare triple {2969#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {2969#false} is VALID [2022-02-20 17:58:47,583 INFO L272 TraceCheckUtils]: 129: Hoare triple {2969#false} call __automaton_fail(); {2969#false} is VALID [2022-02-20 17:58:47,584 INFO L290 TraceCheckUtils]: 130: Hoare triple {2969#false} assume !false; {2969#false} is VALID [2022-02-20 17:58:47,586 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:47,586 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:47,586 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1566352376] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:47,586 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:47,586 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:47,586 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1593507276] [2022-02-20 17:58:47,586 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:47,593 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 131 [2022-02-20 17:58:47,594 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:47,594 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:47,674 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 106 edges. 106 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:47,674 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:47,675 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:47,675 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:47,675 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:47,676 INFO L87 Difference]: Start difference. First operand 372 states and 548 transitions. Second operand has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:48,174 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:48,175 INFO L93 Difference]: Finished difference Result 594 states and 855 transitions. [2022-02-20 17:58:48,175 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:48,175 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 131 [2022-02-20 17:58:48,175 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:48,176 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:48,190 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 855 transitions. [2022-02-20 17:58:48,191 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:48,206 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 855 transitions. [2022-02-20 17:58:48,206 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 855 transitions. [2022-02-20 17:58:48,858 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 855 edges. 855 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:48,871 INFO L225 Difference]: With dead ends: 594 [2022-02-20 17:58:48,871 INFO L226 Difference]: Without dead ends: 375 [2022-02-20 17:58:48,872 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 168 GetRequests, 160 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:48,873 INFO L933 BasicCegarLoop]: 546 mSDtfsCounter, 1 mSDsluCounter, 544 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1090 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:48,873 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1090 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:48,875 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 375 states. [2022-02-20 17:58:48,888 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 375 to 374. [2022-02-20 17:58:48,888 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:48,889 INFO L82 GeneralOperation]: Start isEquivalent. First operand 375 states. Second operand has 374 states, 286 states have (on average 1.486013986013986) internal successors, (425), 290 states have internal predecessors, (425), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:58:48,890 INFO L74 IsIncluded]: Start isIncluded. First operand 375 states. Second operand has 374 states, 286 states have (on average 1.486013986013986) internal successors, (425), 290 states have internal predecessors, (425), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:58:48,891 INFO L87 Difference]: Start difference. First operand 375 states. Second operand has 374 states, 286 states have (on average 1.486013986013986) internal successors, (425), 290 states have internal predecessors, (425), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:58:48,909 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:48,909 INFO L93 Difference]: Finished difference Result 375 states and 551 transitions. [2022-02-20 17:58:48,909 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 551 transitions. [2022-02-20 17:58:48,911 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:48,911 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:48,913 INFO L74 IsIncluded]: Start isIncluded. First operand has 374 states, 286 states have (on average 1.486013986013986) internal successors, (425), 290 states have internal predecessors, (425), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) Second operand 375 states. [2022-02-20 17:58:48,914 INFO L87 Difference]: Start difference. First operand has 374 states, 286 states have (on average 1.486013986013986) internal successors, (425), 290 states have internal predecessors, (425), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) Second operand 375 states. [2022-02-20 17:58:48,931 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:48,931 INFO L93 Difference]: Finished difference Result 375 states and 551 transitions. [2022-02-20 17:58:48,932 INFO L276 IsEmpty]: Start isEmpty. Operand 375 states and 551 transitions. [2022-02-20 17:58:48,933 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:48,933 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:48,933 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:48,933 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:48,934 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 374 states, 286 states have (on average 1.486013986013986) internal successors, (425), 290 states have internal predecessors, (425), 64 states have call successors, (64), 24 states have call predecessors, (64), 23 states have return successors, (61), 61 states have call predecessors, (61), 61 states have call successors, (61) [2022-02-20 17:58:48,955 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 374 states to 374 states and 550 transitions. [2022-02-20 17:58:48,955 INFO L78 Accepts]: Start accepts. Automaton has 374 states and 550 transitions. Word has length 131 [2022-02-20 17:58:48,955 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:48,955 INFO L470 AbstractCegarLoop]: Abstraction has 374 states and 550 transitions. [2022-02-20 17:58:48,956 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 23.0) internal successors, (69), 3 states have internal predecessors, (69), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:48,956 INFO L276 IsEmpty]: Start isEmpty. Operand 374 states and 550 transitions. [2022-02-20 17:58:48,958 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 138 [2022-02-20 17:58:48,958 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:48,958 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:48,986 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:49,179 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:58:49,180 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:49,180 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:49,180 INFO L85 PathProgramCache]: Analyzing trace with hash 2067163547, now seen corresponding path program 1 times [2022-02-20 17:58:49,180 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:49,180 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1299046171] [2022-02-20 17:58:49,180 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:49,181 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:49,217 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:49,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,251 INFO L290 TraceCheckUtils]: 0: Hoare triple {5623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,251 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,252 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5550#true} #1097#return; {5550#true} is VALID [2022-02-20 17:58:49,258 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:49,259 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,262 INFO L290 TraceCheckUtils]: 0: Hoare triple {5624#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,262 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,262 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,262 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5550#true} #1099#return; {5550#true} is VALID [2022-02-20 17:58:49,263 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:49,265 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,278 INFO L290 TraceCheckUtils]: 0: Hoare triple {5623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5625#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:49,279 INFO L290 TraceCheckUtils]: 1: Hoare triple {5625#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5626#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:49,279 INFO L290 TraceCheckUtils]: 2: Hoare triple {5626#(= |setClientId_#in~handle| 1)} assume true; {5626#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:49,280 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5626#(= |setClientId_#in~handle| 1)} {5560#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1101#return; {5551#false} is VALID [2022-02-20 17:58:49,280 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:49,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {5624#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,297 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,297 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1103#return; {5551#false} is VALID [2022-02-20 17:58:49,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:49,299 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,301 INFO L290 TraceCheckUtils]: 0: Hoare triple {5623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,302 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,302 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,302 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1105#return; {5551#false} is VALID [2022-02-20 17:58:49,302 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:49,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {5624#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,307 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,307 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,307 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1107#return; {5551#false} is VALID [2022-02-20 17:58:49,317 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 17:58:49,318 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {5627#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,321 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,321 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,321 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1083#return; {5551#false} is VALID [2022-02-20 17:58:49,329 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:58:49,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,332 INFO L290 TraceCheckUtils]: 0: Hoare triple {5628#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,332 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,333 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,333 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1085#return; {5551#false} is VALID [2022-02-20 17:58:49,333 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:58:49,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~9; {5550#true} is VALID [2022-02-20 17:58:49,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {5550#true} is VALID [2022-02-20 17:58:49,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,337 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1015#return; {5551#false} is VALID [2022-02-20 17:58:49,337 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:58:49,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,341 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~31; {5550#true} is VALID [2022-02-20 17:58:49,341 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {5550#true} is VALID [2022-02-20 17:58:49,341 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,341 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1017#return; {5551#false} is VALID [2022-02-20 17:58:49,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:58:49,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,345 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {5550#true} is VALID [2022-02-20 17:58:49,345 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle; {5550#true} is VALID [2022-02-20 17:58:49,345 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {5550#true} is VALID [2022-02-20 17:58:49,346 INFO L290 TraceCheckUtils]: 3: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,346 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5550#true} {5551#false} #1019#return; {5551#false} is VALID [2022-02-20 17:58:49,346 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 93 [2022-02-20 17:58:49,347 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {5627#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,350 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,350 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,350 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1025#return; {5551#false} is VALID [2022-02-20 17:58:49,350 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:58:49,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,359 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5550#true} is VALID [2022-02-20 17:58:49,360 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {5550#true} is VALID [2022-02-20 17:58:49,360 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,360 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1027#return; {5551#false} is VALID [2022-02-20 17:58:49,360 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:58:49,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,364 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~31; {5550#true} is VALID [2022-02-20 17:58:49,364 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {5550#true} is VALID [2022-02-20 17:58:49,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,364 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1029#return; {5551#false} is VALID [2022-02-20 17:58:49,364 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:58:49,366 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,368 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~9; {5550#true} is VALID [2022-02-20 17:58:49,368 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {5550#true} is VALID [2022-02-20 17:58:49,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,369 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1031#return; {5551#false} is VALID [2022-02-20 17:58:49,369 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 17:58:49,370 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,372 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~30; {5550#true} is VALID [2022-02-20 17:58:49,372 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {5550#true} is VALID [2022-02-20 17:58:49,372 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,373 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5550#true} {5551#false} #1043#return; {5551#false} is VALID [2022-02-20 17:58:49,373 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 17:58:49,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {5550#true} is VALID [2022-02-20 17:58:49,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume 1 == ~handle; {5550#true} is VALID [2022-02-20 17:58:49,377 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {5550#true} is VALID [2022-02-20 17:58:49,377 INFO L290 TraceCheckUtils]: 3: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,377 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {5550#true} {5551#false} #1045#return; {5551#false} is VALID [2022-02-20 17:58:49,377 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5550#true} is VALID [2022-02-20 17:58:49,377 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {5550#true} is VALID [2022-02-20 17:58:49,378 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5550#true} is VALID [2022-02-20 17:58:49,378 INFO L290 TraceCheckUtils]: 3: Hoare triple {5550#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {5550#true} is VALID [2022-02-20 17:58:49,378 INFO L290 TraceCheckUtils]: 4: Hoare triple {5550#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {5550#true} is VALID [2022-02-20 17:58:49,378 INFO L290 TraceCheckUtils]: 5: Hoare triple {5550#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5550#true} is VALID [2022-02-20 17:58:49,388 INFO L272 TraceCheckUtils]: 6: Hoare triple {5550#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:49,388 INFO L290 TraceCheckUtils]: 7: Hoare triple {5623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,388 INFO L290 TraceCheckUtils]: 8: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,388 INFO L290 TraceCheckUtils]: 9: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,389 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5550#true} {5550#true} #1097#return; {5550#true} is VALID [2022-02-20 17:58:49,389 INFO L290 TraceCheckUtils]: 11: Hoare triple {5550#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5550#true} is VALID [2022-02-20 17:58:49,390 INFO L272 TraceCheckUtils]: 12: Hoare triple {5550#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5624#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:49,390 INFO L290 TraceCheckUtils]: 13: Hoare triple {5624#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,390 INFO L290 TraceCheckUtils]: 14: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,390 INFO L290 TraceCheckUtils]: 15: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,390 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5550#true} {5550#true} #1099#return; {5550#true} is VALID [2022-02-20 17:58:49,391 INFO L290 TraceCheckUtils]: 17: Hoare triple {5550#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5560#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:49,391 INFO L272 TraceCheckUtils]: 18: Hoare triple {5560#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:49,392 INFO L290 TraceCheckUtils]: 19: Hoare triple {5623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5625#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:49,392 INFO L290 TraceCheckUtils]: 20: Hoare triple {5625#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5626#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:49,393 INFO L290 TraceCheckUtils]: 21: Hoare triple {5626#(= |setClientId_#in~handle| 1)} assume true; {5626#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:49,393 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5626#(= |setClientId_#in~handle| 1)} {5560#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1101#return; {5551#false} is VALID [2022-02-20 17:58:49,393 INFO L290 TraceCheckUtils]: 23: Hoare triple {5551#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {5551#false} is VALID [2022-02-20 17:58:49,394 INFO L272 TraceCheckUtils]: 24: Hoare triple {5551#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5624#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:49,394 INFO L290 TraceCheckUtils]: 25: Hoare triple {5624#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,394 INFO L290 TraceCheckUtils]: 26: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,394 INFO L290 TraceCheckUtils]: 27: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,394 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5550#true} {5551#false} #1103#return; {5551#false} is VALID [2022-02-20 17:58:49,394 INFO L290 TraceCheckUtils]: 29: Hoare triple {5551#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5551#false} is VALID [2022-02-20 17:58:49,394 INFO L272 TraceCheckUtils]: 30: Hoare triple {5551#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:49,395 INFO L290 TraceCheckUtils]: 31: Hoare triple {5623#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,395 INFO L290 TraceCheckUtils]: 32: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,395 INFO L290 TraceCheckUtils]: 33: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,395 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5550#true} {5551#false} #1105#return; {5551#false} is VALID [2022-02-20 17:58:49,395 INFO L290 TraceCheckUtils]: 35: Hoare triple {5551#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {5551#false} is VALID [2022-02-20 17:58:49,395 INFO L272 TraceCheckUtils]: 36: Hoare triple {5551#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5624#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:49,395 INFO L290 TraceCheckUtils]: 37: Hoare triple {5624#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,395 INFO L290 TraceCheckUtils]: 38: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,396 INFO L290 TraceCheckUtils]: 39: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,396 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5550#true} {5551#false} #1107#return; {5551#false} is VALID [2022-02-20 17:58:49,396 INFO L290 TraceCheckUtils]: 41: Hoare triple {5551#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {5551#false} is VALID [2022-02-20 17:58:49,396 INFO L290 TraceCheckUtils]: 42: Hoare triple {5551#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5551#false} is VALID [2022-02-20 17:58:49,396 INFO L290 TraceCheckUtils]: 43: Hoare triple {5551#false} assume !false; {5551#false} is VALID [2022-02-20 17:58:49,396 INFO L290 TraceCheckUtils]: 44: Hoare triple {5551#false} assume test_~splverifierCounter~0#1 < 4; {5551#false} is VALID [2022-02-20 17:58:49,397 INFO L290 TraceCheckUtils]: 45: Hoare triple {5551#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5551#false} is VALID [2022-02-20 17:58:49,397 INFO L290 TraceCheckUtils]: 46: Hoare triple {5551#false} assume !(0 == test_~op1~0#1); {5551#false} is VALID [2022-02-20 17:58:49,397 INFO L290 TraceCheckUtils]: 47: Hoare triple {5551#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {5551#false} is VALID [2022-02-20 17:58:49,397 INFO L290 TraceCheckUtils]: 48: Hoare triple {5551#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5551#false} is VALID [2022-02-20 17:58:49,397 INFO L290 TraceCheckUtils]: 49: Hoare triple {5551#false} assume !false; {5551#false} is VALID [2022-02-20 17:58:49,397 INFO L290 TraceCheckUtils]: 50: Hoare triple {5551#false} assume !(test_~splverifierCounter~0#1 < 4); {5551#false} is VALID [2022-02-20 17:58:49,397 INFO L290 TraceCheckUtils]: 51: Hoare triple {5551#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {5551#false} is VALID [2022-02-20 17:58:49,398 INFO L272 TraceCheckUtils]: 52: Hoare triple {5551#false} call sendEmail(~bob~0, ~rjh~0); {5551#false} is VALID [2022-02-20 17:58:49,398 INFO L290 TraceCheckUtils]: 53: Hoare triple {5551#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5551#false} is VALID [2022-02-20 17:58:49,398 INFO L272 TraceCheckUtils]: 54: Hoare triple {5551#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5627#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:49,398 INFO L290 TraceCheckUtils]: 55: Hoare triple {5627#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,398 INFO L290 TraceCheckUtils]: 56: Hoare triple {5550#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,398 INFO L290 TraceCheckUtils]: 57: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,398 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5550#true} {5551#false} #1083#return; {5551#false} is VALID [2022-02-20 17:58:49,399 INFO L272 TraceCheckUtils]: 59: Hoare triple {5551#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5628#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:49,399 INFO L290 TraceCheckUtils]: 60: Hoare triple {5628#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,399 INFO L290 TraceCheckUtils]: 61: Hoare triple {5550#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,399 INFO L290 TraceCheckUtils]: 62: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,399 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5550#true} {5551#false} #1085#return; {5551#false} is VALID [2022-02-20 17:58:49,399 INFO L290 TraceCheckUtils]: 64: Hoare triple {5551#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {5551#false} is VALID [2022-02-20 17:58:49,399 INFO L290 TraceCheckUtils]: 65: Hoare triple {5551#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {5551#false} is VALID [2022-02-20 17:58:49,400 INFO L272 TraceCheckUtils]: 66: Hoare triple {5551#false} call outgoing(~sender#1, ~email~0#1); {5551#false} is VALID [2022-02-20 17:58:49,400 INFO L290 TraceCheckUtils]: 67: Hoare triple {5551#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {5551#false} is VALID [2022-02-20 17:58:49,400 INFO L272 TraceCheckUtils]: 68: Hoare triple {5551#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {5550#true} is VALID [2022-02-20 17:58:49,400 INFO L290 TraceCheckUtils]: 69: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~9; {5550#true} is VALID [2022-02-20 17:58:49,400 INFO L290 TraceCheckUtils]: 70: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {5550#true} is VALID [2022-02-20 17:58:49,400 INFO L290 TraceCheckUtils]: 71: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,400 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {5550#true} {5551#false} #1015#return; {5551#false} is VALID [2022-02-20 17:58:49,401 INFO L290 TraceCheckUtils]: 73: Hoare triple {5551#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {5551#false} is VALID [2022-02-20 17:58:49,401 INFO L290 TraceCheckUtils]: 74: Hoare triple {5551#false} assume 0 == sign_~privkey~1#1; {5551#false} is VALID [2022-02-20 17:58:49,401 INFO L290 TraceCheckUtils]: 75: Hoare triple {5551#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {5551#false} is VALID [2022-02-20 17:58:49,401 INFO L272 TraceCheckUtils]: 76: Hoare triple {5551#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {5550#true} is VALID [2022-02-20 17:58:49,401 INFO L290 TraceCheckUtils]: 77: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~31; {5550#true} is VALID [2022-02-20 17:58:49,401 INFO L290 TraceCheckUtils]: 78: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {5550#true} is VALID [2022-02-20 17:58:49,401 INFO L290 TraceCheckUtils]: 79: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,402 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5550#true} {5551#false} #1017#return; {5551#false} is VALID [2022-02-20 17:58:49,402 INFO L290 TraceCheckUtils]: 81: Hoare triple {5551#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {5551#false} is VALID [2022-02-20 17:58:49,402 INFO L272 TraceCheckUtils]: 82: Hoare triple {5551#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {5550#true} is VALID [2022-02-20 17:58:49,402 INFO L290 TraceCheckUtils]: 83: Hoare triple {5550#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {5550#true} is VALID [2022-02-20 17:58:49,402 INFO L290 TraceCheckUtils]: 84: Hoare triple {5550#true} assume 1 == ~handle; {5550#true} is VALID [2022-02-20 17:58:49,402 INFO L290 TraceCheckUtils]: 85: Hoare triple {5550#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {5550#true} is VALID [2022-02-20 17:58:49,402 INFO L290 TraceCheckUtils]: 86: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,403 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {5550#true} {5551#false} #1019#return; {5551#false} is VALID [2022-02-20 17:58:49,403 INFO L290 TraceCheckUtils]: 88: Hoare triple {5551#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {5551#false} is VALID [2022-02-20 17:58:49,403 INFO L290 TraceCheckUtils]: 89: Hoare triple {5551#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {5551#false} is VALID [2022-02-20 17:58:49,403 INFO L290 TraceCheckUtils]: 90: Hoare triple {5551#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {5551#false} is VALID [2022-02-20 17:58:49,403 INFO L290 TraceCheckUtils]: 91: Hoare triple {5551#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {5551#false} is VALID [2022-02-20 17:58:49,403 INFO L290 TraceCheckUtils]: 92: Hoare triple {5551#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {5551#false} is VALID [2022-02-20 17:58:49,403 INFO L272 TraceCheckUtils]: 93: Hoare triple {5551#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {5627#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:49,404 INFO L290 TraceCheckUtils]: 94: Hoare triple {5627#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:49,404 INFO L290 TraceCheckUtils]: 95: Hoare triple {5550#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:49,404 INFO L290 TraceCheckUtils]: 96: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,404 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5550#true} {5551#false} #1025#return; {5551#false} is VALID [2022-02-20 17:58:49,404 INFO L290 TraceCheckUtils]: 98: Hoare triple {5551#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {5551#false} is VALID [2022-02-20 17:58:49,404 INFO L272 TraceCheckUtils]: 99: Hoare triple {5551#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {5550#true} is VALID [2022-02-20 17:58:49,404 INFO L290 TraceCheckUtils]: 100: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~36; {5550#true} is VALID [2022-02-20 17:58:49,405 INFO L290 TraceCheckUtils]: 101: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {5550#true} is VALID [2022-02-20 17:58:49,405 INFO L290 TraceCheckUtils]: 102: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,405 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {5550#true} {5551#false} #1027#return; {5551#false} is VALID [2022-02-20 17:58:49,405 INFO L290 TraceCheckUtils]: 104: Hoare triple {5551#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {5551#false} is VALID [2022-02-20 17:58:49,405 INFO L290 TraceCheckUtils]: 105: Hoare triple {5551#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {5551#false} is VALID [2022-02-20 17:58:49,405 INFO L272 TraceCheckUtils]: 106: Hoare triple {5551#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {5550#true} is VALID [2022-02-20 17:58:49,405 INFO L290 TraceCheckUtils]: 107: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~31; {5550#true} is VALID [2022-02-20 17:58:49,405 INFO L290 TraceCheckUtils]: 108: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {5550#true} is VALID [2022-02-20 17:58:49,406 INFO L290 TraceCheckUtils]: 109: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,406 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {5550#true} {5551#false} #1029#return; {5551#false} is VALID [2022-02-20 17:58:49,406 INFO L290 TraceCheckUtils]: 111: Hoare triple {5551#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {5551#false} is VALID [2022-02-20 17:58:49,406 INFO L272 TraceCheckUtils]: 112: Hoare triple {5551#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {5550#true} is VALID [2022-02-20 17:58:49,406 INFO L290 TraceCheckUtils]: 113: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~9; {5550#true} is VALID [2022-02-20 17:58:49,406 INFO L290 TraceCheckUtils]: 114: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {5550#true} is VALID [2022-02-20 17:58:49,406 INFO L290 TraceCheckUtils]: 115: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,407 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {5550#true} {5551#false} #1031#return; {5551#false} is VALID [2022-02-20 17:58:49,407 INFO L290 TraceCheckUtils]: 117: Hoare triple {5551#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {5551#false} is VALID [2022-02-20 17:58:49,407 INFO L290 TraceCheckUtils]: 118: Hoare triple {5551#false} assume !(0 != incoming_~privkey~0#1); {5551#false} is VALID [2022-02-20 17:58:49,407 INFO L290 TraceCheckUtils]: 119: Hoare triple {5551#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {5551#false} is VALID [2022-02-20 17:58:49,407 INFO L290 TraceCheckUtils]: 120: Hoare triple {5551#false} assume 1 == ~sent_signed~0; {5551#false} is VALID [2022-02-20 17:58:49,407 INFO L272 TraceCheckUtils]: 121: Hoare triple {5551#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {5550#true} is VALID [2022-02-20 17:58:49,407 INFO L290 TraceCheckUtils]: 122: Hoare triple {5550#true} ~handle := #in~handle;havoc ~retValue_acc~30; {5550#true} is VALID [2022-02-20 17:58:49,408 INFO L290 TraceCheckUtils]: 123: Hoare triple {5550#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {5550#true} is VALID [2022-02-20 17:58:49,408 INFO L290 TraceCheckUtils]: 124: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,408 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {5550#true} {5551#false} #1043#return; {5551#false} is VALID [2022-02-20 17:58:49,408 INFO L290 TraceCheckUtils]: 126: Hoare triple {5551#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {5551#false} is VALID [2022-02-20 17:58:49,408 INFO L272 TraceCheckUtils]: 127: Hoare triple {5551#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {5550#true} is VALID [2022-02-20 17:58:49,408 INFO L290 TraceCheckUtils]: 128: Hoare triple {5550#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {5550#true} is VALID [2022-02-20 17:58:49,408 INFO L290 TraceCheckUtils]: 129: Hoare triple {5550#true} assume 1 == ~handle; {5550#true} is VALID [2022-02-20 17:58:49,409 INFO L290 TraceCheckUtils]: 130: Hoare triple {5550#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {5550#true} is VALID [2022-02-20 17:58:49,409 INFO L290 TraceCheckUtils]: 131: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:49,409 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {5550#true} {5551#false} #1045#return; {5551#false} is VALID [2022-02-20 17:58:49,409 INFO L290 TraceCheckUtils]: 133: Hoare triple {5551#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {5551#false} is VALID [2022-02-20 17:58:49,409 INFO L290 TraceCheckUtils]: 134: Hoare triple {5551#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {5551#false} is VALID [2022-02-20 17:58:49,409 INFO L272 TraceCheckUtils]: 135: Hoare triple {5551#false} call __automaton_fail(); {5551#false} is VALID [2022-02-20 17:58:49,409 INFO L290 TraceCheckUtils]: 136: Hoare triple {5551#false} assume !false; {5551#false} is VALID [2022-02-20 17:58:49,410 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:49,410 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:49,411 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1299046171] [2022-02-20 17:58:49,411 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1299046171] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:49,411 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [38877609] [2022-02-20 17:58:49,411 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:49,411 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:49,412 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:49,413 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:49,456 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:58:49,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,710 INFO L263 TraceCheckSpWp]: Trace formula consists of 1213 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:58:49,768 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,771 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:50,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {5550#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 1: Hoare triple {5550#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 2: Hoare triple {5550#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 3: Hoare triple {5550#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 4: Hoare triple {5550#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 5: Hoare triple {5550#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L272 TraceCheckUtils]: 6: Hoare triple {5550#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 7: Hoare triple {5550#true} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 8: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 9: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5550#true} {5550#true} #1097#return; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 11: Hoare triple {5550#true} assume { :end_inline_setup_bob__wrappee__Base } true; {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L272 TraceCheckUtils]: 12: Hoare triple {5550#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {5550#true} is VALID [2022-02-20 17:58:50,059 INFO L290 TraceCheckUtils]: 13: Hoare triple {5550#true} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 14: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 15: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {5550#true} {5550#true} #1099#return; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 17: Hoare triple {5550#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L272 TraceCheckUtils]: 18: Hoare triple {5550#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 19: Hoare triple {5550#true} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 20: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 21: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {5550#true} {5550#true} #1101#return; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 23: Hoare triple {5550#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L272 TraceCheckUtils]: 24: Hoare triple {5550#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 25: Hoare triple {5550#true} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 26: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 27: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {5550#true} {5550#true} #1103#return; {5550#true} is VALID [2022-02-20 17:58:50,060 INFO L290 TraceCheckUtils]: 29: Hoare triple {5550#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L272 TraceCheckUtils]: 30: Hoare triple {5550#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L290 TraceCheckUtils]: 31: Hoare triple {5550#true} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L290 TraceCheckUtils]: 32: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L290 TraceCheckUtils]: 33: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5550#true} {5550#true} #1105#return; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L290 TraceCheckUtils]: 35: Hoare triple {5550#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L272 TraceCheckUtils]: 36: Hoare triple {5550#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L290 TraceCheckUtils]: 37: Hoare triple {5550#true} ~handle := #in~handle;~value := #in~value; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L290 TraceCheckUtils]: 38: Hoare triple {5550#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L290 TraceCheckUtils]: 39: Hoare triple {5550#true} assume true; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {5550#true} {5550#true} #1107#return; {5550#true} is VALID [2022-02-20 17:58:50,061 INFO L290 TraceCheckUtils]: 41: Hoare triple {5550#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {5550#true} is VALID [2022-02-20 17:58:50,062 INFO L290 TraceCheckUtils]: 42: Hoare triple {5550#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {5758#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:50,062 INFO L290 TraceCheckUtils]: 43: Hoare triple {5758#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {5758#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:50,062 INFO L290 TraceCheckUtils]: 44: Hoare triple {5758#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {5758#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:50,062 INFO L290 TraceCheckUtils]: 45: Hoare triple {5758#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {5758#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:50,063 INFO L290 TraceCheckUtils]: 46: Hoare triple {5758#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L290 TraceCheckUtils]: 47: Hoare triple {5551#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L290 TraceCheckUtils]: 48: Hoare triple {5551#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L290 TraceCheckUtils]: 49: Hoare triple {5551#false} assume !false; {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L290 TraceCheckUtils]: 50: Hoare triple {5551#false} assume !(test_~splverifierCounter~0#1 < 4); {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L290 TraceCheckUtils]: 51: Hoare triple {5551#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L272 TraceCheckUtils]: 52: Hoare triple {5551#false} call sendEmail(~bob~0, ~rjh~0); {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L290 TraceCheckUtils]: 53: Hoare triple {5551#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L272 TraceCheckUtils]: 54: Hoare triple {5551#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L290 TraceCheckUtils]: 55: Hoare triple {5551#false} ~handle := #in~handle;~value := #in~value; {5551#false} is VALID [2022-02-20 17:58:50,063 INFO L290 TraceCheckUtils]: 56: Hoare triple {5551#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L290 TraceCheckUtils]: 57: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {5551#false} {5551#false} #1083#return; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L272 TraceCheckUtils]: 59: Hoare triple {5551#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L290 TraceCheckUtils]: 60: Hoare triple {5551#false} ~handle := #in~handle;~value := #in~value; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L290 TraceCheckUtils]: 61: Hoare triple {5551#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L290 TraceCheckUtils]: 62: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {5551#false} {5551#false} #1085#return; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L290 TraceCheckUtils]: 64: Hoare triple {5551#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L290 TraceCheckUtils]: 65: Hoare triple {5551#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L272 TraceCheckUtils]: 66: Hoare triple {5551#false} call outgoing(~sender#1, ~email~0#1); {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L290 TraceCheckUtils]: 67: Hoare triple {5551#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L272 TraceCheckUtils]: 68: Hoare triple {5551#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {5551#false} is VALID [2022-02-20 17:58:50,064 INFO L290 TraceCheckUtils]: 69: Hoare triple {5551#false} ~handle := #in~handle;havoc ~retValue_acc~9; {5551#false} is VALID [2022-02-20 17:58:50,065 INFO L290 TraceCheckUtils]: 70: Hoare triple {5551#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {5551#false} is VALID [2022-02-20 17:58:50,065 INFO L290 TraceCheckUtils]: 71: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,065 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {5551#false} {5551#false} #1015#return; {5551#false} is VALID [2022-02-20 17:58:50,066 INFO L290 TraceCheckUtils]: 73: Hoare triple {5551#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {5551#false} is VALID [2022-02-20 17:58:50,066 INFO L290 TraceCheckUtils]: 74: Hoare triple {5551#false} assume 0 == sign_~privkey~1#1; {5551#false} is VALID [2022-02-20 17:58:50,066 INFO L290 TraceCheckUtils]: 75: Hoare triple {5551#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L272 TraceCheckUtils]: 76: Hoare triple {5551#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L290 TraceCheckUtils]: 77: Hoare triple {5551#false} ~handle := #in~handle;havoc ~retValue_acc~31; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L290 TraceCheckUtils]: 78: Hoare triple {5551#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L290 TraceCheckUtils]: 79: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {5551#false} {5551#false} #1017#return; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L290 TraceCheckUtils]: 81: Hoare triple {5551#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L272 TraceCheckUtils]: 82: Hoare triple {5551#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L290 TraceCheckUtils]: 83: Hoare triple {5551#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L290 TraceCheckUtils]: 84: Hoare triple {5551#false} assume 1 == ~handle; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L290 TraceCheckUtils]: 85: Hoare triple {5551#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L290 TraceCheckUtils]: 86: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,067 INFO L284 TraceCheckUtils]: 87: Hoare quadruple {5551#false} {5551#false} #1019#return; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 88: Hoare triple {5551#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 89: Hoare triple {5551#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 90: Hoare triple {5551#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 91: Hoare triple {5551#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 92: Hoare triple {5551#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L272 TraceCheckUtils]: 93: Hoare triple {5551#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 94: Hoare triple {5551#false} ~handle := #in~handle;~value := #in~value; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 95: Hoare triple {5551#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 96: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {5551#false} {5551#false} #1025#return; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 98: Hoare triple {5551#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L272 TraceCheckUtils]: 99: Hoare triple {5551#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {5551#false} is VALID [2022-02-20 17:58:50,068 INFO L290 TraceCheckUtils]: 100: Hoare triple {5551#false} ~handle := #in~handle;havoc ~retValue_acc~36; {5551#false} is VALID [2022-02-20 17:58:50,069 INFO L290 TraceCheckUtils]: 101: Hoare triple {5551#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {5551#false} is VALID [2022-02-20 17:58:50,069 INFO L290 TraceCheckUtils]: 102: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,069 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {5551#false} {5551#false} #1027#return; {5551#false} is VALID [2022-02-20 17:58:50,069 INFO L290 TraceCheckUtils]: 104: Hoare triple {5551#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {5551#false} is VALID [2022-02-20 17:58:50,069 INFO L290 TraceCheckUtils]: 105: Hoare triple {5551#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {5551#false} is VALID [2022-02-20 17:58:50,069 INFO L272 TraceCheckUtils]: 106: Hoare triple {5551#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {5551#false} is VALID [2022-02-20 17:58:50,069 INFO L290 TraceCheckUtils]: 107: Hoare triple {5551#false} ~handle := #in~handle;havoc ~retValue_acc~31; {5551#false} is VALID [2022-02-20 17:58:50,069 INFO L290 TraceCheckUtils]: 108: Hoare triple {5551#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {5551#false} is VALID [2022-02-20 17:58:50,071 INFO L290 TraceCheckUtils]: 109: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,071 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {5551#false} {5551#false} #1029#return; {5551#false} is VALID [2022-02-20 17:58:50,072 INFO L290 TraceCheckUtils]: 111: Hoare triple {5551#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {5551#false} is VALID [2022-02-20 17:58:50,072 INFO L272 TraceCheckUtils]: 112: Hoare triple {5551#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {5551#false} is VALID [2022-02-20 17:58:50,072 INFO L290 TraceCheckUtils]: 113: Hoare triple {5551#false} ~handle := #in~handle;havoc ~retValue_acc~9; {5551#false} is VALID [2022-02-20 17:58:50,072 INFO L290 TraceCheckUtils]: 114: Hoare triple {5551#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {5551#false} is VALID [2022-02-20 17:58:50,072 INFO L290 TraceCheckUtils]: 115: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,072 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {5551#false} {5551#false} #1031#return; {5551#false} is VALID [2022-02-20 17:58:50,072 INFO L290 TraceCheckUtils]: 117: Hoare triple {5551#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {5551#false} is VALID [2022-02-20 17:58:50,073 INFO L290 TraceCheckUtils]: 118: Hoare triple {5551#false} assume !(0 != incoming_~privkey~0#1); {5551#false} is VALID [2022-02-20 17:58:50,073 INFO L290 TraceCheckUtils]: 119: Hoare triple {5551#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {5551#false} is VALID [2022-02-20 17:58:50,073 INFO L290 TraceCheckUtils]: 120: Hoare triple {5551#false} assume 1 == ~sent_signed~0; {5551#false} is VALID [2022-02-20 17:58:50,073 INFO L272 TraceCheckUtils]: 121: Hoare triple {5551#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {5551#false} is VALID [2022-02-20 17:58:50,073 INFO L290 TraceCheckUtils]: 122: Hoare triple {5551#false} ~handle := #in~handle;havoc ~retValue_acc~30; {5551#false} is VALID [2022-02-20 17:58:50,073 INFO L290 TraceCheckUtils]: 123: Hoare triple {5551#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {5551#false} is VALID [2022-02-20 17:58:50,073 INFO L290 TraceCheckUtils]: 124: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,074 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {5551#false} {5551#false} #1043#return; {5551#false} is VALID [2022-02-20 17:58:50,074 INFO L290 TraceCheckUtils]: 126: Hoare triple {5551#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {5551#false} is VALID [2022-02-20 17:58:50,074 INFO L272 TraceCheckUtils]: 127: Hoare triple {5551#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {5551#false} is VALID [2022-02-20 17:58:50,074 INFO L290 TraceCheckUtils]: 128: Hoare triple {5551#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {5551#false} is VALID [2022-02-20 17:58:50,074 INFO L290 TraceCheckUtils]: 129: Hoare triple {5551#false} assume 1 == ~handle; {5551#false} is VALID [2022-02-20 17:58:50,074 INFO L290 TraceCheckUtils]: 130: Hoare triple {5551#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {5551#false} is VALID [2022-02-20 17:58:50,074 INFO L290 TraceCheckUtils]: 131: Hoare triple {5551#false} assume true; {5551#false} is VALID [2022-02-20 17:58:50,075 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {5551#false} {5551#false} #1045#return; {5551#false} is VALID [2022-02-20 17:58:50,075 INFO L290 TraceCheckUtils]: 133: Hoare triple {5551#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {5551#false} is VALID [2022-02-20 17:58:50,075 INFO L290 TraceCheckUtils]: 134: Hoare triple {5551#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {5551#false} is VALID [2022-02-20 17:58:50,075 INFO L272 TraceCheckUtils]: 135: Hoare triple {5551#false} call __automaton_fail(); {5551#false} is VALID [2022-02-20 17:58:50,075 INFO L290 TraceCheckUtils]: 136: Hoare triple {5551#false} assume !false; {5551#false} is VALID [2022-02-20 17:58:50,076 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:50,076 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:50,076 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [38877609] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:50,076 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:50,076 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:50,076 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2107497911] [2022-02-20 17:58:50,077 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:50,077 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 137 [2022-02-20 17:58:50,078 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:50,078 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:50,167 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 112 edges. 112 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:50,167 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:50,167 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:50,168 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:50,168 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:50,168 INFO L87 Difference]: Start difference. First operand 374 states and 550 transitions. Second operand has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:50,750 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:50,750 INFO L93 Difference]: Finished difference Result 778 states and 1159 transitions. [2022-02-20 17:58:50,750 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:50,750 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) Word has length 137 [2022-02-20 17:58:50,751 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:50,751 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:50,782 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1157 transitions. [2022-02-20 17:58:50,783 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:50,801 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1157 transitions. [2022-02-20 17:58:50,801 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1157 transitions. [2022-02-20 17:58:51,562 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1157 edges. 1157 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:51,578 INFO L225 Difference]: With dead ends: 778 [2022-02-20 17:58:51,579 INFO L226 Difference]: Without dead ends: 431 [2022-02-20 17:58:51,580 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 174 GetRequests, 166 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:51,581 INFO L933 BasicCegarLoop]: 561 mSDtfsCounter, 107 mSDsluCounter, 499 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 122 SdHoareTripleChecker+Valid, 1060 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:51,581 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [122 Valid, 1060 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:51,582 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 431 states. [2022-02-20 17:58:51,596 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 431 to 423. [2022-02-20 17:58:51,596 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:51,597 INFO L82 GeneralOperation]: Start isEquivalent. First operand 431 states. Second operand has 423 states, 324 states have (on average 1.5030864197530864) internal successors, (487), 328 states have internal predecessors, (487), 75 states have call successors, (75), 24 states have call predecessors, (75), 23 states have return successors, (72), 72 states have call predecessors, (72), 72 states have call successors, (72) [2022-02-20 17:58:51,598 INFO L74 IsIncluded]: Start isIncluded. First operand 431 states. Second operand has 423 states, 324 states have (on average 1.5030864197530864) internal successors, (487), 328 states have internal predecessors, (487), 75 states have call successors, (75), 24 states have call predecessors, (75), 23 states have return successors, (72), 72 states have call predecessors, (72), 72 states have call successors, (72) [2022-02-20 17:58:51,599 INFO L87 Difference]: Start difference. First operand 431 states. Second operand has 423 states, 324 states have (on average 1.5030864197530864) internal successors, (487), 328 states have internal predecessors, (487), 75 states have call successors, (75), 24 states have call predecessors, (75), 23 states have return successors, (72), 72 states have call predecessors, (72), 72 states have call successors, (72) [2022-02-20 17:58:51,617 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:51,617 INFO L93 Difference]: Finished difference Result 431 states and 643 transitions. [2022-02-20 17:58:51,617 INFO L276 IsEmpty]: Start isEmpty. Operand 431 states and 643 transitions. [2022-02-20 17:58:51,619 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:51,619 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:51,620 INFO L74 IsIncluded]: Start isIncluded. First operand has 423 states, 324 states have (on average 1.5030864197530864) internal successors, (487), 328 states have internal predecessors, (487), 75 states have call successors, (75), 24 states have call predecessors, (75), 23 states have return successors, (72), 72 states have call predecessors, (72), 72 states have call successors, (72) Second operand 431 states. [2022-02-20 17:58:51,621 INFO L87 Difference]: Start difference. First operand has 423 states, 324 states have (on average 1.5030864197530864) internal successors, (487), 328 states have internal predecessors, (487), 75 states have call successors, (75), 24 states have call predecessors, (75), 23 states have return successors, (72), 72 states have call predecessors, (72), 72 states have call successors, (72) Second operand 431 states. [2022-02-20 17:58:51,639 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:51,639 INFO L93 Difference]: Finished difference Result 431 states and 643 transitions. [2022-02-20 17:58:51,639 INFO L276 IsEmpty]: Start isEmpty. Operand 431 states and 643 transitions. [2022-02-20 17:58:51,641 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:51,641 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:51,641 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:51,641 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:51,643 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 423 states, 324 states have (on average 1.5030864197530864) internal successors, (487), 328 states have internal predecessors, (487), 75 states have call successors, (75), 24 states have call predecessors, (75), 23 states have return successors, (72), 72 states have call predecessors, (72), 72 states have call successors, (72) [2022-02-20 17:58:51,662 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 423 states to 423 states and 634 transitions. [2022-02-20 17:58:51,662 INFO L78 Accepts]: Start accepts. Automaton has 423 states and 634 transitions. Word has length 137 [2022-02-20 17:58:51,663 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:51,663 INFO L470 AbstractCegarLoop]: Abstraction has 423 states and 634 transitions. [2022-02-20 17:58:51,663 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 25.0) internal successors, (75), 3 states have internal predecessors, (75), 2 states have call successors, (20), 2 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 2 states have call successors, (17) [2022-02-20 17:58:51,663 INFO L276 IsEmpty]: Start isEmpty. Operand 423 states and 634 transitions. [2022-02-20 17:58:51,665 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 139 [2022-02-20 17:58:51,673 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:51,673 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:51,703 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:51,889 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:51,889 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:51,890 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:51,890 INFO L85 PathProgramCache]: Analyzing trace with hash -607209044, now seen corresponding path program 1 times [2022-02-20 17:58:51,890 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:51,890 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1891940064] [2022-02-20 17:58:51,890 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:51,890 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:51,922 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,961 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:51,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,965 INFO L290 TraceCheckUtils]: 0: Hoare triple {8678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:51,965 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:51,965 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:51,965 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8605#true} #1097#return; {8605#true} is VALID [2022-02-20 17:58:51,971 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:51,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {8679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:51,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:51,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:51,975 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8605#true} #1099#return; {8605#true} is VALID [2022-02-20 17:58:51,976 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:51,977 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {8678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8680#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {8680#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8681#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:51,992 INFO L290 TraceCheckUtils]: 2: Hoare triple {8681#(= |setClientId_#in~handle| 1)} assume true; {8681#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:51,992 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8681#(= |setClientId_#in~handle| 1)} {8615#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1101#return; {8606#false} is VALID [2022-02-20 17:58:51,993 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:51,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,997 INFO L290 TraceCheckUtils]: 0: Hoare triple {8679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:51,997 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:51,997 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:51,998 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1103#return; {8606#false} is VALID [2022-02-20 17:58:51,998 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:51,999 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,001 INFO L290 TraceCheckUtils]: 0: Hoare triple {8678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,001 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,001 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,002 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1105#return; {8606#false} is VALID [2022-02-20 17:58:52,002 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:52,003 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,005 INFO L290 TraceCheckUtils]: 0: Hoare triple {8679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,005 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,006 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,006 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1107#return; {8606#false} is VALID [2022-02-20 17:58:52,013 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:58:52,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {8682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,016 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,017 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1083#return; {8606#false} is VALID [2022-02-20 17:58:52,024 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:58:52,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,028 INFO L290 TraceCheckUtils]: 0: Hoare triple {8683#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,028 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,028 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,028 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1085#return; {8606#false} is VALID [2022-02-20 17:58:52,028 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:58:52,029 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8605#true} is VALID [2022-02-20 17:58:52,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8605#true} is VALID [2022-02-20 17:58:52,031 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,031 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1015#return; {8606#false} is VALID [2022-02-20 17:58:52,032 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:58:52,032 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,034 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~31; {8605#true} is VALID [2022-02-20 17:58:52,034 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {8605#true} is VALID [2022-02-20 17:58:52,034 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,035 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1017#return; {8606#false} is VALID [2022-02-20 17:58:52,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 83 [2022-02-20 17:58:52,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,037 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {8605#true} is VALID [2022-02-20 17:58:52,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle; {8605#true} is VALID [2022-02-20 17:58:52,038 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {8605#true} is VALID [2022-02-20 17:58:52,038 INFO L290 TraceCheckUtils]: 3: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,038 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8605#true} {8606#false} #1019#return; {8606#false} is VALID [2022-02-20 17:58:52,038 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:58:52,039 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {8682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,041 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,041 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,041 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1025#return; {8606#false} is VALID [2022-02-20 17:58:52,042 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 100 [2022-02-20 17:58:52,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,044 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8605#true} is VALID [2022-02-20 17:58:52,044 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {8605#true} is VALID [2022-02-20 17:58:52,044 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,045 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1027#return; {8606#false} is VALID [2022-02-20 17:58:52,045 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 17:58:52,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,047 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~31; {8605#true} is VALID [2022-02-20 17:58:52,048 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {8605#true} is VALID [2022-02-20 17:58:52,048 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,048 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1029#return; {8606#false} is VALID [2022-02-20 17:58:52,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:58:52,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8605#true} is VALID [2022-02-20 17:58:52,051 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8605#true} is VALID [2022-02-20 17:58:52,051 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,051 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1031#return; {8606#false} is VALID [2022-02-20 17:58:52,051 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 17:58:52,052 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,054 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~30; {8605#true} is VALID [2022-02-20 17:58:52,054 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {8605#true} is VALID [2022-02-20 17:58:52,054 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,054 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {8605#true} {8606#false} #1043#return; {8606#false} is VALID [2022-02-20 17:58:52,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:58:52,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {8605#true} is VALID [2022-02-20 17:58:52,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume 1 == ~handle; {8605#true} is VALID [2022-02-20 17:58:52,057 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {8605#true} is VALID [2022-02-20 17:58:52,058 INFO L290 TraceCheckUtils]: 3: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,058 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {8605#true} {8606#false} #1045#return; {8606#false} is VALID [2022-02-20 17:58:52,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {8605#true} is VALID [2022-02-20 17:58:52,058 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {8605#true} is VALID [2022-02-20 17:58:52,058 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8605#true} is VALID [2022-02-20 17:58:52,058 INFO L290 TraceCheckUtils]: 3: Hoare triple {8605#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {8605#true} is VALID [2022-02-20 17:58:52,059 INFO L290 TraceCheckUtils]: 4: Hoare triple {8605#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {8605#true} is VALID [2022-02-20 17:58:52,059 INFO L290 TraceCheckUtils]: 5: Hoare triple {8605#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8605#true} is VALID [2022-02-20 17:58:52,060 INFO L272 TraceCheckUtils]: 6: Hoare triple {8605#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:52,060 INFO L290 TraceCheckUtils]: 7: Hoare triple {8678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,060 INFO L290 TraceCheckUtils]: 8: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,060 INFO L290 TraceCheckUtils]: 9: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,060 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8605#true} {8605#true} #1097#return; {8605#true} is VALID [2022-02-20 17:58:52,060 INFO L290 TraceCheckUtils]: 11: Hoare triple {8605#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8605#true} is VALID [2022-02-20 17:58:52,061 INFO L272 TraceCheckUtils]: 12: Hoare triple {8605#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:52,061 INFO L290 TraceCheckUtils]: 13: Hoare triple {8679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,061 INFO L290 TraceCheckUtils]: 14: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,061 INFO L290 TraceCheckUtils]: 15: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,062 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8605#true} {8605#true} #1099#return; {8605#true} is VALID [2022-02-20 17:58:52,062 INFO L290 TraceCheckUtils]: 17: Hoare triple {8605#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8615#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:52,063 INFO L272 TraceCheckUtils]: 18: Hoare triple {8615#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:52,063 INFO L290 TraceCheckUtils]: 19: Hoare triple {8678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8680#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:52,064 INFO L290 TraceCheckUtils]: 20: Hoare triple {8680#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8681#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:52,064 INFO L290 TraceCheckUtils]: 21: Hoare triple {8681#(= |setClientId_#in~handle| 1)} assume true; {8681#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:52,065 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8681#(= |setClientId_#in~handle| 1)} {8615#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1101#return; {8606#false} is VALID [2022-02-20 17:58:52,065 INFO L290 TraceCheckUtils]: 23: Hoare triple {8606#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8606#false} is VALID [2022-02-20 17:58:52,065 INFO L272 TraceCheckUtils]: 24: Hoare triple {8606#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:52,065 INFO L290 TraceCheckUtils]: 25: Hoare triple {8679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,065 INFO L290 TraceCheckUtils]: 26: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,065 INFO L290 TraceCheckUtils]: 27: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,065 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8605#true} {8606#false} #1103#return; {8606#false} is VALID [2022-02-20 17:58:52,066 INFO L290 TraceCheckUtils]: 29: Hoare triple {8606#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8606#false} is VALID [2022-02-20 17:58:52,066 INFO L272 TraceCheckUtils]: 30: Hoare triple {8606#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:52,066 INFO L290 TraceCheckUtils]: 31: Hoare triple {8678#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,066 INFO L290 TraceCheckUtils]: 32: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,066 INFO L290 TraceCheckUtils]: 33: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,066 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8605#true} {8606#false} #1105#return; {8606#false} is VALID [2022-02-20 17:58:52,066 INFO L290 TraceCheckUtils]: 35: Hoare triple {8606#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8606#false} is VALID [2022-02-20 17:58:52,067 INFO L272 TraceCheckUtils]: 36: Hoare triple {8606#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:52,067 INFO L290 TraceCheckUtils]: 37: Hoare triple {8679#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,067 INFO L290 TraceCheckUtils]: 38: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,067 INFO L290 TraceCheckUtils]: 39: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,067 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8605#true} {8606#false} #1107#return; {8606#false} is VALID [2022-02-20 17:58:52,067 INFO L290 TraceCheckUtils]: 41: Hoare triple {8606#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {8606#false} is VALID [2022-02-20 17:58:52,067 INFO L290 TraceCheckUtils]: 42: Hoare triple {8606#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8606#false} is VALID [2022-02-20 17:58:52,068 INFO L290 TraceCheckUtils]: 43: Hoare triple {8606#false} assume !false; {8606#false} is VALID [2022-02-20 17:58:52,068 INFO L290 TraceCheckUtils]: 44: Hoare triple {8606#false} assume test_~splverifierCounter~0#1 < 4; {8606#false} is VALID [2022-02-20 17:58:52,068 INFO L290 TraceCheckUtils]: 45: Hoare triple {8606#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8606#false} is VALID [2022-02-20 17:58:52,068 INFO L290 TraceCheckUtils]: 46: Hoare triple {8606#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {8606#false} is VALID [2022-02-20 17:58:52,068 INFO L290 TraceCheckUtils]: 47: Hoare triple {8606#false} assume !(0 != test_~tmp___9~0#1); {8606#false} is VALID [2022-02-20 17:58:52,068 INFO L290 TraceCheckUtils]: 48: Hoare triple {8606#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {8606#false} is VALID [2022-02-20 17:58:52,068 INFO L290 TraceCheckUtils]: 49: Hoare triple {8606#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8606#false} is VALID [2022-02-20 17:58:52,069 INFO L290 TraceCheckUtils]: 50: Hoare triple {8606#false} assume !false; {8606#false} is VALID [2022-02-20 17:58:52,069 INFO L290 TraceCheckUtils]: 51: Hoare triple {8606#false} assume !(test_~splverifierCounter~0#1 < 4); {8606#false} is VALID [2022-02-20 17:58:52,069 INFO L290 TraceCheckUtils]: 52: Hoare triple {8606#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {8606#false} is VALID [2022-02-20 17:58:52,069 INFO L272 TraceCheckUtils]: 53: Hoare triple {8606#false} call sendEmail(~bob~0, ~rjh~0); {8606#false} is VALID [2022-02-20 17:58:52,069 INFO L290 TraceCheckUtils]: 54: Hoare triple {8606#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8606#false} is VALID [2022-02-20 17:58:52,069 INFO L272 TraceCheckUtils]: 55: Hoare triple {8606#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:52,070 INFO L290 TraceCheckUtils]: 56: Hoare triple {8682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,070 INFO L290 TraceCheckUtils]: 57: Hoare triple {8605#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,070 INFO L290 TraceCheckUtils]: 58: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,070 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8605#true} {8606#false} #1083#return; {8606#false} is VALID [2022-02-20 17:58:52,070 INFO L272 TraceCheckUtils]: 60: Hoare triple {8606#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8683#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:52,070 INFO L290 TraceCheckUtils]: 61: Hoare triple {8683#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,070 INFO L290 TraceCheckUtils]: 62: Hoare triple {8605#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,070 INFO L290 TraceCheckUtils]: 63: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,071 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {8605#true} {8606#false} #1085#return; {8606#false} is VALID [2022-02-20 17:58:52,071 INFO L290 TraceCheckUtils]: 65: Hoare triple {8606#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {8606#false} is VALID [2022-02-20 17:58:52,071 INFO L290 TraceCheckUtils]: 66: Hoare triple {8606#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {8606#false} is VALID [2022-02-20 17:58:52,071 INFO L272 TraceCheckUtils]: 67: Hoare triple {8606#false} call outgoing(~sender#1, ~email~0#1); {8606#false} is VALID [2022-02-20 17:58:52,071 INFO L290 TraceCheckUtils]: 68: Hoare triple {8606#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {8606#false} is VALID [2022-02-20 17:58:52,071 INFO L272 TraceCheckUtils]: 69: Hoare triple {8606#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {8605#true} is VALID [2022-02-20 17:58:52,071 INFO L290 TraceCheckUtils]: 70: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8605#true} is VALID [2022-02-20 17:58:52,072 INFO L290 TraceCheckUtils]: 71: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8605#true} is VALID [2022-02-20 17:58:52,072 INFO L290 TraceCheckUtils]: 72: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,072 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {8605#true} {8606#false} #1015#return; {8606#false} is VALID [2022-02-20 17:58:52,072 INFO L290 TraceCheckUtils]: 74: Hoare triple {8606#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {8606#false} is VALID [2022-02-20 17:58:52,072 INFO L290 TraceCheckUtils]: 75: Hoare triple {8606#false} assume 0 == sign_~privkey~1#1; {8606#false} is VALID [2022-02-20 17:58:52,072 INFO L290 TraceCheckUtils]: 76: Hoare triple {8606#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {8606#false} is VALID [2022-02-20 17:58:52,072 INFO L272 TraceCheckUtils]: 77: Hoare triple {8606#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {8605#true} is VALID [2022-02-20 17:58:52,073 INFO L290 TraceCheckUtils]: 78: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~31; {8605#true} is VALID [2022-02-20 17:58:52,073 INFO L290 TraceCheckUtils]: 79: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {8605#true} is VALID [2022-02-20 17:58:52,073 INFO L290 TraceCheckUtils]: 80: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,073 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {8605#true} {8606#false} #1017#return; {8606#false} is VALID [2022-02-20 17:58:52,073 INFO L290 TraceCheckUtils]: 82: Hoare triple {8606#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {8606#false} is VALID [2022-02-20 17:58:52,073 INFO L272 TraceCheckUtils]: 83: Hoare triple {8606#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {8605#true} is VALID [2022-02-20 17:58:52,073 INFO L290 TraceCheckUtils]: 84: Hoare triple {8605#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {8605#true} is VALID [2022-02-20 17:58:52,074 INFO L290 TraceCheckUtils]: 85: Hoare triple {8605#true} assume 1 == ~handle; {8605#true} is VALID [2022-02-20 17:58:52,074 INFO L290 TraceCheckUtils]: 86: Hoare triple {8605#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {8605#true} is VALID [2022-02-20 17:58:52,074 INFO L290 TraceCheckUtils]: 87: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,074 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {8605#true} {8606#false} #1019#return; {8606#false} is VALID [2022-02-20 17:58:52,074 INFO L290 TraceCheckUtils]: 89: Hoare triple {8606#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {8606#false} is VALID [2022-02-20 17:58:52,074 INFO L290 TraceCheckUtils]: 90: Hoare triple {8606#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {8606#false} is VALID [2022-02-20 17:58:52,074 INFO L290 TraceCheckUtils]: 91: Hoare triple {8606#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {8606#false} is VALID [2022-02-20 17:58:52,075 INFO L290 TraceCheckUtils]: 92: Hoare triple {8606#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {8606#false} is VALID [2022-02-20 17:58:52,075 INFO L290 TraceCheckUtils]: 93: Hoare triple {8606#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {8606#false} is VALID [2022-02-20 17:58:52,075 INFO L272 TraceCheckUtils]: 94: Hoare triple {8606#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {8682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:52,075 INFO L290 TraceCheckUtils]: 95: Hoare triple {8682#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,075 INFO L290 TraceCheckUtils]: 96: Hoare triple {8605#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,075 INFO L290 TraceCheckUtils]: 97: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,076 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8605#true} {8606#false} #1025#return; {8606#false} is VALID [2022-02-20 17:58:52,076 INFO L290 TraceCheckUtils]: 99: Hoare triple {8606#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {8606#false} is VALID [2022-02-20 17:58:52,076 INFO L272 TraceCheckUtils]: 100: Hoare triple {8606#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {8605#true} is VALID [2022-02-20 17:58:52,076 INFO L290 TraceCheckUtils]: 101: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~36; {8605#true} is VALID [2022-02-20 17:58:52,076 INFO L290 TraceCheckUtils]: 102: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {8605#true} is VALID [2022-02-20 17:58:52,076 INFO L290 TraceCheckUtils]: 103: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,076 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {8605#true} {8606#false} #1027#return; {8606#false} is VALID [2022-02-20 17:58:52,076 INFO L290 TraceCheckUtils]: 105: Hoare triple {8606#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {8606#false} is VALID [2022-02-20 17:58:52,077 INFO L290 TraceCheckUtils]: 106: Hoare triple {8606#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {8606#false} is VALID [2022-02-20 17:58:52,077 INFO L272 TraceCheckUtils]: 107: Hoare triple {8606#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {8605#true} is VALID [2022-02-20 17:58:52,077 INFO L290 TraceCheckUtils]: 108: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~31; {8605#true} is VALID [2022-02-20 17:58:52,077 INFO L290 TraceCheckUtils]: 109: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {8605#true} is VALID [2022-02-20 17:58:52,077 INFO L290 TraceCheckUtils]: 110: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,077 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {8605#true} {8606#false} #1029#return; {8606#false} is VALID [2022-02-20 17:58:52,077 INFO L290 TraceCheckUtils]: 112: Hoare triple {8606#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {8606#false} is VALID [2022-02-20 17:58:52,078 INFO L272 TraceCheckUtils]: 113: Hoare triple {8606#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {8605#true} is VALID [2022-02-20 17:58:52,078 INFO L290 TraceCheckUtils]: 114: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~9; {8605#true} is VALID [2022-02-20 17:58:52,078 INFO L290 TraceCheckUtils]: 115: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8605#true} is VALID [2022-02-20 17:58:52,078 INFO L290 TraceCheckUtils]: 116: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,078 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {8605#true} {8606#false} #1031#return; {8606#false} is VALID [2022-02-20 17:58:52,078 INFO L290 TraceCheckUtils]: 118: Hoare triple {8606#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {8606#false} is VALID [2022-02-20 17:58:52,078 INFO L290 TraceCheckUtils]: 119: Hoare triple {8606#false} assume !(0 != incoming_~privkey~0#1); {8606#false} is VALID [2022-02-20 17:58:52,079 INFO L290 TraceCheckUtils]: 120: Hoare triple {8606#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {8606#false} is VALID [2022-02-20 17:58:52,079 INFO L290 TraceCheckUtils]: 121: Hoare triple {8606#false} assume 1 == ~sent_signed~0; {8606#false} is VALID [2022-02-20 17:58:52,079 INFO L272 TraceCheckUtils]: 122: Hoare triple {8606#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {8605#true} is VALID [2022-02-20 17:58:52,079 INFO L290 TraceCheckUtils]: 123: Hoare triple {8605#true} ~handle := #in~handle;havoc ~retValue_acc~30; {8605#true} is VALID [2022-02-20 17:58:52,079 INFO L290 TraceCheckUtils]: 124: Hoare triple {8605#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {8605#true} is VALID [2022-02-20 17:58:52,079 INFO L290 TraceCheckUtils]: 125: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,080 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {8605#true} {8606#false} #1043#return; {8606#false} is VALID [2022-02-20 17:58:52,080 INFO L290 TraceCheckUtils]: 127: Hoare triple {8606#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {8606#false} is VALID [2022-02-20 17:58:52,080 INFO L272 TraceCheckUtils]: 128: Hoare triple {8606#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {8605#true} is VALID [2022-02-20 17:58:52,080 INFO L290 TraceCheckUtils]: 129: Hoare triple {8605#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {8605#true} is VALID [2022-02-20 17:58:52,080 INFO L290 TraceCheckUtils]: 130: Hoare triple {8605#true} assume 1 == ~handle; {8605#true} is VALID [2022-02-20 17:58:52,080 INFO L290 TraceCheckUtils]: 131: Hoare triple {8605#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {8605#true} is VALID [2022-02-20 17:58:52,080 INFO L290 TraceCheckUtils]: 132: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,081 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {8605#true} {8606#false} #1045#return; {8606#false} is VALID [2022-02-20 17:58:52,081 INFO L290 TraceCheckUtils]: 134: Hoare triple {8606#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {8606#false} is VALID [2022-02-20 17:58:52,081 INFO L290 TraceCheckUtils]: 135: Hoare triple {8606#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {8606#false} is VALID [2022-02-20 17:58:52,081 INFO L272 TraceCheckUtils]: 136: Hoare triple {8606#false} call __automaton_fail(); {8606#false} is VALID [2022-02-20 17:58:52,081 INFO L290 TraceCheckUtils]: 137: Hoare triple {8606#false} assume !false; {8606#false} is VALID [2022-02-20 17:58:52,082 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:52,082 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:52,082 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1891940064] [2022-02-20 17:58:52,082 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1891940064] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:52,082 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2024303942] [2022-02-20 17:58:52,082 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:52,083 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:52,083 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:52,084 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:52,086 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:58:52,384 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,388 INFO L263 TraceCheckSpWp]: Trace formula consists of 1220 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:58:52,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:52,447 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:52,815 INFO L290 TraceCheckUtils]: 0: Hoare triple {8605#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {8605#true} is VALID [2022-02-20 17:58:52,815 INFO L290 TraceCheckUtils]: 1: Hoare triple {8605#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {8605#true} is VALID [2022-02-20 17:58:52,815 INFO L290 TraceCheckUtils]: 2: Hoare triple {8605#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8605#true} is VALID [2022-02-20 17:58:52,815 INFO L290 TraceCheckUtils]: 3: Hoare triple {8605#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {8605#true} is VALID [2022-02-20 17:58:52,815 INFO L290 TraceCheckUtils]: 4: Hoare triple {8605#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {8605#true} is VALID [2022-02-20 17:58:52,815 INFO L290 TraceCheckUtils]: 5: Hoare triple {8605#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L272 TraceCheckUtils]: 6: Hoare triple {8605#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L290 TraceCheckUtils]: 7: Hoare triple {8605#true} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L290 TraceCheckUtils]: 8: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L290 TraceCheckUtils]: 9: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8605#true} {8605#true} #1097#return; {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L290 TraceCheckUtils]: 11: Hoare triple {8605#true} assume { :end_inline_setup_bob__wrappee__Base } true; {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L272 TraceCheckUtils]: 12: Hoare triple {8605#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L290 TraceCheckUtils]: 13: Hoare triple {8605#true} ~handle := #in~handle;~value := #in~value; {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L290 TraceCheckUtils]: 14: Hoare triple {8605#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L290 TraceCheckUtils]: 15: Hoare triple {8605#true} assume true; {8605#true} is VALID [2022-02-20 17:58:52,816 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8605#true} {8605#true} #1099#return; {8605#true} is VALID [2022-02-20 17:58:52,817 INFO L290 TraceCheckUtils]: 17: Hoare triple {8605#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {8738#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:52,817 INFO L272 TraceCheckUtils]: 18: Hoare triple {8738#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {8605#true} is VALID [2022-02-20 17:58:52,818 INFO L290 TraceCheckUtils]: 19: Hoare triple {8605#true} ~handle := #in~handle;~value := #in~value; {8745#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:58:52,818 INFO L290 TraceCheckUtils]: 20: Hoare triple {8745#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8749#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:52,818 INFO L290 TraceCheckUtils]: 21: Hoare triple {8749#(<= |setClientId_#in~handle| 1)} assume true; {8749#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:52,819 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {8749#(<= |setClientId_#in~handle| 1)} {8738#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1101#return; {8606#false} is VALID [2022-02-20 17:58:52,819 INFO L290 TraceCheckUtils]: 23: Hoare triple {8606#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {8606#false} is VALID [2022-02-20 17:58:52,819 INFO L272 TraceCheckUtils]: 24: Hoare triple {8606#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {8606#false} is VALID [2022-02-20 17:58:52,819 INFO L290 TraceCheckUtils]: 25: Hoare triple {8606#false} ~handle := #in~handle;~value := #in~value; {8606#false} is VALID [2022-02-20 17:58:52,819 INFO L290 TraceCheckUtils]: 26: Hoare triple {8606#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L290 TraceCheckUtils]: 27: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {8606#false} {8606#false} #1103#return; {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L290 TraceCheckUtils]: 29: Hoare triple {8606#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L272 TraceCheckUtils]: 30: Hoare triple {8606#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L290 TraceCheckUtils]: 31: Hoare triple {8606#false} ~handle := #in~handle;~value := #in~value; {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L290 TraceCheckUtils]: 32: Hoare triple {8606#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L290 TraceCheckUtils]: 33: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8606#false} {8606#false} #1105#return; {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L290 TraceCheckUtils]: 35: Hoare triple {8606#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {8606#false} is VALID [2022-02-20 17:58:52,820 INFO L272 TraceCheckUtils]: 36: Hoare triple {8606#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 37: Hoare triple {8606#false} ~handle := #in~handle;~value := #in~value; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 38: Hoare triple {8606#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 39: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {8606#false} {8606#false} #1107#return; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 41: Hoare triple {8606#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 42: Hoare triple {8606#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 43: Hoare triple {8606#false} assume !false; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 44: Hoare triple {8606#false} assume test_~splverifierCounter~0#1 < 4; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 45: Hoare triple {8606#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 46: Hoare triple {8606#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {8606#false} is VALID [2022-02-20 17:58:52,821 INFO L290 TraceCheckUtils]: 47: Hoare triple {8606#false} assume !(0 != test_~tmp___9~0#1); {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L290 TraceCheckUtils]: 48: Hoare triple {8606#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L290 TraceCheckUtils]: 49: Hoare triple {8606#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L290 TraceCheckUtils]: 50: Hoare triple {8606#false} assume !false; {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L290 TraceCheckUtils]: 51: Hoare triple {8606#false} assume !(test_~splverifierCounter~0#1 < 4); {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L290 TraceCheckUtils]: 52: Hoare triple {8606#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L272 TraceCheckUtils]: 53: Hoare triple {8606#false} call sendEmail(~bob~0, ~rjh~0); {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L290 TraceCheckUtils]: 54: Hoare triple {8606#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L272 TraceCheckUtils]: 55: Hoare triple {8606#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L290 TraceCheckUtils]: 56: Hoare triple {8606#false} ~handle := #in~handle;~value := #in~value; {8606#false} is VALID [2022-02-20 17:58:52,822 INFO L290 TraceCheckUtils]: 57: Hoare triple {8606#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L290 TraceCheckUtils]: 58: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {8606#false} {8606#false} #1083#return; {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L272 TraceCheckUtils]: 60: Hoare triple {8606#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L290 TraceCheckUtils]: 61: Hoare triple {8606#false} ~handle := #in~handle;~value := #in~value; {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L290 TraceCheckUtils]: 62: Hoare triple {8606#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L290 TraceCheckUtils]: 63: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {8606#false} {8606#false} #1085#return; {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L290 TraceCheckUtils]: 65: Hoare triple {8606#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L290 TraceCheckUtils]: 66: Hoare triple {8606#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {8606#false} is VALID [2022-02-20 17:58:52,823 INFO L272 TraceCheckUtils]: 67: Hoare triple {8606#false} call outgoing(~sender#1, ~email~0#1); {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L290 TraceCheckUtils]: 68: Hoare triple {8606#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L272 TraceCheckUtils]: 69: Hoare triple {8606#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L290 TraceCheckUtils]: 70: Hoare triple {8606#false} ~handle := #in~handle;havoc ~retValue_acc~9; {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L290 TraceCheckUtils]: 71: Hoare triple {8606#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L290 TraceCheckUtils]: 72: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {8606#false} {8606#false} #1015#return; {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L290 TraceCheckUtils]: 74: Hoare triple {8606#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L290 TraceCheckUtils]: 75: Hoare triple {8606#false} assume 0 == sign_~privkey~1#1; {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L290 TraceCheckUtils]: 76: Hoare triple {8606#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L272 TraceCheckUtils]: 77: Hoare triple {8606#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {8606#false} is VALID [2022-02-20 17:58:52,824 INFO L290 TraceCheckUtils]: 78: Hoare triple {8606#false} ~handle := #in~handle;havoc ~retValue_acc~31; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L290 TraceCheckUtils]: 79: Hoare triple {8606#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L290 TraceCheckUtils]: 80: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {8606#false} {8606#false} #1017#return; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L290 TraceCheckUtils]: 82: Hoare triple {8606#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L272 TraceCheckUtils]: 83: Hoare triple {8606#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L290 TraceCheckUtils]: 84: Hoare triple {8606#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L290 TraceCheckUtils]: 85: Hoare triple {8606#false} assume 1 == ~handle; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L290 TraceCheckUtils]: 86: Hoare triple {8606#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L290 TraceCheckUtils]: 87: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L284 TraceCheckUtils]: 88: Hoare quadruple {8606#false} {8606#false} #1019#return; {8606#false} is VALID [2022-02-20 17:58:52,825 INFO L290 TraceCheckUtils]: 89: Hoare triple {8606#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L290 TraceCheckUtils]: 90: Hoare triple {8606#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L290 TraceCheckUtils]: 91: Hoare triple {8606#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L290 TraceCheckUtils]: 92: Hoare triple {8606#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L290 TraceCheckUtils]: 93: Hoare triple {8606#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L272 TraceCheckUtils]: 94: Hoare triple {8606#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L290 TraceCheckUtils]: 95: Hoare triple {8606#false} ~handle := #in~handle;~value := #in~value; {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L290 TraceCheckUtils]: 96: Hoare triple {8606#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L290 TraceCheckUtils]: 97: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L284 TraceCheckUtils]: 98: Hoare quadruple {8606#false} {8606#false} #1025#return; {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L290 TraceCheckUtils]: 99: Hoare triple {8606#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L272 TraceCheckUtils]: 100: Hoare triple {8606#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {8606#false} is VALID [2022-02-20 17:58:52,826 INFO L290 TraceCheckUtils]: 101: Hoare triple {8606#false} ~handle := #in~handle;havoc ~retValue_acc~36; {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L290 TraceCheckUtils]: 102: Hoare triple {8606#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L290 TraceCheckUtils]: 103: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L284 TraceCheckUtils]: 104: Hoare quadruple {8606#false} {8606#false} #1027#return; {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L290 TraceCheckUtils]: 105: Hoare triple {8606#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L290 TraceCheckUtils]: 106: Hoare triple {8606#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L272 TraceCheckUtils]: 107: Hoare triple {8606#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L290 TraceCheckUtils]: 108: Hoare triple {8606#false} ~handle := #in~handle;havoc ~retValue_acc~31; {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L290 TraceCheckUtils]: 109: Hoare triple {8606#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L290 TraceCheckUtils]: 110: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,827 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {8606#false} {8606#false} #1029#return; {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L290 TraceCheckUtils]: 112: Hoare triple {8606#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L272 TraceCheckUtils]: 113: Hoare triple {8606#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L290 TraceCheckUtils]: 114: Hoare triple {8606#false} ~handle := #in~handle;havoc ~retValue_acc~9; {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L290 TraceCheckUtils]: 115: Hoare triple {8606#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L290 TraceCheckUtils]: 116: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {8606#false} {8606#false} #1031#return; {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L290 TraceCheckUtils]: 118: Hoare triple {8606#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L290 TraceCheckUtils]: 119: Hoare triple {8606#false} assume !(0 != incoming_~privkey~0#1); {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L290 TraceCheckUtils]: 120: Hoare triple {8606#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L290 TraceCheckUtils]: 121: Hoare triple {8606#false} assume 1 == ~sent_signed~0; {8606#false} is VALID [2022-02-20 17:58:52,828 INFO L272 TraceCheckUtils]: 122: Hoare triple {8606#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L290 TraceCheckUtils]: 123: Hoare triple {8606#false} ~handle := #in~handle;havoc ~retValue_acc~30; {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L290 TraceCheckUtils]: 124: Hoare triple {8606#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L290 TraceCheckUtils]: 125: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {8606#false} {8606#false} #1043#return; {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L290 TraceCheckUtils]: 127: Hoare triple {8606#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L272 TraceCheckUtils]: 128: Hoare triple {8606#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L290 TraceCheckUtils]: 129: Hoare triple {8606#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L290 TraceCheckUtils]: 130: Hoare triple {8606#false} assume 1 == ~handle; {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L290 TraceCheckUtils]: 131: Hoare triple {8606#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {8606#false} is VALID [2022-02-20 17:58:52,829 INFO L290 TraceCheckUtils]: 132: Hoare triple {8606#false} assume true; {8606#false} is VALID [2022-02-20 17:58:52,830 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {8606#false} {8606#false} #1045#return; {8606#false} is VALID [2022-02-20 17:58:52,830 INFO L290 TraceCheckUtils]: 134: Hoare triple {8606#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {8606#false} is VALID [2022-02-20 17:58:52,830 INFO L290 TraceCheckUtils]: 135: Hoare triple {8606#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {8606#false} is VALID [2022-02-20 17:58:52,830 INFO L272 TraceCheckUtils]: 136: Hoare triple {8606#false} call __automaton_fail(); {8606#false} is VALID [2022-02-20 17:58:52,830 INFO L290 TraceCheckUtils]: 137: Hoare triple {8606#false} assume !false; {8606#false} is VALID [2022-02-20 17:58:52,830 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:58:52,830 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:52,831 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2024303942] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:52,831 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:52,831 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:58:52,831 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1018009428] [2022-02-20 17:58:52,831 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:52,832 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 138 [2022-02-20 17:58:52,867 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:52,867 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:52,952 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 121 edges. 121 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:52,953 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:52,953 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:52,953 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:52,953 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:52,954 INFO L87 Difference]: Start difference. First operand 423 states and 634 transitions. Second operand has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:54,034 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:54,034 INFO L93 Difference]: Finished difference Result 837 states and 1258 transitions. [2022-02-20 17:58:54,034 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:58:54,035 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 138 [2022-02-20 17:58:54,035 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:54,035 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:54,048 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1086 transitions. [2022-02-20 17:58:54,049 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:54,074 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1086 transitions. [2022-02-20 17:58:54,074 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1086 transitions. [2022-02-20 17:58:54,884 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1086 edges. 1086 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:54,902 INFO L225 Difference]: With dead ends: 837 [2022-02-20 17:58:54,902 INFO L226 Difference]: Without dead ends: 425 [2022-02-20 17:58:54,904 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 176 GetRequests, 165 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:58:54,906 INFO L933 BasicCegarLoop]: 539 mSDtfsCounter, 125 mSDsluCounter, 1473 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 145 SdHoareTripleChecker+Valid, 2012 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:54,907 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [145 Valid, 2012 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:54,910 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 425 states. [2022-02-20 17:58:54,962 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 425 to 425. [2022-02-20 17:58:54,963 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:54,964 INFO L82 GeneralOperation]: Start isEquivalent. First operand 425 states. Second operand has 425 states, 325 states have (on average 1.5015384615384615) internal successors, (488), 330 states have internal predecessors, (488), 75 states have call successors, (75), 24 states have call predecessors, (75), 24 states have return successors, (74), 72 states have call predecessors, (74), 72 states have call successors, (74) [2022-02-20 17:58:54,965 INFO L74 IsIncluded]: Start isIncluded. First operand 425 states. Second operand has 425 states, 325 states have (on average 1.5015384615384615) internal successors, (488), 330 states have internal predecessors, (488), 75 states have call successors, (75), 24 states have call predecessors, (75), 24 states have return successors, (74), 72 states have call predecessors, (74), 72 states have call successors, (74) [2022-02-20 17:58:54,967 INFO L87 Difference]: Start difference. First operand 425 states. Second operand has 425 states, 325 states have (on average 1.5015384615384615) internal successors, (488), 330 states have internal predecessors, (488), 75 states have call successors, (75), 24 states have call predecessors, (75), 24 states have return successors, (74), 72 states have call predecessors, (74), 72 states have call successors, (74) [2022-02-20 17:58:54,987 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:54,987 INFO L93 Difference]: Finished difference Result 425 states and 637 transitions. [2022-02-20 17:58:54,987 INFO L276 IsEmpty]: Start isEmpty. Operand 425 states and 637 transitions. [2022-02-20 17:58:54,989 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:54,989 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:54,990 INFO L74 IsIncluded]: Start isIncluded. First operand has 425 states, 325 states have (on average 1.5015384615384615) internal successors, (488), 330 states have internal predecessors, (488), 75 states have call successors, (75), 24 states have call predecessors, (75), 24 states have return successors, (74), 72 states have call predecessors, (74), 72 states have call successors, (74) Second operand 425 states. [2022-02-20 17:58:54,991 INFO L87 Difference]: Start difference. First operand has 425 states, 325 states have (on average 1.5015384615384615) internal successors, (488), 330 states have internal predecessors, (488), 75 states have call successors, (75), 24 states have call predecessors, (75), 24 states have return successors, (74), 72 states have call predecessors, (74), 72 states have call successors, (74) Second operand 425 states. [2022-02-20 17:58:55,010 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:55,010 INFO L93 Difference]: Finished difference Result 425 states and 637 transitions. [2022-02-20 17:58:55,010 INFO L276 IsEmpty]: Start isEmpty. Operand 425 states and 637 transitions. [2022-02-20 17:58:55,012 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:55,012 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:55,012 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:55,012 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:55,013 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 425 states, 325 states have (on average 1.5015384615384615) internal successors, (488), 330 states have internal predecessors, (488), 75 states have call successors, (75), 24 states have call predecessors, (75), 24 states have return successors, (74), 72 states have call predecessors, (74), 72 states have call successors, (74) [2022-02-20 17:58:55,035 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 425 states to 425 states and 637 transitions. [2022-02-20 17:58:55,035 INFO L78 Accepts]: Start accepts. Automaton has 425 states and 637 transitions. Word has length 138 [2022-02-20 17:58:55,035 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:55,035 INFO L470 AbstractCegarLoop]: Abstraction has 425 states and 637 transitions. [2022-02-20 17:58:55,036 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 21.0) internal successors, (84), 5 states have internal predecessors, (84), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:55,036 INFO L276 IsEmpty]: Start isEmpty. Operand 425 states and 637 transitions. [2022-02-20 17:58:55,038 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 140 [2022-02-20 17:58:55,038 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:55,038 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:55,066 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:55,263 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:55,264 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:55,264 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:55,264 INFO L85 PathProgramCache]: Analyzing trace with hash 1078053634, now seen corresponding path program 1 times [2022-02-20 17:58:55,264 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:55,264 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [585358225] [2022-02-20 17:58:55,264 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:55,264 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:55,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,332 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:55,334 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {11824#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,337 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11749#true} #1097#return; {11749#true} is VALID [2022-02-20 17:58:55,343 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:55,346 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {11825#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,352 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,352 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,352 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11749#true} #1099#return; {11749#true} is VALID [2022-02-20 17:58:55,353 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:55,356 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,375 INFO L290 TraceCheckUtils]: 0: Hoare triple {11824#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11826#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:55,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {11826#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11826#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:55,376 INFO L290 TraceCheckUtils]: 2: Hoare triple {11826#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11827#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 3: Hoare triple {11827#(= 2 |setClientId_#in~handle|)} assume true; {11827#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:55,377 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11827#(= 2 |setClientId_#in~handle|)} {11759#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1101#return; {11765#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:55,378 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:55,380 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,397 INFO L290 TraceCheckUtils]: 0: Hoare triple {11825#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11828#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:55,398 INFO L290 TraceCheckUtils]: 1: Hoare triple {11828#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11829#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:55,398 INFO L290 TraceCheckUtils]: 2: Hoare triple {11829#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11829#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:55,399 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11829#(= |setClientPrivateKey_#in~handle| 1)} {11765#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1103#return; {11750#false} is VALID [2022-02-20 17:58:55,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:58:55,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,403 INFO L290 TraceCheckUtils]: 0: Hoare triple {11824#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,403 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,403 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,403 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1105#return; {11750#false} is VALID [2022-02-20 17:58:55,404 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:58:55,405 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,407 INFO L290 TraceCheckUtils]: 0: Hoare triple {11825#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,408 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,408 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,408 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1107#return; {11750#false} is VALID [2022-02-20 17:58:55,417 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 17:58:55,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,420 INFO L290 TraceCheckUtils]: 0: Hoare triple {11830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,420 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,420 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,420 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1083#return; {11750#false} is VALID [2022-02-20 17:58:55,430 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:55,431 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,433 INFO L290 TraceCheckUtils]: 0: Hoare triple {11831#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,433 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,433 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,433 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1085#return; {11750#false} is VALID [2022-02-20 17:58:55,434 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:58:55,435 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11749#true} is VALID [2022-02-20 17:58:55,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11749#true} is VALID [2022-02-20 17:58:55,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,437 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1015#return; {11750#false} is VALID [2022-02-20 17:58:55,437 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:58:55,438 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,440 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~31; {11749#true} is VALID [2022-02-20 17:58:55,441 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {11749#true} is VALID [2022-02-20 17:58:55,441 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,441 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1017#return; {11750#false} is VALID [2022-02-20 17:58:55,441 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:58:55,442 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,444 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {11749#true} is VALID [2022-02-20 17:58:55,444 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle; {11749#true} is VALID [2022-02-20 17:58:55,444 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {11749#true} is VALID [2022-02-20 17:58:55,444 INFO L290 TraceCheckUtils]: 3: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,444 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11749#true} {11750#false} #1019#return; {11750#false} is VALID [2022-02-20 17:58:55,445 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:58:55,445 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,447 INFO L290 TraceCheckUtils]: 0: Hoare triple {11830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,447 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,448 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,448 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1025#return; {11750#false} is VALID [2022-02-20 17:58:55,448 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:58:55,449 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,450 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11749#true} is VALID [2022-02-20 17:58:55,451 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {11749#true} is VALID [2022-02-20 17:58:55,451 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,451 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1027#return; {11750#false} is VALID [2022-02-20 17:58:55,451 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:58:55,452 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,454 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~31; {11749#true} is VALID [2022-02-20 17:58:55,454 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {11749#true} is VALID [2022-02-20 17:58:55,454 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,454 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1029#return; {11750#false} is VALID [2022-02-20 17:58:55,454 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:58:55,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,457 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11749#true} is VALID [2022-02-20 17:58:55,457 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11749#true} is VALID [2022-02-20 17:58:55,457 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,457 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1031#return; {11750#false} is VALID [2022-02-20 17:58:55,458 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:58:55,458 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,460 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~30; {11749#true} is VALID [2022-02-20 17:58:55,460 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {11749#true} is VALID [2022-02-20 17:58:55,460 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,460 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11749#true} {11750#false} #1043#return; {11750#false} is VALID [2022-02-20 17:58:55,461 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:58:55,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {11749#true} is VALID [2022-02-20 17:58:55,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume 1 == ~handle; {11749#true} is VALID [2022-02-20 17:58:55,464 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {11749#true} is VALID [2022-02-20 17:58:55,464 INFO L290 TraceCheckUtils]: 3: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,464 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {11749#true} {11750#false} #1045#return; {11750#false} is VALID [2022-02-20 17:58:55,464 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {11749#true} is VALID [2022-02-20 17:58:55,464 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {11749#true} is VALID [2022-02-20 17:58:55,464 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11749#true} is VALID [2022-02-20 17:58:55,465 INFO L290 TraceCheckUtils]: 3: Hoare triple {11749#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {11749#true} is VALID [2022-02-20 17:58:55,465 INFO L290 TraceCheckUtils]: 4: Hoare triple {11749#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {11749#true} is VALID [2022-02-20 17:58:55,465 INFO L290 TraceCheckUtils]: 5: Hoare triple {11749#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11749#true} is VALID [2022-02-20 17:58:55,466 INFO L272 TraceCheckUtils]: 6: Hoare triple {11749#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11824#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:55,466 INFO L290 TraceCheckUtils]: 7: Hoare triple {11824#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,466 INFO L290 TraceCheckUtils]: 8: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,466 INFO L290 TraceCheckUtils]: 9: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,466 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11749#true} {11749#true} #1097#return; {11749#true} is VALID [2022-02-20 17:58:55,466 INFO L290 TraceCheckUtils]: 11: Hoare triple {11749#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11749#true} is VALID [2022-02-20 17:58:55,467 INFO L272 TraceCheckUtils]: 12: Hoare triple {11749#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11825#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:55,467 INFO L290 TraceCheckUtils]: 13: Hoare triple {11825#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,467 INFO L290 TraceCheckUtils]: 14: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,467 INFO L290 TraceCheckUtils]: 15: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,468 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11749#true} {11749#true} #1099#return; {11749#true} is VALID [2022-02-20 17:58:55,468 INFO L290 TraceCheckUtils]: 17: Hoare triple {11749#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11759#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:55,469 INFO L272 TraceCheckUtils]: 18: Hoare triple {11759#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11824#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:55,469 INFO L290 TraceCheckUtils]: 19: Hoare triple {11824#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11826#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:55,470 INFO L290 TraceCheckUtils]: 20: Hoare triple {11826#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {11826#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:55,470 INFO L290 TraceCheckUtils]: 21: Hoare triple {11826#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11827#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:55,482 INFO L290 TraceCheckUtils]: 22: Hoare triple {11827#(= 2 |setClientId_#in~handle|)} assume true; {11827#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:55,483 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11827#(= 2 |setClientId_#in~handle|)} {11759#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1101#return; {11765#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:55,483 INFO L290 TraceCheckUtils]: 24: Hoare triple {11765#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {11765#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:55,484 INFO L272 TraceCheckUtils]: 25: Hoare triple {11765#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11825#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:55,484 INFO L290 TraceCheckUtils]: 26: Hoare triple {11825#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11828#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:55,485 INFO L290 TraceCheckUtils]: 27: Hoare triple {11828#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11829#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:55,485 INFO L290 TraceCheckUtils]: 28: Hoare triple {11829#(= |setClientPrivateKey_#in~handle| 1)} assume true; {11829#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:55,486 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11829#(= |setClientPrivateKey_#in~handle| 1)} {11765#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1103#return; {11750#false} is VALID [2022-02-20 17:58:55,486 INFO L290 TraceCheckUtils]: 30: Hoare triple {11750#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11750#false} is VALID [2022-02-20 17:58:55,486 INFO L272 TraceCheckUtils]: 31: Hoare triple {11750#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11824#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:55,486 INFO L290 TraceCheckUtils]: 32: Hoare triple {11824#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,486 INFO L290 TraceCheckUtils]: 33: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,486 INFO L290 TraceCheckUtils]: 34: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,486 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11749#true} {11750#false} #1105#return; {11750#false} is VALID [2022-02-20 17:58:55,486 INFO L290 TraceCheckUtils]: 36: Hoare triple {11750#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11750#false} is VALID [2022-02-20 17:58:55,486 INFO L272 TraceCheckUtils]: 37: Hoare triple {11750#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11825#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:55,486 INFO L290 TraceCheckUtils]: 38: Hoare triple {11825#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,486 INFO L290 TraceCheckUtils]: 39: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,486 INFO L290 TraceCheckUtils]: 40: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,486 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11749#true} {11750#false} #1107#return; {11750#false} is VALID [2022-02-20 17:58:55,487 INFO L290 TraceCheckUtils]: 42: Hoare triple {11750#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {11750#false} is VALID [2022-02-20 17:58:55,487 INFO L290 TraceCheckUtils]: 43: Hoare triple {11750#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11750#false} is VALID [2022-02-20 17:58:55,487 INFO L290 TraceCheckUtils]: 44: Hoare triple {11750#false} assume !false; {11750#false} is VALID [2022-02-20 17:58:55,487 INFO L290 TraceCheckUtils]: 45: Hoare triple {11750#false} assume test_~splverifierCounter~0#1 < 4; {11750#false} is VALID [2022-02-20 17:58:55,487 INFO L290 TraceCheckUtils]: 46: Hoare triple {11750#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11750#false} is VALID [2022-02-20 17:58:55,487 INFO L290 TraceCheckUtils]: 47: Hoare triple {11750#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {11750#false} is VALID [2022-02-20 17:58:55,488 INFO L290 TraceCheckUtils]: 48: Hoare triple {11750#false} assume !(0 != test_~tmp___9~0#1); {11750#false} is VALID [2022-02-20 17:58:55,488 INFO L290 TraceCheckUtils]: 49: Hoare triple {11750#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {11750#false} is VALID [2022-02-20 17:58:55,488 INFO L290 TraceCheckUtils]: 50: Hoare triple {11750#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11750#false} is VALID [2022-02-20 17:58:55,488 INFO L290 TraceCheckUtils]: 51: Hoare triple {11750#false} assume !false; {11750#false} is VALID [2022-02-20 17:58:55,488 INFO L290 TraceCheckUtils]: 52: Hoare triple {11750#false} assume !(test_~splverifierCounter~0#1 < 4); {11750#false} is VALID [2022-02-20 17:58:55,488 INFO L290 TraceCheckUtils]: 53: Hoare triple {11750#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {11750#false} is VALID [2022-02-20 17:58:55,488 INFO L272 TraceCheckUtils]: 54: Hoare triple {11750#false} call sendEmail(~bob~0, ~rjh~0); {11750#false} is VALID [2022-02-20 17:58:55,489 INFO L290 TraceCheckUtils]: 55: Hoare triple {11750#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11750#false} is VALID [2022-02-20 17:58:55,489 INFO L272 TraceCheckUtils]: 56: Hoare triple {11750#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:55,489 INFO L290 TraceCheckUtils]: 57: Hoare triple {11830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,489 INFO L290 TraceCheckUtils]: 58: Hoare triple {11749#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,489 INFO L290 TraceCheckUtils]: 59: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,489 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {11749#true} {11750#false} #1083#return; {11750#false} is VALID [2022-02-20 17:58:55,489 INFO L272 TraceCheckUtils]: 61: Hoare triple {11750#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11831#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:55,489 INFO L290 TraceCheckUtils]: 62: Hoare triple {11831#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,490 INFO L290 TraceCheckUtils]: 63: Hoare triple {11749#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,490 INFO L290 TraceCheckUtils]: 64: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,490 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {11749#true} {11750#false} #1085#return; {11750#false} is VALID [2022-02-20 17:58:55,490 INFO L290 TraceCheckUtils]: 66: Hoare triple {11750#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {11750#false} is VALID [2022-02-20 17:58:55,490 INFO L290 TraceCheckUtils]: 67: Hoare triple {11750#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {11750#false} is VALID [2022-02-20 17:58:55,490 INFO L272 TraceCheckUtils]: 68: Hoare triple {11750#false} call outgoing(~sender#1, ~email~0#1); {11750#false} is VALID [2022-02-20 17:58:55,490 INFO L290 TraceCheckUtils]: 69: Hoare triple {11750#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {11750#false} is VALID [2022-02-20 17:58:55,491 INFO L272 TraceCheckUtils]: 70: Hoare triple {11750#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {11749#true} is VALID [2022-02-20 17:58:55,491 INFO L290 TraceCheckUtils]: 71: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11749#true} is VALID [2022-02-20 17:58:55,491 INFO L290 TraceCheckUtils]: 72: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11749#true} is VALID [2022-02-20 17:58:55,491 INFO L290 TraceCheckUtils]: 73: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,491 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {11749#true} {11750#false} #1015#return; {11750#false} is VALID [2022-02-20 17:58:55,491 INFO L290 TraceCheckUtils]: 75: Hoare triple {11750#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {11750#false} is VALID [2022-02-20 17:58:55,491 INFO L290 TraceCheckUtils]: 76: Hoare triple {11750#false} assume 0 == sign_~privkey~1#1; {11750#false} is VALID [2022-02-20 17:58:55,492 INFO L290 TraceCheckUtils]: 77: Hoare triple {11750#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {11750#false} is VALID [2022-02-20 17:58:55,492 INFO L272 TraceCheckUtils]: 78: Hoare triple {11750#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {11749#true} is VALID [2022-02-20 17:58:55,492 INFO L290 TraceCheckUtils]: 79: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~31; {11749#true} is VALID [2022-02-20 17:58:55,492 INFO L290 TraceCheckUtils]: 80: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {11749#true} is VALID [2022-02-20 17:58:55,492 INFO L290 TraceCheckUtils]: 81: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,492 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {11749#true} {11750#false} #1017#return; {11750#false} is VALID [2022-02-20 17:58:55,492 INFO L290 TraceCheckUtils]: 83: Hoare triple {11750#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {11750#false} is VALID [2022-02-20 17:58:55,493 INFO L272 TraceCheckUtils]: 84: Hoare triple {11750#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {11749#true} is VALID [2022-02-20 17:58:55,493 INFO L290 TraceCheckUtils]: 85: Hoare triple {11749#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {11749#true} is VALID [2022-02-20 17:58:55,493 INFO L290 TraceCheckUtils]: 86: Hoare triple {11749#true} assume 1 == ~handle; {11749#true} is VALID [2022-02-20 17:58:55,493 INFO L290 TraceCheckUtils]: 87: Hoare triple {11749#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {11749#true} is VALID [2022-02-20 17:58:55,493 INFO L290 TraceCheckUtils]: 88: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,493 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {11749#true} {11750#false} #1019#return; {11750#false} is VALID [2022-02-20 17:58:55,493 INFO L290 TraceCheckUtils]: 90: Hoare triple {11750#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {11750#false} is VALID [2022-02-20 17:58:55,494 INFO L290 TraceCheckUtils]: 91: Hoare triple {11750#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {11750#false} is VALID [2022-02-20 17:58:55,494 INFO L290 TraceCheckUtils]: 92: Hoare triple {11750#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {11750#false} is VALID [2022-02-20 17:58:55,494 INFO L290 TraceCheckUtils]: 93: Hoare triple {11750#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {11750#false} is VALID [2022-02-20 17:58:55,494 INFO L290 TraceCheckUtils]: 94: Hoare triple {11750#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {11750#false} is VALID [2022-02-20 17:58:55,494 INFO L272 TraceCheckUtils]: 95: Hoare triple {11750#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {11830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:55,494 INFO L290 TraceCheckUtils]: 96: Hoare triple {11830#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:55,494 INFO L290 TraceCheckUtils]: 97: Hoare triple {11749#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:55,495 INFO L290 TraceCheckUtils]: 98: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,495 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11749#true} {11750#false} #1025#return; {11750#false} is VALID [2022-02-20 17:58:55,495 INFO L290 TraceCheckUtils]: 100: Hoare triple {11750#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {11750#false} is VALID [2022-02-20 17:58:55,495 INFO L272 TraceCheckUtils]: 101: Hoare triple {11750#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {11749#true} is VALID [2022-02-20 17:58:55,495 INFO L290 TraceCheckUtils]: 102: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~36; {11749#true} is VALID [2022-02-20 17:58:55,495 INFO L290 TraceCheckUtils]: 103: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {11749#true} is VALID [2022-02-20 17:58:55,495 INFO L290 TraceCheckUtils]: 104: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,496 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {11749#true} {11750#false} #1027#return; {11750#false} is VALID [2022-02-20 17:58:55,496 INFO L290 TraceCheckUtils]: 106: Hoare triple {11750#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {11750#false} is VALID [2022-02-20 17:58:55,496 INFO L290 TraceCheckUtils]: 107: Hoare triple {11750#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {11750#false} is VALID [2022-02-20 17:58:55,496 INFO L272 TraceCheckUtils]: 108: Hoare triple {11750#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {11749#true} is VALID [2022-02-20 17:58:55,496 INFO L290 TraceCheckUtils]: 109: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~31; {11749#true} is VALID [2022-02-20 17:58:55,496 INFO L290 TraceCheckUtils]: 110: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {11749#true} is VALID [2022-02-20 17:58:55,505 INFO L290 TraceCheckUtils]: 111: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,505 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {11749#true} {11750#false} #1029#return; {11750#false} is VALID [2022-02-20 17:58:55,505 INFO L290 TraceCheckUtils]: 113: Hoare triple {11750#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {11750#false} is VALID [2022-02-20 17:58:55,505 INFO L272 TraceCheckUtils]: 114: Hoare triple {11750#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {11749#true} is VALID [2022-02-20 17:58:55,505 INFO L290 TraceCheckUtils]: 115: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~9; {11749#true} is VALID [2022-02-20 17:58:55,505 INFO L290 TraceCheckUtils]: 116: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11749#true} is VALID [2022-02-20 17:58:55,505 INFO L290 TraceCheckUtils]: 117: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,505 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {11749#true} {11750#false} #1031#return; {11750#false} is VALID [2022-02-20 17:58:55,505 INFO L290 TraceCheckUtils]: 119: Hoare triple {11750#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {11750#false} is VALID [2022-02-20 17:58:55,505 INFO L290 TraceCheckUtils]: 120: Hoare triple {11750#false} assume !(0 != incoming_~privkey~0#1); {11750#false} is VALID [2022-02-20 17:58:55,505 INFO L290 TraceCheckUtils]: 121: Hoare triple {11750#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {11750#false} is VALID [2022-02-20 17:58:55,505 INFO L290 TraceCheckUtils]: 122: Hoare triple {11750#false} assume 1 == ~sent_signed~0; {11750#false} is VALID [2022-02-20 17:58:55,506 INFO L272 TraceCheckUtils]: 123: Hoare triple {11750#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {11749#true} is VALID [2022-02-20 17:58:55,506 INFO L290 TraceCheckUtils]: 124: Hoare triple {11749#true} ~handle := #in~handle;havoc ~retValue_acc~30; {11749#true} is VALID [2022-02-20 17:58:55,506 INFO L290 TraceCheckUtils]: 125: Hoare triple {11749#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {11749#true} is VALID [2022-02-20 17:58:55,506 INFO L290 TraceCheckUtils]: 126: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,506 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {11749#true} {11750#false} #1043#return; {11750#false} is VALID [2022-02-20 17:58:55,506 INFO L290 TraceCheckUtils]: 128: Hoare triple {11750#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {11750#false} is VALID [2022-02-20 17:58:55,506 INFO L272 TraceCheckUtils]: 129: Hoare triple {11750#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {11749#true} is VALID [2022-02-20 17:58:55,506 INFO L290 TraceCheckUtils]: 130: Hoare triple {11749#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {11749#true} is VALID [2022-02-20 17:58:55,506 INFO L290 TraceCheckUtils]: 131: Hoare triple {11749#true} assume 1 == ~handle; {11749#true} is VALID [2022-02-20 17:58:55,506 INFO L290 TraceCheckUtils]: 132: Hoare triple {11749#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {11749#true} is VALID [2022-02-20 17:58:55,506 INFO L290 TraceCheckUtils]: 133: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:55,507 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {11749#true} {11750#false} #1045#return; {11750#false} is VALID [2022-02-20 17:58:55,507 INFO L290 TraceCheckUtils]: 135: Hoare triple {11750#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {11750#false} is VALID [2022-02-20 17:58:55,507 INFO L290 TraceCheckUtils]: 136: Hoare triple {11750#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {11750#false} is VALID [2022-02-20 17:58:55,507 INFO L272 TraceCheckUtils]: 137: Hoare triple {11750#false} call __automaton_fail(); {11750#false} is VALID [2022-02-20 17:58:55,507 INFO L290 TraceCheckUtils]: 138: Hoare triple {11750#false} assume !false; {11750#false} is VALID [2022-02-20 17:58:55,507 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2022-02-20 17:58:55,507 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:55,508 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [585358225] [2022-02-20 17:58:55,508 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [585358225] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:55,509 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [841179422] [2022-02-20 17:58:55,509 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:55,509 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:55,509 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:55,510 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:55,535 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:58:55,780 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,785 INFO L263 TraceCheckSpWp]: Trace formula consists of 1221 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:58:55,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,839 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:56,153 INFO L290 TraceCheckUtils]: 0: Hoare triple {11749#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {11749#true} is VALID [2022-02-20 17:58:56,154 INFO L290 TraceCheckUtils]: 1: Hoare triple {11749#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {11749#true} is VALID [2022-02-20 17:58:56,154 INFO L290 TraceCheckUtils]: 2: Hoare triple {11749#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11749#true} is VALID [2022-02-20 17:58:56,154 INFO L290 TraceCheckUtils]: 3: Hoare triple {11749#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {11749#true} is VALID [2022-02-20 17:58:56,154 INFO L290 TraceCheckUtils]: 4: Hoare triple {11749#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {11749#true} is VALID [2022-02-20 17:58:56,154 INFO L290 TraceCheckUtils]: 5: Hoare triple {11749#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {11749#true} is VALID [2022-02-20 17:58:56,155 INFO L272 TraceCheckUtils]: 6: Hoare triple {11749#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {11749#true} is VALID [2022-02-20 17:58:56,155 INFO L290 TraceCheckUtils]: 7: Hoare triple {11749#true} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:56,155 INFO L290 TraceCheckUtils]: 8: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:56,155 INFO L290 TraceCheckUtils]: 9: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:56,155 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {11749#true} {11749#true} #1097#return; {11749#true} is VALID [2022-02-20 17:58:56,155 INFO L290 TraceCheckUtils]: 11: Hoare triple {11749#true} assume { :end_inline_setup_bob__wrappee__Base } true; {11749#true} is VALID [2022-02-20 17:58:56,155 INFO L272 TraceCheckUtils]: 12: Hoare triple {11749#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {11749#true} is VALID [2022-02-20 17:58:56,156 INFO L290 TraceCheckUtils]: 13: Hoare triple {11749#true} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:56,156 INFO L290 TraceCheckUtils]: 14: Hoare triple {11749#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:56,156 INFO L290 TraceCheckUtils]: 15: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:56,156 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11749#true} {11749#true} #1099#return; {11749#true} is VALID [2022-02-20 17:58:56,157 INFO L290 TraceCheckUtils]: 17: Hoare triple {11749#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {11886#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:56,157 INFO L272 TraceCheckUtils]: 18: Hoare triple {11886#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {11749#true} is VALID [2022-02-20 17:58:56,157 INFO L290 TraceCheckUtils]: 19: Hoare triple {11749#true} ~handle := #in~handle;~value := #in~value; {11749#true} is VALID [2022-02-20 17:58:56,157 INFO L290 TraceCheckUtils]: 20: Hoare triple {11749#true} assume !(1 == ~handle); {11749#true} is VALID [2022-02-20 17:58:56,157 INFO L290 TraceCheckUtils]: 21: Hoare triple {11749#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {11749#true} is VALID [2022-02-20 17:58:56,157 INFO L290 TraceCheckUtils]: 22: Hoare triple {11749#true} assume true; {11749#true} is VALID [2022-02-20 17:58:56,158 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {11749#true} {11886#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1101#return; {11886#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:56,158 INFO L290 TraceCheckUtils]: 24: Hoare triple {11886#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {11886#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:56,158 INFO L272 TraceCheckUtils]: 25: Hoare triple {11886#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {11749#true} is VALID [2022-02-20 17:58:56,159 INFO L290 TraceCheckUtils]: 26: Hoare triple {11749#true} ~handle := #in~handle;~value := #in~value; {11914#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:58:56,159 INFO L290 TraceCheckUtils]: 27: Hoare triple {11914#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11918#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:56,160 INFO L290 TraceCheckUtils]: 28: Hoare triple {11918#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {11918#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:56,160 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {11918#(<= |setClientPrivateKey_#in~handle| 1)} {11886#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1103#return; {11750#false} is VALID [2022-02-20 17:58:56,160 INFO L290 TraceCheckUtils]: 30: Hoare triple {11750#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {11750#false} is VALID [2022-02-20 17:58:56,161 INFO L272 TraceCheckUtils]: 31: Hoare triple {11750#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {11750#false} is VALID [2022-02-20 17:58:56,161 INFO L290 TraceCheckUtils]: 32: Hoare triple {11750#false} ~handle := #in~handle;~value := #in~value; {11750#false} is VALID [2022-02-20 17:58:56,161 INFO L290 TraceCheckUtils]: 33: Hoare triple {11750#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {11750#false} is VALID [2022-02-20 17:58:56,161 INFO L290 TraceCheckUtils]: 34: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,161 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {11750#false} {11750#false} #1105#return; {11750#false} is VALID [2022-02-20 17:58:56,161 INFO L290 TraceCheckUtils]: 36: Hoare triple {11750#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {11750#false} is VALID [2022-02-20 17:58:56,161 INFO L272 TraceCheckUtils]: 37: Hoare triple {11750#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {11750#false} is VALID [2022-02-20 17:58:56,162 INFO L290 TraceCheckUtils]: 38: Hoare triple {11750#false} ~handle := #in~handle;~value := #in~value; {11750#false} is VALID [2022-02-20 17:58:56,162 INFO L290 TraceCheckUtils]: 39: Hoare triple {11750#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {11750#false} is VALID [2022-02-20 17:58:56,162 INFO L290 TraceCheckUtils]: 40: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,162 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {11750#false} {11750#false} #1107#return; {11750#false} is VALID [2022-02-20 17:58:56,162 INFO L290 TraceCheckUtils]: 42: Hoare triple {11750#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {11750#false} is VALID [2022-02-20 17:58:56,162 INFO L290 TraceCheckUtils]: 43: Hoare triple {11750#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {11750#false} is VALID [2022-02-20 17:58:56,162 INFO L290 TraceCheckUtils]: 44: Hoare triple {11750#false} assume !false; {11750#false} is VALID [2022-02-20 17:58:56,163 INFO L290 TraceCheckUtils]: 45: Hoare triple {11750#false} assume test_~splverifierCounter~0#1 < 4; {11750#false} is VALID [2022-02-20 17:58:56,163 INFO L290 TraceCheckUtils]: 46: Hoare triple {11750#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {11750#false} is VALID [2022-02-20 17:58:56,163 INFO L290 TraceCheckUtils]: 47: Hoare triple {11750#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {11750#false} is VALID [2022-02-20 17:58:56,163 INFO L290 TraceCheckUtils]: 48: Hoare triple {11750#false} assume !(0 != test_~tmp___9~0#1); {11750#false} is VALID [2022-02-20 17:58:56,163 INFO L290 TraceCheckUtils]: 49: Hoare triple {11750#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {11750#false} is VALID [2022-02-20 17:58:56,163 INFO L290 TraceCheckUtils]: 50: Hoare triple {11750#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {11750#false} is VALID [2022-02-20 17:58:56,163 INFO L290 TraceCheckUtils]: 51: Hoare triple {11750#false} assume !false; {11750#false} is VALID [2022-02-20 17:58:56,164 INFO L290 TraceCheckUtils]: 52: Hoare triple {11750#false} assume !(test_~splverifierCounter~0#1 < 4); {11750#false} is VALID [2022-02-20 17:58:56,164 INFO L290 TraceCheckUtils]: 53: Hoare triple {11750#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {11750#false} is VALID [2022-02-20 17:58:56,164 INFO L272 TraceCheckUtils]: 54: Hoare triple {11750#false} call sendEmail(~bob~0, ~rjh~0); {11750#false} is VALID [2022-02-20 17:58:56,164 INFO L290 TraceCheckUtils]: 55: Hoare triple {11750#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {11750#false} is VALID [2022-02-20 17:58:56,164 INFO L272 TraceCheckUtils]: 56: Hoare triple {11750#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {11750#false} is VALID [2022-02-20 17:58:56,164 INFO L290 TraceCheckUtils]: 57: Hoare triple {11750#false} ~handle := #in~handle;~value := #in~value; {11750#false} is VALID [2022-02-20 17:58:56,164 INFO L290 TraceCheckUtils]: 58: Hoare triple {11750#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11750#false} is VALID [2022-02-20 17:58:56,164 INFO L290 TraceCheckUtils]: 59: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,165 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {11750#false} {11750#false} #1083#return; {11750#false} is VALID [2022-02-20 17:58:56,165 INFO L272 TraceCheckUtils]: 61: Hoare triple {11750#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {11750#false} is VALID [2022-02-20 17:58:56,165 INFO L290 TraceCheckUtils]: 62: Hoare triple {11750#false} ~handle := #in~handle;~value := #in~value; {11750#false} is VALID [2022-02-20 17:58:56,165 INFO L290 TraceCheckUtils]: 63: Hoare triple {11750#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {11750#false} is VALID [2022-02-20 17:58:56,165 INFO L290 TraceCheckUtils]: 64: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,165 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {11750#false} {11750#false} #1085#return; {11750#false} is VALID [2022-02-20 17:58:56,165 INFO L290 TraceCheckUtils]: 66: Hoare triple {11750#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {11750#false} is VALID [2022-02-20 17:58:56,166 INFO L290 TraceCheckUtils]: 67: Hoare triple {11750#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {11750#false} is VALID [2022-02-20 17:58:56,166 INFO L272 TraceCheckUtils]: 68: Hoare triple {11750#false} call outgoing(~sender#1, ~email~0#1); {11750#false} is VALID [2022-02-20 17:58:56,166 INFO L290 TraceCheckUtils]: 69: Hoare triple {11750#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {11750#false} is VALID [2022-02-20 17:58:56,166 INFO L272 TraceCheckUtils]: 70: Hoare triple {11750#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {11750#false} is VALID [2022-02-20 17:58:56,166 INFO L290 TraceCheckUtils]: 71: Hoare triple {11750#false} ~handle := #in~handle;havoc ~retValue_acc~9; {11750#false} is VALID [2022-02-20 17:58:56,166 INFO L290 TraceCheckUtils]: 72: Hoare triple {11750#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11750#false} is VALID [2022-02-20 17:58:56,166 INFO L290 TraceCheckUtils]: 73: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,167 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {11750#false} {11750#false} #1015#return; {11750#false} is VALID [2022-02-20 17:58:56,167 INFO L290 TraceCheckUtils]: 75: Hoare triple {11750#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {11750#false} is VALID [2022-02-20 17:58:56,167 INFO L290 TraceCheckUtils]: 76: Hoare triple {11750#false} assume 0 == sign_~privkey~1#1; {11750#false} is VALID [2022-02-20 17:58:56,167 INFO L290 TraceCheckUtils]: 77: Hoare triple {11750#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {11750#false} is VALID [2022-02-20 17:58:56,167 INFO L272 TraceCheckUtils]: 78: Hoare triple {11750#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {11750#false} is VALID [2022-02-20 17:58:56,167 INFO L290 TraceCheckUtils]: 79: Hoare triple {11750#false} ~handle := #in~handle;havoc ~retValue_acc~31; {11750#false} is VALID [2022-02-20 17:58:56,167 INFO L290 TraceCheckUtils]: 80: Hoare triple {11750#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {11750#false} is VALID [2022-02-20 17:58:56,167 INFO L290 TraceCheckUtils]: 81: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,168 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {11750#false} {11750#false} #1017#return; {11750#false} is VALID [2022-02-20 17:58:56,168 INFO L290 TraceCheckUtils]: 83: Hoare triple {11750#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {11750#false} is VALID [2022-02-20 17:58:56,168 INFO L272 TraceCheckUtils]: 84: Hoare triple {11750#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {11750#false} is VALID [2022-02-20 17:58:56,168 INFO L290 TraceCheckUtils]: 85: Hoare triple {11750#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {11750#false} is VALID [2022-02-20 17:58:56,168 INFO L290 TraceCheckUtils]: 86: Hoare triple {11750#false} assume 1 == ~handle; {11750#false} is VALID [2022-02-20 17:58:56,168 INFO L290 TraceCheckUtils]: 87: Hoare triple {11750#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {11750#false} is VALID [2022-02-20 17:58:56,168 INFO L290 TraceCheckUtils]: 88: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,169 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {11750#false} {11750#false} #1019#return; {11750#false} is VALID [2022-02-20 17:58:56,169 INFO L290 TraceCheckUtils]: 90: Hoare triple {11750#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {11750#false} is VALID [2022-02-20 17:58:56,169 INFO L290 TraceCheckUtils]: 91: Hoare triple {11750#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {11750#false} is VALID [2022-02-20 17:58:56,169 INFO L290 TraceCheckUtils]: 92: Hoare triple {11750#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {11750#false} is VALID [2022-02-20 17:58:56,169 INFO L290 TraceCheckUtils]: 93: Hoare triple {11750#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {11750#false} is VALID [2022-02-20 17:58:56,169 INFO L290 TraceCheckUtils]: 94: Hoare triple {11750#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {11750#false} is VALID [2022-02-20 17:58:56,169 INFO L272 TraceCheckUtils]: 95: Hoare triple {11750#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {11750#false} is VALID [2022-02-20 17:58:56,170 INFO L290 TraceCheckUtils]: 96: Hoare triple {11750#false} ~handle := #in~handle;~value := #in~value; {11750#false} is VALID [2022-02-20 17:58:56,170 INFO L290 TraceCheckUtils]: 97: Hoare triple {11750#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {11750#false} is VALID [2022-02-20 17:58:56,170 INFO L290 TraceCheckUtils]: 98: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,170 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {11750#false} {11750#false} #1025#return; {11750#false} is VALID [2022-02-20 17:58:56,170 INFO L290 TraceCheckUtils]: 100: Hoare triple {11750#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {11750#false} is VALID [2022-02-20 17:58:56,170 INFO L272 TraceCheckUtils]: 101: Hoare triple {11750#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {11750#false} is VALID [2022-02-20 17:58:56,170 INFO L290 TraceCheckUtils]: 102: Hoare triple {11750#false} ~handle := #in~handle;havoc ~retValue_acc~36; {11750#false} is VALID [2022-02-20 17:58:56,171 INFO L290 TraceCheckUtils]: 103: Hoare triple {11750#false} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {11750#false} is VALID [2022-02-20 17:58:56,171 INFO L290 TraceCheckUtils]: 104: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,171 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {11750#false} {11750#false} #1027#return; {11750#false} is VALID [2022-02-20 17:58:56,171 INFO L290 TraceCheckUtils]: 106: Hoare triple {11750#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {11750#false} is VALID [2022-02-20 17:58:56,171 INFO L290 TraceCheckUtils]: 107: Hoare triple {11750#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {11750#false} is VALID [2022-02-20 17:58:56,171 INFO L272 TraceCheckUtils]: 108: Hoare triple {11750#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {11750#false} is VALID [2022-02-20 17:58:56,171 INFO L290 TraceCheckUtils]: 109: Hoare triple {11750#false} ~handle := #in~handle;havoc ~retValue_acc~31; {11750#false} is VALID [2022-02-20 17:58:56,171 INFO L290 TraceCheckUtils]: 110: Hoare triple {11750#false} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {11750#false} is VALID [2022-02-20 17:58:56,172 INFO L290 TraceCheckUtils]: 111: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,172 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {11750#false} {11750#false} #1029#return; {11750#false} is VALID [2022-02-20 17:58:56,172 INFO L290 TraceCheckUtils]: 113: Hoare triple {11750#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {11750#false} is VALID [2022-02-20 17:58:56,172 INFO L272 TraceCheckUtils]: 114: Hoare triple {11750#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {11750#false} is VALID [2022-02-20 17:58:56,172 INFO L290 TraceCheckUtils]: 115: Hoare triple {11750#false} ~handle := #in~handle;havoc ~retValue_acc~9; {11750#false} is VALID [2022-02-20 17:58:56,172 INFO L290 TraceCheckUtils]: 116: Hoare triple {11750#false} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {11750#false} is VALID [2022-02-20 17:58:56,172 INFO L290 TraceCheckUtils]: 117: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,173 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {11750#false} {11750#false} #1031#return; {11750#false} is VALID [2022-02-20 17:58:56,173 INFO L290 TraceCheckUtils]: 119: Hoare triple {11750#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {11750#false} is VALID [2022-02-20 17:58:56,173 INFO L290 TraceCheckUtils]: 120: Hoare triple {11750#false} assume !(0 != incoming_~privkey~0#1); {11750#false} is VALID [2022-02-20 17:58:56,173 INFO L290 TraceCheckUtils]: 121: Hoare triple {11750#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {11750#false} is VALID [2022-02-20 17:58:56,173 INFO L290 TraceCheckUtils]: 122: Hoare triple {11750#false} assume 1 == ~sent_signed~0; {11750#false} is VALID [2022-02-20 17:58:56,173 INFO L272 TraceCheckUtils]: 123: Hoare triple {11750#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {11750#false} is VALID [2022-02-20 17:58:56,173 INFO L290 TraceCheckUtils]: 124: Hoare triple {11750#false} ~handle := #in~handle;havoc ~retValue_acc~30; {11750#false} is VALID [2022-02-20 17:58:56,174 INFO L290 TraceCheckUtils]: 125: Hoare triple {11750#false} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {11750#false} is VALID [2022-02-20 17:58:56,174 INFO L290 TraceCheckUtils]: 126: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,174 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {11750#false} {11750#false} #1043#return; {11750#false} is VALID [2022-02-20 17:58:56,174 INFO L290 TraceCheckUtils]: 128: Hoare triple {11750#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {11750#false} is VALID [2022-02-20 17:58:56,174 INFO L272 TraceCheckUtils]: 129: Hoare triple {11750#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {11750#false} is VALID [2022-02-20 17:58:56,174 INFO L290 TraceCheckUtils]: 130: Hoare triple {11750#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {11750#false} is VALID [2022-02-20 17:58:56,174 INFO L290 TraceCheckUtils]: 131: Hoare triple {11750#false} assume 1 == ~handle; {11750#false} is VALID [2022-02-20 17:58:56,175 INFO L290 TraceCheckUtils]: 132: Hoare triple {11750#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {11750#false} is VALID [2022-02-20 17:58:56,175 INFO L290 TraceCheckUtils]: 133: Hoare triple {11750#false} assume true; {11750#false} is VALID [2022-02-20 17:58:56,175 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {11750#false} {11750#false} #1045#return; {11750#false} is VALID [2022-02-20 17:58:56,175 INFO L290 TraceCheckUtils]: 135: Hoare triple {11750#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {11750#false} is VALID [2022-02-20 17:58:56,175 INFO L290 TraceCheckUtils]: 136: Hoare triple {11750#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {11750#false} is VALID [2022-02-20 17:58:56,175 INFO L272 TraceCheckUtils]: 137: Hoare triple {11750#false} call __automaton_fail(); {11750#false} is VALID [2022-02-20 17:58:56,175 INFO L290 TraceCheckUtils]: 138: Hoare triple {11750#false} assume !false; {11750#false} is VALID [2022-02-20 17:58:56,176 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:58:56,176 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:56,176 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [841179422] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:56,176 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:56,176 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:58:56,177 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2022343513] [2022-02-20 17:58:56,177 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:56,178 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) Word has length 139 [2022-02-20 17:58:56,178 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:56,178 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:56,279 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 123 edges. 123 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:56,280 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:56,280 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:56,280 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:56,281 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:58:56,281 INFO L87 Difference]: Start difference. First operand 425 states and 637 transitions. Second operand has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:57,442 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:57,443 INFO L93 Difference]: Finished difference Result 839 states and 1263 transitions. [2022-02-20 17:58:57,443 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:58:57,443 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) Word has length 139 [2022-02-20 17:58:57,443 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:57,444 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:57,456 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1085 transitions. [2022-02-20 17:58:57,456 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:57,468 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1085 transitions. [2022-02-20 17:58:57,468 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1085 transitions. [2022-02-20 17:58:58,222 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1085 edges. 1085 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:58,238 INFO L225 Difference]: With dead ends: 839 [2022-02-20 17:58:58,238 INFO L226 Difference]: Without dead ends: 427 [2022-02-20 17:58:58,240 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 179 GetRequests, 165 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:58:58,240 INFO L933 BasicCegarLoop]: 537 mSDtfsCounter, 124 mSDsluCounter, 1464 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 144 SdHoareTripleChecker+Valid, 2001 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:58,240 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [144 Valid, 2001 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:58,241 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 427 states. [2022-02-20 17:58:58,328 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 427 to 427. [2022-02-20 17:58:58,329 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:58,330 INFO L82 GeneralOperation]: Start isEquivalent. First operand 427 states. Second operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) [2022-02-20 17:58:58,331 INFO L74 IsIncluded]: Start isIncluded. First operand 427 states. Second operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) [2022-02-20 17:58:58,333 INFO L87 Difference]: Start difference. First operand 427 states. Second operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) [2022-02-20 17:58:58,348 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:58,349 INFO L93 Difference]: Finished difference Result 427 states and 643 transitions. [2022-02-20 17:58:58,349 INFO L276 IsEmpty]: Start isEmpty. Operand 427 states and 643 transitions. [2022-02-20 17:58:58,350 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:58,351 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:58,352 INFO L74 IsIncluded]: Start isIncluded. First operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) Second operand 427 states. [2022-02-20 17:58:58,353 INFO L87 Difference]: Start difference. First operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) Second operand 427 states. [2022-02-20 17:58:58,369 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:58,369 INFO L93 Difference]: Finished difference Result 427 states and 643 transitions. [2022-02-20 17:58:58,369 INFO L276 IsEmpty]: Start isEmpty. Operand 427 states and 643 transitions. [2022-02-20 17:58:58,371 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:58,371 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:58,371 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:58,371 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:58,373 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) [2022-02-20 17:58:58,410 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 427 states to 427 states and 643 transitions. [2022-02-20 17:58:58,411 INFO L78 Accepts]: Start accepts. Automaton has 427 states and 643 transitions. Word has length 139 [2022-02-20 17:58:58,411 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:58,411 INFO L470 AbstractCegarLoop]: Abstraction has 427 states and 643 transitions. [2022-02-20 17:58:58,411 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 17.2) internal successors, (86), 5 states have internal predecessors, (86), 3 states have call successors, (20), 2 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:58,411 INFO L276 IsEmpty]: Start isEmpty. Operand 427 states and 643 transitions. [2022-02-20 17:58:58,413 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 141 [2022-02-20 17:58:58,413 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:58,414 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:58,439 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:58,639 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:58,639 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:58,640 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:58,640 INFO L85 PathProgramCache]: Analyzing trace with hash -2074934836, now seen corresponding path program 1 times [2022-02-20 17:58:58,640 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:58,640 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [973526871] [2022-02-20 17:58:58,640 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:58,640 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:58,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,710 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:58,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {14981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,715 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,715 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14906#true} #1097#return; {14906#true} is VALID [2022-02-20 17:58:58,721 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:58,722 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {14982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,724 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,724 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,725 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14906#true} #1099#return; {14906#true} is VALID [2022-02-20 17:58:58,725 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:58,727 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,729 INFO L290 TraceCheckUtils]: 0: Hoare triple {14981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,730 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume !(1 == ~handle); {14906#true} is VALID [2022-02-20 17:58:58,730 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,730 INFO L290 TraceCheckUtils]: 3: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,730 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14906#true} {14906#true} #1101#return; {14906#true} is VALID [2022-02-20 17:58:58,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:58,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,734 INFO L290 TraceCheckUtils]: 0: Hoare triple {14982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,734 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume !(1 == ~handle); {14906#true} is VALID [2022-02-20 17:58:58,734 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,734 INFO L290 TraceCheckUtils]: 3: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,734 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14906#true} {14906#true} #1103#return; {14906#true} is VALID [2022-02-20 17:58:58,735 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:58:58,738 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,751 INFO L290 TraceCheckUtils]: 0: Hoare triple {14981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14983#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,752 INFO L290 TraceCheckUtils]: 1: Hoare triple {14983#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14984#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:58,752 INFO L290 TraceCheckUtils]: 2: Hoare triple {14984#(= |setClientId_#in~handle| 1)} assume true; {14984#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:58,753 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14984#(= |setClientId_#in~handle| 1)} {14926#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1105#return; {14907#false} is VALID [2022-02-20 17:58:58,753 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:58:58,755 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,758 INFO L290 TraceCheckUtils]: 0: Hoare triple {14982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,758 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,758 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,758 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1107#return; {14907#false} is VALID [2022-02-20 17:58:58,765 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:58:58,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,768 INFO L290 TraceCheckUtils]: 0: Hoare triple {14985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,768 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,768 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,768 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1083#return; {14907#false} is VALID [2022-02-20 17:58:58,776 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:58,777 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,779 INFO L290 TraceCheckUtils]: 0: Hoare triple {14986#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,779 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,779 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,780 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1085#return; {14907#false} is VALID [2022-02-20 17:58:58,780 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:58:58,781 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~9; {14906#true} is VALID [2022-02-20 17:58:58,785 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {14906#true} is VALID [2022-02-20 17:58:58,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,785 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1015#return; {14907#false} is VALID [2022-02-20 17:58:58,785 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:58:58,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,788 INFO L290 TraceCheckUtils]: 0: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~31; {14906#true} is VALID [2022-02-20 17:58:58,788 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {14906#true} is VALID [2022-02-20 17:58:58,788 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,788 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1017#return; {14907#false} is VALID [2022-02-20 17:58:58,788 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:58:58,789 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,792 INFO L290 TraceCheckUtils]: 0: Hoare triple {14906#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {14906#true} is VALID [2022-02-20 17:58:58,792 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle; {14906#true} is VALID [2022-02-20 17:58:58,792 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {14906#true} is VALID [2022-02-20 17:58:58,792 INFO L290 TraceCheckUtils]: 3: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,792 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14906#true} {14907#false} #1019#return; {14907#false} is VALID [2022-02-20 17:58:58,793 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:58:58,798 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,801 INFO L290 TraceCheckUtils]: 0: Hoare triple {14985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,802 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,802 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1025#return; {14907#false} is VALID [2022-02-20 17:58:58,802 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:58:58,803 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,805 INFO L290 TraceCheckUtils]: 0: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~36; {14906#true} is VALID [2022-02-20 17:58:58,805 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {14906#true} is VALID [2022-02-20 17:58:58,805 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,805 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1027#return; {14907#false} is VALID [2022-02-20 17:58:58,806 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:58:58,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,808 INFO L290 TraceCheckUtils]: 0: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~31; {14906#true} is VALID [2022-02-20 17:58:58,808 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {14906#true} is VALID [2022-02-20 17:58:58,808 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,808 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1029#return; {14907#false} is VALID [2022-02-20 17:58:58,809 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:58,809 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,812 INFO L290 TraceCheckUtils]: 0: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~9; {14906#true} is VALID [2022-02-20 17:58:58,812 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {14906#true} is VALID [2022-02-20 17:58:58,813 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,813 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1031#return; {14907#false} is VALID [2022-02-20 17:58:58,813 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:58:58,814 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,816 INFO L290 TraceCheckUtils]: 0: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~30; {14906#true} is VALID [2022-02-20 17:58:58,816 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {14906#true} is VALID [2022-02-20 17:58:58,816 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,816 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14906#true} {14907#false} #1043#return; {14907#false} is VALID [2022-02-20 17:58:58,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 17:58:58,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,819 INFO L290 TraceCheckUtils]: 0: Hoare triple {14906#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {14906#true} is VALID [2022-02-20 17:58:58,819 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume 1 == ~handle; {14906#true} is VALID [2022-02-20 17:58:58,820 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {14906#true} is VALID [2022-02-20 17:58:58,820 INFO L290 TraceCheckUtils]: 3: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,820 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14906#true} {14907#false} #1045#return; {14907#false} is VALID [2022-02-20 17:58:58,820 INFO L290 TraceCheckUtils]: 0: Hoare triple {14906#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {14906#true} is VALID [2022-02-20 17:58:58,820 INFO L290 TraceCheckUtils]: 1: Hoare triple {14906#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {14906#true} is VALID [2022-02-20 17:58:58,820 INFO L290 TraceCheckUtils]: 2: Hoare triple {14906#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14906#true} is VALID [2022-02-20 17:58:58,821 INFO L290 TraceCheckUtils]: 3: Hoare triple {14906#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {14906#true} is VALID [2022-02-20 17:58:58,821 INFO L290 TraceCheckUtils]: 4: Hoare triple {14906#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {14906#true} is VALID [2022-02-20 17:58:58,821 INFO L290 TraceCheckUtils]: 5: Hoare triple {14906#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {14906#true} is VALID [2022-02-20 17:58:58,822 INFO L272 TraceCheckUtils]: 6: Hoare triple {14906#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,822 INFO L290 TraceCheckUtils]: 7: Hoare triple {14981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,822 INFO L290 TraceCheckUtils]: 8: Hoare triple {14906#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,822 INFO L290 TraceCheckUtils]: 9: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,822 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {14906#true} {14906#true} #1097#return; {14906#true} is VALID [2022-02-20 17:58:58,822 INFO L290 TraceCheckUtils]: 11: Hoare triple {14906#true} assume { :end_inline_setup_bob__wrappee__Base } true; {14906#true} is VALID [2022-02-20 17:58:58,823 INFO L272 TraceCheckUtils]: 12: Hoare triple {14906#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:58,823 INFO L290 TraceCheckUtils]: 13: Hoare triple {14982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,823 INFO L290 TraceCheckUtils]: 14: Hoare triple {14906#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,823 INFO L290 TraceCheckUtils]: 15: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,824 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {14906#true} {14906#true} #1099#return; {14906#true} is VALID [2022-02-20 17:58:58,824 INFO L290 TraceCheckUtils]: 17: Hoare triple {14906#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14906#true} is VALID [2022-02-20 17:58:58,824 INFO L272 TraceCheckUtils]: 18: Hoare triple {14906#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,825 INFO L290 TraceCheckUtils]: 19: Hoare triple {14981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,825 INFO L290 TraceCheckUtils]: 20: Hoare triple {14906#true} assume !(1 == ~handle); {14906#true} is VALID [2022-02-20 17:58:58,825 INFO L290 TraceCheckUtils]: 21: Hoare triple {14906#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,825 INFO L290 TraceCheckUtils]: 22: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,825 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14906#true} {14906#true} #1101#return; {14906#true} is VALID [2022-02-20 17:58:58,825 INFO L290 TraceCheckUtils]: 24: Hoare triple {14906#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {14906#true} is VALID [2022-02-20 17:58:58,826 INFO L272 TraceCheckUtils]: 25: Hoare triple {14906#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:58,826 INFO L290 TraceCheckUtils]: 26: Hoare triple {14982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,826 INFO L290 TraceCheckUtils]: 27: Hoare triple {14906#true} assume !(1 == ~handle); {14906#true} is VALID [2022-02-20 17:58:58,826 INFO L290 TraceCheckUtils]: 28: Hoare triple {14906#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,827 INFO L290 TraceCheckUtils]: 29: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,827 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14906#true} {14906#true} #1103#return; {14906#true} is VALID [2022-02-20 17:58:58,827 INFO L290 TraceCheckUtils]: 31: Hoare triple {14906#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {14926#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:58:58,828 INFO L272 TraceCheckUtils]: 32: Hoare triple {14926#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,828 INFO L290 TraceCheckUtils]: 33: Hoare triple {14981#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14983#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,829 INFO L290 TraceCheckUtils]: 34: Hoare triple {14983#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {14984#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:58,829 INFO L290 TraceCheckUtils]: 35: Hoare triple {14984#(= |setClientId_#in~handle| 1)} assume true; {14984#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:58,830 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {14984#(= |setClientId_#in~handle| 1)} {14926#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1105#return; {14907#false} is VALID [2022-02-20 17:58:58,830 INFO L290 TraceCheckUtils]: 37: Hoare triple {14907#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {14907#false} is VALID [2022-02-20 17:58:58,830 INFO L272 TraceCheckUtils]: 38: Hoare triple {14907#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:58,830 INFO L290 TraceCheckUtils]: 39: Hoare triple {14982#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,830 INFO L290 TraceCheckUtils]: 40: Hoare triple {14906#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,830 INFO L290 TraceCheckUtils]: 41: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,830 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {14906#true} {14907#false} #1107#return; {14907#false} is VALID [2022-02-20 17:58:58,831 INFO L290 TraceCheckUtils]: 43: Hoare triple {14907#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {14907#false} is VALID [2022-02-20 17:58:58,831 INFO L290 TraceCheckUtils]: 44: Hoare triple {14907#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {14907#false} is VALID [2022-02-20 17:58:58,831 INFO L290 TraceCheckUtils]: 45: Hoare triple {14907#false} assume !false; {14907#false} is VALID [2022-02-20 17:58:58,831 INFO L290 TraceCheckUtils]: 46: Hoare triple {14907#false} assume test_~splverifierCounter~0#1 < 4; {14907#false} is VALID [2022-02-20 17:58:58,831 INFO L290 TraceCheckUtils]: 47: Hoare triple {14907#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {14907#false} is VALID [2022-02-20 17:58:58,831 INFO L290 TraceCheckUtils]: 48: Hoare triple {14907#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {14907#false} is VALID [2022-02-20 17:58:58,831 INFO L290 TraceCheckUtils]: 49: Hoare triple {14907#false} assume !(0 != test_~tmp___9~0#1); {14907#false} is VALID [2022-02-20 17:58:58,832 INFO L290 TraceCheckUtils]: 50: Hoare triple {14907#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {14907#false} is VALID [2022-02-20 17:58:58,832 INFO L290 TraceCheckUtils]: 51: Hoare triple {14907#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {14907#false} is VALID [2022-02-20 17:58:58,832 INFO L290 TraceCheckUtils]: 52: Hoare triple {14907#false} assume !false; {14907#false} is VALID [2022-02-20 17:58:58,832 INFO L290 TraceCheckUtils]: 53: Hoare triple {14907#false} assume !(test_~splverifierCounter~0#1 < 4); {14907#false} is VALID [2022-02-20 17:58:58,832 INFO L290 TraceCheckUtils]: 54: Hoare triple {14907#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {14907#false} is VALID [2022-02-20 17:58:58,832 INFO L272 TraceCheckUtils]: 55: Hoare triple {14907#false} call sendEmail(~bob~0, ~rjh~0); {14907#false} is VALID [2022-02-20 17:58:58,832 INFO L290 TraceCheckUtils]: 56: Hoare triple {14907#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {14907#false} is VALID [2022-02-20 17:58:58,832 INFO L272 TraceCheckUtils]: 57: Hoare triple {14907#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:58,833 INFO L290 TraceCheckUtils]: 58: Hoare triple {14985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,833 INFO L290 TraceCheckUtils]: 59: Hoare triple {14906#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,833 INFO L290 TraceCheckUtils]: 60: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,833 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {14906#true} {14907#false} #1083#return; {14907#false} is VALID [2022-02-20 17:58:58,833 INFO L272 TraceCheckUtils]: 62: Hoare triple {14907#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {14986#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:58,833 INFO L290 TraceCheckUtils]: 63: Hoare triple {14986#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,833 INFO L290 TraceCheckUtils]: 64: Hoare triple {14906#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,834 INFO L290 TraceCheckUtils]: 65: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,834 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {14906#true} {14907#false} #1085#return; {14907#false} is VALID [2022-02-20 17:58:58,834 INFO L290 TraceCheckUtils]: 67: Hoare triple {14907#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {14907#false} is VALID [2022-02-20 17:58:58,834 INFO L290 TraceCheckUtils]: 68: Hoare triple {14907#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {14907#false} is VALID [2022-02-20 17:58:58,834 INFO L272 TraceCheckUtils]: 69: Hoare triple {14907#false} call outgoing(~sender#1, ~email~0#1); {14907#false} is VALID [2022-02-20 17:58:58,834 INFO L290 TraceCheckUtils]: 70: Hoare triple {14907#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {14907#false} is VALID [2022-02-20 17:58:58,834 INFO L272 TraceCheckUtils]: 71: Hoare triple {14907#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {14906#true} is VALID [2022-02-20 17:58:58,834 INFO L290 TraceCheckUtils]: 72: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~9; {14906#true} is VALID [2022-02-20 17:58:58,835 INFO L290 TraceCheckUtils]: 73: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {14906#true} is VALID [2022-02-20 17:58:58,835 INFO L290 TraceCheckUtils]: 74: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,835 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {14906#true} {14907#false} #1015#return; {14907#false} is VALID [2022-02-20 17:58:58,835 INFO L290 TraceCheckUtils]: 76: Hoare triple {14907#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {14907#false} is VALID [2022-02-20 17:58:58,835 INFO L290 TraceCheckUtils]: 77: Hoare triple {14907#false} assume 0 == sign_~privkey~1#1; {14907#false} is VALID [2022-02-20 17:58:58,835 INFO L290 TraceCheckUtils]: 78: Hoare triple {14907#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {14907#false} is VALID [2022-02-20 17:58:58,835 INFO L272 TraceCheckUtils]: 79: Hoare triple {14907#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {14906#true} is VALID [2022-02-20 17:58:58,835 INFO L290 TraceCheckUtils]: 80: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~31; {14906#true} is VALID [2022-02-20 17:58:58,836 INFO L290 TraceCheckUtils]: 81: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {14906#true} is VALID [2022-02-20 17:58:58,836 INFO L290 TraceCheckUtils]: 82: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,836 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {14906#true} {14907#false} #1017#return; {14907#false} is VALID [2022-02-20 17:58:58,836 INFO L290 TraceCheckUtils]: 84: Hoare triple {14907#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {14907#false} is VALID [2022-02-20 17:58:58,836 INFO L272 TraceCheckUtils]: 85: Hoare triple {14907#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {14906#true} is VALID [2022-02-20 17:58:58,836 INFO L290 TraceCheckUtils]: 86: Hoare triple {14906#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {14906#true} is VALID [2022-02-20 17:58:58,836 INFO L290 TraceCheckUtils]: 87: Hoare triple {14906#true} assume 1 == ~handle; {14906#true} is VALID [2022-02-20 17:58:58,837 INFO L290 TraceCheckUtils]: 88: Hoare triple {14906#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {14906#true} is VALID [2022-02-20 17:58:58,837 INFO L290 TraceCheckUtils]: 89: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,837 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {14906#true} {14907#false} #1019#return; {14907#false} is VALID [2022-02-20 17:58:58,837 INFO L290 TraceCheckUtils]: 91: Hoare triple {14907#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {14907#false} is VALID [2022-02-20 17:58:58,837 INFO L290 TraceCheckUtils]: 92: Hoare triple {14907#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {14907#false} is VALID [2022-02-20 17:58:58,837 INFO L290 TraceCheckUtils]: 93: Hoare triple {14907#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {14907#false} is VALID [2022-02-20 17:58:58,837 INFO L290 TraceCheckUtils]: 94: Hoare triple {14907#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {14907#false} is VALID [2022-02-20 17:58:58,837 INFO L290 TraceCheckUtils]: 95: Hoare triple {14907#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {14907#false} is VALID [2022-02-20 17:58:58,838 INFO L272 TraceCheckUtils]: 96: Hoare triple {14907#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {14985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:58,838 INFO L290 TraceCheckUtils]: 97: Hoare triple {14985#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {14906#true} is VALID [2022-02-20 17:58:58,838 INFO L290 TraceCheckUtils]: 98: Hoare triple {14906#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {14906#true} is VALID [2022-02-20 17:58:58,838 INFO L290 TraceCheckUtils]: 99: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,838 INFO L284 TraceCheckUtils]: 100: Hoare quadruple {14906#true} {14907#false} #1025#return; {14907#false} is VALID [2022-02-20 17:58:58,838 INFO L290 TraceCheckUtils]: 101: Hoare triple {14907#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {14907#false} is VALID [2022-02-20 17:58:58,838 INFO L272 TraceCheckUtils]: 102: Hoare triple {14907#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {14906#true} is VALID [2022-02-20 17:58:58,838 INFO L290 TraceCheckUtils]: 103: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~36; {14906#true} is VALID [2022-02-20 17:58:58,839 INFO L290 TraceCheckUtils]: 104: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {14906#true} is VALID [2022-02-20 17:58:58,839 INFO L290 TraceCheckUtils]: 105: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,839 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {14906#true} {14907#false} #1027#return; {14907#false} is VALID [2022-02-20 17:58:58,839 INFO L290 TraceCheckUtils]: 107: Hoare triple {14907#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {14907#false} is VALID [2022-02-20 17:58:58,839 INFO L290 TraceCheckUtils]: 108: Hoare triple {14907#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {14907#false} is VALID [2022-02-20 17:58:58,839 INFO L272 TraceCheckUtils]: 109: Hoare triple {14907#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {14906#true} is VALID [2022-02-20 17:58:58,839 INFO L290 TraceCheckUtils]: 110: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~31; {14906#true} is VALID [2022-02-20 17:58:58,840 INFO L290 TraceCheckUtils]: 111: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {14906#true} is VALID [2022-02-20 17:58:58,840 INFO L290 TraceCheckUtils]: 112: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,840 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {14906#true} {14907#false} #1029#return; {14907#false} is VALID [2022-02-20 17:58:58,840 INFO L290 TraceCheckUtils]: 114: Hoare triple {14907#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {14907#false} is VALID [2022-02-20 17:58:58,840 INFO L272 TraceCheckUtils]: 115: Hoare triple {14907#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {14906#true} is VALID [2022-02-20 17:58:58,840 INFO L290 TraceCheckUtils]: 116: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~9; {14906#true} is VALID [2022-02-20 17:58:58,840 INFO L290 TraceCheckUtils]: 117: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {14906#true} is VALID [2022-02-20 17:58:58,840 INFO L290 TraceCheckUtils]: 118: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,841 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {14906#true} {14907#false} #1031#return; {14907#false} is VALID [2022-02-20 17:58:58,841 INFO L290 TraceCheckUtils]: 120: Hoare triple {14907#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {14907#false} is VALID [2022-02-20 17:58:58,841 INFO L290 TraceCheckUtils]: 121: Hoare triple {14907#false} assume !(0 != incoming_~privkey~0#1); {14907#false} is VALID [2022-02-20 17:58:58,841 INFO L290 TraceCheckUtils]: 122: Hoare triple {14907#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {14907#false} is VALID [2022-02-20 17:58:58,841 INFO L290 TraceCheckUtils]: 123: Hoare triple {14907#false} assume 1 == ~sent_signed~0; {14907#false} is VALID [2022-02-20 17:58:58,841 INFO L272 TraceCheckUtils]: 124: Hoare triple {14907#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {14906#true} is VALID [2022-02-20 17:58:58,841 INFO L290 TraceCheckUtils]: 125: Hoare triple {14906#true} ~handle := #in~handle;havoc ~retValue_acc~30; {14906#true} is VALID [2022-02-20 17:58:58,841 INFO L290 TraceCheckUtils]: 126: Hoare triple {14906#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {14906#true} is VALID [2022-02-20 17:58:58,842 INFO L290 TraceCheckUtils]: 127: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,842 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {14906#true} {14907#false} #1043#return; {14907#false} is VALID [2022-02-20 17:58:58,842 INFO L290 TraceCheckUtils]: 129: Hoare triple {14907#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {14907#false} is VALID [2022-02-20 17:58:58,842 INFO L272 TraceCheckUtils]: 130: Hoare triple {14907#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {14906#true} is VALID [2022-02-20 17:58:58,842 INFO L290 TraceCheckUtils]: 131: Hoare triple {14906#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {14906#true} is VALID [2022-02-20 17:58:58,842 INFO L290 TraceCheckUtils]: 132: Hoare triple {14906#true} assume 1 == ~handle; {14906#true} is VALID [2022-02-20 17:58:58,842 INFO L290 TraceCheckUtils]: 133: Hoare triple {14906#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {14906#true} is VALID [2022-02-20 17:58:58,843 INFO L290 TraceCheckUtils]: 134: Hoare triple {14906#true} assume true; {14906#true} is VALID [2022-02-20 17:58:58,843 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {14906#true} {14907#false} #1045#return; {14907#false} is VALID [2022-02-20 17:58:58,843 INFO L290 TraceCheckUtils]: 136: Hoare triple {14907#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {14907#false} is VALID [2022-02-20 17:58:58,843 INFO L290 TraceCheckUtils]: 137: Hoare triple {14907#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {14907#false} is VALID [2022-02-20 17:58:58,843 INFO L272 TraceCheckUtils]: 138: Hoare triple {14907#false} call __automaton_fail(); {14907#false} is VALID [2022-02-20 17:58:58,843 INFO L290 TraceCheckUtils]: 139: Hoare triple {14907#false} assume !false; {14907#false} is VALID [2022-02-20 17:58:58,844 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:58,844 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:58,844 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [973526871] [2022-02-20 17:58:58,844 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [973526871] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:58,844 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:58:58,844 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:58:58,845 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1118159616] [2022-02-20 17:58:58,845 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:58,845 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 140 [2022-02-20 17:58:58,846 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:58,846 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:58:58,940 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 119 edges. 119 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:58,941 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:58:58,941 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:58,942 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:58:58,942 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:58,942 INFO L87 Difference]: Start difference. First operand 427 states and 643 transitions. Second operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:59:07,498 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:07,500 INFO L93 Difference]: Finished difference Result 1024 states and 1542 transitions. [2022-02-20 17:59:07,500 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:59:07,500 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 140 [2022-02-20 17:59:07,501 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:07,501 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:59:07,539 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1356 transitions. [2022-02-20 17:59:07,539 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:59:07,558 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1356 transitions. [2022-02-20 17:59:07,558 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1356 transitions. [2022-02-20 17:59:08,818 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1356 edges. 1356 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:08,853 INFO L225 Difference]: With dead ends: 1024 [2022-02-20 17:59:08,853 INFO L226 Difference]: Without dead ends: 620 [2022-02-20 17:59:08,855 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:59:08,856 INFO L933 BasicCegarLoop]: 674 mSDtfsCounter, 1333 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 2407 mSolverCounterSat, 578 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1351 SdHoareTripleChecker+Valid, 1489 SdHoareTripleChecker+Invalid, 2985 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 578 IncrementalHoareTripleChecker+Valid, 2407 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:08,856 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1351 Valid, 1489 Invalid, 2985 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [578 Valid, 2407 Invalid, 0 Unknown, 0 Unchecked, 3.8s Time] [2022-02-20 17:59:08,857 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 620 states. [2022-02-20 17:59:08,964 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 620 to 427. [2022-02-20 17:59:08,964 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:08,965 INFO L82 GeneralOperation]: Start isEquivalent. First operand 620 states. Second operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (78), 72 states have call predecessors, (78), 72 states have call successors, (78) [2022-02-20 17:59:08,967 INFO L74 IsIncluded]: Start isIncluded. First operand 620 states. Second operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (78), 72 states have call predecessors, (78), 72 states have call successors, (78) [2022-02-20 17:59:08,968 INFO L87 Difference]: Start difference. First operand 620 states. Second operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (78), 72 states have call predecessors, (78), 72 states have call successors, (78) [2022-02-20 17:59:08,997 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:08,997 INFO L93 Difference]: Finished difference Result 620 states and 930 transitions. [2022-02-20 17:59:08,997 INFO L276 IsEmpty]: Start isEmpty. Operand 620 states and 930 transitions. [2022-02-20 17:59:09,001 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:09,001 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:09,003 INFO L74 IsIncluded]: Start isIncluded. First operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (78), 72 states have call predecessors, (78), 72 states have call successors, (78) Second operand 620 states. [2022-02-20 17:59:09,004 INFO L87 Difference]: Start difference. First operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (78), 72 states have call predecessors, (78), 72 states have call successors, (78) Second operand 620 states. [2022-02-20 17:59:09,034 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:09,034 INFO L93 Difference]: Finished difference Result 620 states and 930 transitions. [2022-02-20 17:59:09,034 INFO L276 IsEmpty]: Start isEmpty. Operand 620 states and 930 transitions. [2022-02-20 17:59:09,038 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:09,038 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:09,038 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:09,038 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:09,039 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 427 states, 326 states have (on average 1.5) internal successors, (489), 332 states have internal predecessors, (489), 75 states have call successors, (75), 24 states have call predecessors, (75), 25 states have return successors, (78), 72 states have call predecessors, (78), 72 states have call successors, (78) [2022-02-20 17:59:09,058 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 427 states to 427 states and 642 transitions. [2022-02-20 17:59:09,059 INFO L78 Accepts]: Start accepts. Automaton has 427 states and 642 transitions. Word has length 140 [2022-02-20 17:59:09,059 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:09,059 INFO L470 AbstractCegarLoop]: Abstraction has 427 states and 642 transitions. [2022-02-20 17:59:09,060 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.25) internal successors, (82), 5 states have internal predecessors, (82), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:59:09,060 INFO L276 IsEmpty]: Start isEmpty. Operand 427 states and 642 transitions. [2022-02-20 17:59:09,062 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 142 [2022-02-20 17:59:09,063 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:09,063 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:09,063 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:59:09,063 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:09,064 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:09,064 INFO L85 PathProgramCache]: Analyzing trace with hash 1534046852, now seen corresponding path program 2 times [2022-02-20 17:59:09,064 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:09,064 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [419643902] [2022-02-20 17:59:09,064 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:09,065 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:09,102 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,137 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:09,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,144 INFO L290 TraceCheckUtils]: 0: Hoare triple {18406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,144 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18330#true} #1097#return; {18330#true} is VALID [2022-02-20 17:59:09,150 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:09,151 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,153 INFO L290 TraceCheckUtils]: 0: Hoare triple {18407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,153 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,154 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,154 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18330#true} #1099#return; {18330#true} is VALID [2022-02-20 17:59:09,154 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:09,156 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {18406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume !(1 == ~handle); {18330#true} is VALID [2022-02-20 17:59:09,158 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,159 INFO L290 TraceCheckUtils]: 3: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,159 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18330#true} {18330#true} #1101#return; {18330#true} is VALID [2022-02-20 17:59:09,159 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:09,160 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,162 INFO L290 TraceCheckUtils]: 0: Hoare triple {18407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,162 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume !(1 == ~handle); {18330#true} is VALID [2022-02-20 17:59:09,162 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,162 INFO L290 TraceCheckUtils]: 3: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,163 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18330#true} {18330#true} #1103#return; {18330#true} is VALID [2022-02-20 17:59:09,163 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:09,164 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,178 INFO L290 TraceCheckUtils]: 0: Hoare triple {18406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,179 INFO L290 TraceCheckUtils]: 1: Hoare triple {18408#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,179 INFO L290 TraceCheckUtils]: 2: Hoare triple {18408#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18409#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,180 INFO L290 TraceCheckUtils]: 3: Hoare triple {18409#(= 2 |setClientId_#in~handle|)} assume true; {18409#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,180 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18409#(= 2 |setClientId_#in~handle|)} {18350#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1105#return; {18331#false} is VALID [2022-02-20 17:59:09,180 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:59:09,182 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,184 INFO L290 TraceCheckUtils]: 0: Hoare triple {18407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,184 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,184 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,184 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1107#return; {18331#false} is VALID [2022-02-20 17:59:09,194 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:09,195 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,197 INFO L290 TraceCheckUtils]: 0: Hoare triple {18410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,197 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,197 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,197 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1083#return; {18331#false} is VALID [2022-02-20 17:59:09,204 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:59:09,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,207 INFO L290 TraceCheckUtils]: 0: Hoare triple {18411#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,207 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,207 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,208 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1085#return; {18331#false} is VALID [2022-02-20 17:59:09,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:59:09,217 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,220 INFO L290 TraceCheckUtils]: 0: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18330#true} is VALID [2022-02-20 17:59:09,220 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18330#true} is VALID [2022-02-20 17:59:09,220 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,220 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1015#return; {18331#false} is VALID [2022-02-20 17:59:09,220 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:59:09,221 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,223 INFO L290 TraceCheckUtils]: 0: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~31; {18330#true} is VALID [2022-02-20 17:59:09,223 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {18330#true} is VALID [2022-02-20 17:59:09,223 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,223 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1017#return; {18331#false} is VALID [2022-02-20 17:59:09,223 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:59:09,224 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,226 INFO L290 TraceCheckUtils]: 0: Hoare triple {18330#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {18330#true} is VALID [2022-02-20 17:59:09,226 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle; {18330#true} is VALID [2022-02-20 17:59:09,226 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {18330#true} is VALID [2022-02-20 17:59:09,226 INFO L290 TraceCheckUtils]: 3: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,226 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18330#true} {18331#false} #1019#return; {18331#false} is VALID [2022-02-20 17:59:09,226 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 97 [2022-02-20 17:59:09,227 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,230 INFO L290 TraceCheckUtils]: 0: Hoare triple {18410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,230 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,230 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1025#return; {18331#false} is VALID [2022-02-20 17:59:09,230 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:59:09,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,244 INFO L290 TraceCheckUtils]: 0: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18330#true} is VALID [2022-02-20 17:59:09,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {18330#true} is VALID [2022-02-20 17:59:09,244 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,244 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1027#return; {18331#false} is VALID [2022-02-20 17:59:09,245 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 110 [2022-02-20 17:59:09,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,247 INFO L290 TraceCheckUtils]: 0: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~31; {18330#true} is VALID [2022-02-20 17:59:09,248 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {18330#true} is VALID [2022-02-20 17:59:09,248 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,248 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1029#return; {18331#false} is VALID [2022-02-20 17:59:09,248 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 17:59:09,249 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,251 INFO L290 TraceCheckUtils]: 0: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18330#true} is VALID [2022-02-20 17:59:09,252 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18330#true} is VALID [2022-02-20 17:59:09,252 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,252 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1031#return; {18331#false} is VALID [2022-02-20 17:59:09,252 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:59:09,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,256 INFO L290 TraceCheckUtils]: 0: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~30; {18330#true} is VALID [2022-02-20 17:59:09,256 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {18330#true} is VALID [2022-02-20 17:59:09,256 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,256 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {18330#true} {18331#false} #1043#return; {18331#false} is VALID [2022-02-20 17:59:09,256 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:59:09,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:09,259 INFO L290 TraceCheckUtils]: 0: Hoare triple {18330#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {18330#true} is VALID [2022-02-20 17:59:09,259 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume 1 == ~handle; {18330#true} is VALID [2022-02-20 17:59:09,259 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {18330#true} is VALID [2022-02-20 17:59:09,259 INFO L290 TraceCheckUtils]: 3: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,259 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {18330#true} {18331#false} #1045#return; {18331#false} is VALID [2022-02-20 17:59:09,260 INFO L290 TraceCheckUtils]: 0: Hoare triple {18330#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {18330#true} is VALID [2022-02-20 17:59:09,260 INFO L290 TraceCheckUtils]: 1: Hoare triple {18330#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {18330#true} is VALID [2022-02-20 17:59:09,260 INFO L290 TraceCheckUtils]: 2: Hoare triple {18330#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18330#true} is VALID [2022-02-20 17:59:09,260 INFO L290 TraceCheckUtils]: 3: Hoare triple {18330#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {18330#true} is VALID [2022-02-20 17:59:09,260 INFO L290 TraceCheckUtils]: 4: Hoare triple {18330#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {18330#true} is VALID [2022-02-20 17:59:09,260 INFO L290 TraceCheckUtils]: 5: Hoare triple {18330#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {18330#true} is VALID [2022-02-20 17:59:09,261 INFO L272 TraceCheckUtils]: 6: Hoare triple {18330#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {18406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:09,261 INFO L290 TraceCheckUtils]: 7: Hoare triple {18406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,261 INFO L290 TraceCheckUtils]: 8: Hoare triple {18330#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,261 INFO L290 TraceCheckUtils]: 9: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,262 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18330#true} {18330#true} #1097#return; {18330#true} is VALID [2022-02-20 17:59:09,262 INFO L290 TraceCheckUtils]: 11: Hoare triple {18330#true} assume { :end_inline_setup_bob__wrappee__Base } true; {18330#true} is VALID [2022-02-20 17:59:09,262 INFO L272 TraceCheckUtils]: 12: Hoare triple {18330#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {18407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:09,262 INFO L290 TraceCheckUtils]: 13: Hoare triple {18407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,263 INFO L290 TraceCheckUtils]: 14: Hoare triple {18330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,263 INFO L290 TraceCheckUtils]: 15: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,263 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {18330#true} {18330#true} #1099#return; {18330#true} is VALID [2022-02-20 17:59:09,263 INFO L290 TraceCheckUtils]: 17: Hoare triple {18330#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {18330#true} is VALID [2022-02-20 17:59:09,264 INFO L272 TraceCheckUtils]: 18: Hoare triple {18330#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {18406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:09,264 INFO L290 TraceCheckUtils]: 19: Hoare triple {18406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,264 INFO L290 TraceCheckUtils]: 20: Hoare triple {18330#true} assume !(1 == ~handle); {18330#true} is VALID [2022-02-20 17:59:09,264 INFO L290 TraceCheckUtils]: 21: Hoare triple {18330#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,264 INFO L290 TraceCheckUtils]: 22: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,264 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {18330#true} {18330#true} #1101#return; {18330#true} is VALID [2022-02-20 17:59:09,264 INFO L290 TraceCheckUtils]: 24: Hoare triple {18330#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {18330#true} is VALID [2022-02-20 17:59:09,265 INFO L272 TraceCheckUtils]: 25: Hoare triple {18330#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {18407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:09,265 INFO L290 TraceCheckUtils]: 26: Hoare triple {18407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,265 INFO L290 TraceCheckUtils]: 27: Hoare triple {18330#true} assume !(1 == ~handle); {18330#true} is VALID [2022-02-20 17:59:09,265 INFO L290 TraceCheckUtils]: 28: Hoare triple {18330#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,266 INFO L290 TraceCheckUtils]: 29: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,266 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {18330#true} {18330#true} #1103#return; {18330#true} is VALID [2022-02-20 17:59:09,266 INFO L290 TraceCheckUtils]: 31: Hoare triple {18330#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {18350#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:09,267 INFO L272 TraceCheckUtils]: 32: Hoare triple {18350#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {18406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:09,267 INFO L290 TraceCheckUtils]: 33: Hoare triple {18406#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {18408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,267 INFO L290 TraceCheckUtils]: 34: Hoare triple {18408#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {18408#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,268 INFO L290 TraceCheckUtils]: 35: Hoare triple {18408#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {18409#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,268 INFO L290 TraceCheckUtils]: 36: Hoare triple {18409#(= 2 |setClientId_#in~handle|)} assume true; {18409#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:09,269 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {18409#(= 2 |setClientId_#in~handle|)} {18350#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1105#return; {18331#false} is VALID [2022-02-20 17:59:09,269 INFO L290 TraceCheckUtils]: 38: Hoare triple {18331#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {18331#false} is VALID [2022-02-20 17:59:09,269 INFO L272 TraceCheckUtils]: 39: Hoare triple {18331#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {18407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:09,269 INFO L290 TraceCheckUtils]: 40: Hoare triple {18407#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,269 INFO L290 TraceCheckUtils]: 41: Hoare triple {18330#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,269 INFO L290 TraceCheckUtils]: 42: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,269 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {18330#true} {18331#false} #1107#return; {18331#false} is VALID [2022-02-20 17:59:09,270 INFO L290 TraceCheckUtils]: 44: Hoare triple {18331#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {18331#false} is VALID [2022-02-20 17:59:09,270 INFO L290 TraceCheckUtils]: 45: Hoare triple {18331#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {18331#false} is VALID [2022-02-20 17:59:09,270 INFO L290 TraceCheckUtils]: 46: Hoare triple {18331#false} assume !false; {18331#false} is VALID [2022-02-20 17:59:09,270 INFO L290 TraceCheckUtils]: 47: Hoare triple {18331#false} assume test_~splverifierCounter~0#1 < 4; {18331#false} is VALID [2022-02-20 17:59:09,270 INFO L290 TraceCheckUtils]: 48: Hoare triple {18331#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {18331#false} is VALID [2022-02-20 17:59:09,270 INFO L290 TraceCheckUtils]: 49: Hoare triple {18331#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {18331#false} is VALID [2022-02-20 17:59:09,270 INFO L290 TraceCheckUtils]: 50: Hoare triple {18331#false} assume !(0 != test_~tmp___9~0#1); {18331#false} is VALID [2022-02-20 17:59:09,271 INFO L290 TraceCheckUtils]: 51: Hoare triple {18331#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {18331#false} is VALID [2022-02-20 17:59:09,271 INFO L290 TraceCheckUtils]: 52: Hoare triple {18331#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {18331#false} is VALID [2022-02-20 17:59:09,271 INFO L290 TraceCheckUtils]: 53: Hoare triple {18331#false} assume !false; {18331#false} is VALID [2022-02-20 17:59:09,271 INFO L290 TraceCheckUtils]: 54: Hoare triple {18331#false} assume !(test_~splverifierCounter~0#1 < 4); {18331#false} is VALID [2022-02-20 17:59:09,271 INFO L290 TraceCheckUtils]: 55: Hoare triple {18331#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {18331#false} is VALID [2022-02-20 17:59:09,271 INFO L272 TraceCheckUtils]: 56: Hoare triple {18331#false} call sendEmail(~bob~0, ~rjh~0); {18331#false} is VALID [2022-02-20 17:59:09,271 INFO L290 TraceCheckUtils]: 57: Hoare triple {18331#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {18331#false} is VALID [2022-02-20 17:59:09,272 INFO L272 TraceCheckUtils]: 58: Hoare triple {18331#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {18410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:09,272 INFO L290 TraceCheckUtils]: 59: Hoare triple {18410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,272 INFO L290 TraceCheckUtils]: 60: Hoare triple {18330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,272 INFO L290 TraceCheckUtils]: 61: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,272 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {18330#true} {18331#false} #1083#return; {18331#false} is VALID [2022-02-20 17:59:09,272 INFO L272 TraceCheckUtils]: 63: Hoare triple {18331#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {18411#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:09,272 INFO L290 TraceCheckUtils]: 64: Hoare triple {18411#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,273 INFO L290 TraceCheckUtils]: 65: Hoare triple {18330#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,273 INFO L290 TraceCheckUtils]: 66: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,273 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {18330#true} {18331#false} #1085#return; {18331#false} is VALID [2022-02-20 17:59:09,273 INFO L290 TraceCheckUtils]: 68: Hoare triple {18331#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {18331#false} is VALID [2022-02-20 17:59:09,273 INFO L290 TraceCheckUtils]: 69: Hoare triple {18331#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {18331#false} is VALID [2022-02-20 17:59:09,273 INFO L272 TraceCheckUtils]: 70: Hoare triple {18331#false} call outgoing(~sender#1, ~email~0#1); {18331#false} is VALID [2022-02-20 17:59:09,273 INFO L290 TraceCheckUtils]: 71: Hoare triple {18331#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {18331#false} is VALID [2022-02-20 17:59:09,274 INFO L272 TraceCheckUtils]: 72: Hoare triple {18331#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {18330#true} is VALID [2022-02-20 17:59:09,274 INFO L290 TraceCheckUtils]: 73: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18330#true} is VALID [2022-02-20 17:59:09,274 INFO L290 TraceCheckUtils]: 74: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18330#true} is VALID [2022-02-20 17:59:09,274 INFO L290 TraceCheckUtils]: 75: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,274 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18330#true} {18331#false} #1015#return; {18331#false} is VALID [2022-02-20 17:59:09,274 INFO L290 TraceCheckUtils]: 77: Hoare triple {18331#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {18331#false} is VALID [2022-02-20 17:59:09,274 INFO L290 TraceCheckUtils]: 78: Hoare triple {18331#false} assume 0 == sign_~privkey~1#1; {18331#false} is VALID [2022-02-20 17:59:09,274 INFO L290 TraceCheckUtils]: 79: Hoare triple {18331#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {18331#false} is VALID [2022-02-20 17:59:09,275 INFO L272 TraceCheckUtils]: 80: Hoare triple {18331#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {18330#true} is VALID [2022-02-20 17:59:09,275 INFO L290 TraceCheckUtils]: 81: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~31; {18330#true} is VALID [2022-02-20 17:59:09,275 INFO L290 TraceCheckUtils]: 82: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {18330#true} is VALID [2022-02-20 17:59:09,275 INFO L290 TraceCheckUtils]: 83: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,275 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {18330#true} {18331#false} #1017#return; {18331#false} is VALID [2022-02-20 17:59:09,275 INFO L290 TraceCheckUtils]: 85: Hoare triple {18331#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {18331#false} is VALID [2022-02-20 17:59:09,275 INFO L272 TraceCheckUtils]: 86: Hoare triple {18331#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {18330#true} is VALID [2022-02-20 17:59:09,276 INFO L290 TraceCheckUtils]: 87: Hoare triple {18330#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {18330#true} is VALID [2022-02-20 17:59:09,276 INFO L290 TraceCheckUtils]: 88: Hoare triple {18330#true} assume 1 == ~handle; {18330#true} is VALID [2022-02-20 17:59:09,276 INFO L290 TraceCheckUtils]: 89: Hoare triple {18330#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {18330#true} is VALID [2022-02-20 17:59:09,276 INFO L290 TraceCheckUtils]: 90: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,276 INFO L284 TraceCheckUtils]: 91: Hoare quadruple {18330#true} {18331#false} #1019#return; {18331#false} is VALID [2022-02-20 17:59:09,276 INFO L290 TraceCheckUtils]: 92: Hoare triple {18331#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {18331#false} is VALID [2022-02-20 17:59:09,276 INFO L290 TraceCheckUtils]: 93: Hoare triple {18331#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {18331#false} is VALID [2022-02-20 17:59:09,277 INFO L290 TraceCheckUtils]: 94: Hoare triple {18331#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {18331#false} is VALID [2022-02-20 17:59:09,277 INFO L290 TraceCheckUtils]: 95: Hoare triple {18331#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {18331#false} is VALID [2022-02-20 17:59:09,277 INFO L290 TraceCheckUtils]: 96: Hoare triple {18331#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {18331#false} is VALID [2022-02-20 17:59:09,277 INFO L272 TraceCheckUtils]: 97: Hoare triple {18331#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {18410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:09,277 INFO L290 TraceCheckUtils]: 98: Hoare triple {18410#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {18330#true} is VALID [2022-02-20 17:59:09,277 INFO L290 TraceCheckUtils]: 99: Hoare triple {18330#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {18330#true} is VALID [2022-02-20 17:59:09,277 INFO L290 TraceCheckUtils]: 100: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,277 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {18330#true} {18331#false} #1025#return; {18331#false} is VALID [2022-02-20 17:59:09,278 INFO L290 TraceCheckUtils]: 102: Hoare triple {18331#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {18331#false} is VALID [2022-02-20 17:59:09,278 INFO L272 TraceCheckUtils]: 103: Hoare triple {18331#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {18330#true} is VALID [2022-02-20 17:59:09,278 INFO L290 TraceCheckUtils]: 104: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~36; {18330#true} is VALID [2022-02-20 17:59:09,278 INFO L290 TraceCheckUtils]: 105: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {18330#true} is VALID [2022-02-20 17:59:09,278 INFO L290 TraceCheckUtils]: 106: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,278 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {18330#true} {18331#false} #1027#return; {18331#false} is VALID [2022-02-20 17:59:09,278 INFO L290 TraceCheckUtils]: 108: Hoare triple {18331#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {18331#false} is VALID [2022-02-20 17:59:09,279 INFO L290 TraceCheckUtils]: 109: Hoare triple {18331#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {18331#false} is VALID [2022-02-20 17:59:09,279 INFO L272 TraceCheckUtils]: 110: Hoare triple {18331#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {18330#true} is VALID [2022-02-20 17:59:09,279 INFO L290 TraceCheckUtils]: 111: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~31; {18330#true} is VALID [2022-02-20 17:59:09,279 INFO L290 TraceCheckUtils]: 112: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {18330#true} is VALID [2022-02-20 17:59:09,279 INFO L290 TraceCheckUtils]: 113: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,279 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {18330#true} {18331#false} #1029#return; {18331#false} is VALID [2022-02-20 17:59:09,279 INFO L290 TraceCheckUtils]: 115: Hoare triple {18331#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {18331#false} is VALID [2022-02-20 17:59:09,280 INFO L272 TraceCheckUtils]: 116: Hoare triple {18331#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {18330#true} is VALID [2022-02-20 17:59:09,280 INFO L290 TraceCheckUtils]: 117: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~9; {18330#true} is VALID [2022-02-20 17:59:09,280 INFO L290 TraceCheckUtils]: 118: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {18330#true} is VALID [2022-02-20 17:59:09,280 INFO L290 TraceCheckUtils]: 119: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,280 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {18330#true} {18331#false} #1031#return; {18331#false} is VALID [2022-02-20 17:59:09,280 INFO L290 TraceCheckUtils]: 121: Hoare triple {18331#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {18331#false} is VALID [2022-02-20 17:59:09,280 INFO L290 TraceCheckUtils]: 122: Hoare triple {18331#false} assume !(0 != incoming_~privkey~0#1); {18331#false} is VALID [2022-02-20 17:59:09,280 INFO L290 TraceCheckUtils]: 123: Hoare triple {18331#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {18331#false} is VALID [2022-02-20 17:59:09,281 INFO L290 TraceCheckUtils]: 124: Hoare triple {18331#false} assume 1 == ~sent_signed~0; {18331#false} is VALID [2022-02-20 17:59:09,281 INFO L272 TraceCheckUtils]: 125: Hoare triple {18331#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {18330#true} is VALID [2022-02-20 17:59:09,281 INFO L290 TraceCheckUtils]: 126: Hoare triple {18330#true} ~handle := #in~handle;havoc ~retValue_acc~30; {18330#true} is VALID [2022-02-20 17:59:09,281 INFO L290 TraceCheckUtils]: 127: Hoare triple {18330#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {18330#true} is VALID [2022-02-20 17:59:09,281 INFO L290 TraceCheckUtils]: 128: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,281 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {18330#true} {18331#false} #1043#return; {18331#false} is VALID [2022-02-20 17:59:09,281 INFO L290 TraceCheckUtils]: 130: Hoare triple {18331#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {18331#false} is VALID [2022-02-20 17:59:09,282 INFO L272 TraceCheckUtils]: 131: Hoare triple {18331#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {18330#true} is VALID [2022-02-20 17:59:09,282 INFO L290 TraceCheckUtils]: 132: Hoare triple {18330#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {18330#true} is VALID [2022-02-20 17:59:09,282 INFO L290 TraceCheckUtils]: 133: Hoare triple {18330#true} assume 1 == ~handle; {18330#true} is VALID [2022-02-20 17:59:09,282 INFO L290 TraceCheckUtils]: 134: Hoare triple {18330#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {18330#true} is VALID [2022-02-20 17:59:09,282 INFO L290 TraceCheckUtils]: 135: Hoare triple {18330#true} assume true; {18330#true} is VALID [2022-02-20 17:59:09,282 INFO L284 TraceCheckUtils]: 136: Hoare quadruple {18330#true} {18331#false} #1045#return; {18331#false} is VALID [2022-02-20 17:59:09,282 INFO L290 TraceCheckUtils]: 137: Hoare triple {18331#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {18331#false} is VALID [2022-02-20 17:59:09,283 INFO L290 TraceCheckUtils]: 138: Hoare triple {18331#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {18331#false} is VALID [2022-02-20 17:59:09,283 INFO L272 TraceCheckUtils]: 139: Hoare triple {18331#false} call __automaton_fail(); {18331#false} is VALID [2022-02-20 17:59:09,283 INFO L290 TraceCheckUtils]: 140: Hoare triple {18331#false} assume !false; {18331#false} is VALID [2022-02-20 17:59:09,283 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:59:09,284 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:09,284 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [419643902] [2022-02-20 17:59:09,284 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [419643902] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:09,284 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:09,284 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:59:09,284 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2058477379] [2022-02-20 17:59:09,284 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:09,285 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 141 [2022-02-20 17:59:09,286 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:09,286 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:59:09,372 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 120 edges. 120 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:09,373 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:59:09,373 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:09,373 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:59:09,373 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:09,374 INFO L87 Difference]: Start difference. First operand 427 states and 642 transitions. Second operand has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:59:16,946 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:16,946 INFO L93 Difference]: Finished difference Result 1026 states and 1545 transitions. [2022-02-20 17:59:16,946 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:59:16,947 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) Word has length 141 [2022-02-20 17:59:16,948 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:16,948 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:59:16,967 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1357 transitions. [2022-02-20 17:59:16,968 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:59:16,987 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1357 transitions. [2022-02-20 17:59:16,987 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1357 transitions. [2022-02-20 17:59:18,220 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1357 edges. 1357 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:18,249 INFO L225 Difference]: With dead ends: 1026 [2022-02-20 17:59:18,249 INFO L226 Difference]: Without dead ends: 622 [2022-02-20 17:59:18,251 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:59:18,251 INFO L933 BasicCegarLoop]: 682 mSDtfsCounter, 1325 mSDsluCounter, 815 mSDsCounter, 0 mSdLazyCounter, 2443 mSolverCounterSat, 586 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1342 SdHoareTripleChecker+Valid, 1497 SdHoareTripleChecker+Invalid, 3029 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 586 IncrementalHoareTripleChecker+Valid, 2443 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 3.4s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:18,252 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1342 Valid, 1497 Invalid, 3029 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [586 Valid, 2443 Invalid, 0 Unknown, 0 Unchecked, 3.4s Time] [2022-02-20 17:59:18,253 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 622 states. [2022-02-20 17:59:18,344 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 622 to 429. [2022-02-20 17:59:18,344 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:18,346 INFO L82 GeneralOperation]: Start isEquivalent. First operand 622 states. Second operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (80), 72 states have call predecessors, (80), 72 states have call successors, (80) [2022-02-20 17:59:18,347 INFO L74 IsIncluded]: Start isIncluded. First operand 622 states. Second operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (80), 72 states have call predecessors, (80), 72 states have call successors, (80) [2022-02-20 17:59:18,348 INFO L87 Difference]: Start difference. First operand 622 states. Second operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (80), 72 states have call predecessors, (80), 72 states have call successors, (80) [2022-02-20 17:59:18,376 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:18,376 INFO L93 Difference]: Finished difference Result 622 states and 933 transitions. [2022-02-20 17:59:18,376 INFO L276 IsEmpty]: Start isEmpty. Operand 622 states and 933 transitions. [2022-02-20 17:59:18,380 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:18,380 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:18,390 INFO L74 IsIncluded]: Start isIncluded. First operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (80), 72 states have call predecessors, (80), 72 states have call successors, (80) Second operand 622 states. [2022-02-20 17:59:18,392 INFO L87 Difference]: Start difference. First operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (80), 72 states have call predecessors, (80), 72 states have call successors, (80) Second operand 622 states. [2022-02-20 17:59:18,419 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:18,419 INFO L93 Difference]: Finished difference Result 622 states and 933 transitions. [2022-02-20 17:59:18,419 INFO L276 IsEmpty]: Start isEmpty. Operand 622 states and 933 transitions. [2022-02-20 17:59:18,423 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:18,423 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:18,423 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:18,423 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:18,424 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (80), 72 states have call predecessors, (80), 72 states have call successors, (80) [2022-02-20 17:59:18,442 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 429 states to 429 states and 645 transitions. [2022-02-20 17:59:18,443 INFO L78 Accepts]: Start accepts. Automaton has 429 states and 645 transitions. Word has length 141 [2022-02-20 17:59:18,443 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:18,443 INFO L470 AbstractCegarLoop]: Abstraction has 429 states and 645 transitions. [2022-02-20 17:59:18,444 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 10.375) internal successors, (83), 5 states have internal predecessors, (83), 3 states have call successors, (20), 6 states have call predecessors, (20), 2 states have return successors, (17), 2 states have call predecessors, (17), 3 states have call successors, (17) [2022-02-20 17:59:18,444 INFO L276 IsEmpty]: Start isEmpty. Operand 429 states and 645 transitions. [2022-02-20 17:59:18,446 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 143 [2022-02-20 17:59:18,446 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:18,446 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:18,446 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:59:18,447 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:18,447 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:18,447 INFO L85 PathProgramCache]: Analyzing trace with hash -1962358169, now seen corresponding path program 1 times [2022-02-20 17:59:18,447 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:18,448 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [826807388] [2022-02-20 17:59:18,448 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:18,448 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:18,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,519 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:18,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,523 INFO L290 TraceCheckUtils]: 0: Hoare triple {21841#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,524 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,524 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,524 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21763#true} #1097#return; {21763#true} is VALID [2022-02-20 17:59:18,530 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:18,531 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,533 INFO L290 TraceCheckUtils]: 0: Hoare triple {21842#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,533 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,533 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,533 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21763#true} #1099#return; {21763#true} is VALID [2022-02-20 17:59:18,534 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:18,535 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,537 INFO L290 TraceCheckUtils]: 0: Hoare triple {21841#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,537 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume !(1 == ~handle); {21763#true} is VALID [2022-02-20 17:59:18,537 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,538 INFO L290 TraceCheckUtils]: 3: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,538 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21763#true} {21763#true} #1101#return; {21763#true} is VALID [2022-02-20 17:59:18,538 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:18,539 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,541 INFO L290 TraceCheckUtils]: 0: Hoare triple {21842#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,542 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume !(1 == ~handle); {21763#true} is VALID [2022-02-20 17:59:18,542 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,542 INFO L290 TraceCheckUtils]: 3: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,542 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21763#true} {21763#true} #1103#return; {21763#true} is VALID [2022-02-20 17:59:18,542 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:18,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {21841#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21843#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,560 INFO L290 TraceCheckUtils]: 1: Hoare triple {21843#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21843#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,560 INFO L290 TraceCheckUtils]: 2: Hoare triple {21843#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21843#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,560 INFO L290 TraceCheckUtils]: 3: Hoare triple {21843#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21844#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,561 INFO L290 TraceCheckUtils]: 4: Hoare triple {21844#(= 3 |setClientId_#in~handle|)} assume true; {21844#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,561 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {21844#(= 3 |setClientId_#in~handle|)} {21783#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1105#return; {21790#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:59:18,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:18,563 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,578 INFO L290 TraceCheckUtils]: 0: Hoare triple {21842#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21845#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:18,579 INFO L290 TraceCheckUtils]: 1: Hoare triple {21845#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21846#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:18,579 INFO L290 TraceCheckUtils]: 2: Hoare triple {21846#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21846#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:18,580 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21846#(= |setClientPrivateKey_#in~handle| 1)} {21790#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1107#return; {21764#false} is VALID [2022-02-20 17:59:18,588 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:59:18,589 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,592 INFO L290 TraceCheckUtils]: 0: Hoare triple {21847#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,592 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,592 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,592 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21764#false} #1083#return; {21764#false} is VALID [2022-02-20 17:59:18,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:59:18,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {21848#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21764#false} #1085#return; {21764#false} is VALID [2022-02-20 17:59:18,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:59:18,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,608 INFO L290 TraceCheckUtils]: 0: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21763#true} is VALID [2022-02-20 17:59:18,608 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21763#true} is VALID [2022-02-20 17:59:18,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,608 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21764#false} #1015#return; {21764#false} is VALID [2022-02-20 17:59:18,608 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:59:18,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~31; {21763#true} is VALID [2022-02-20 17:59:18,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {21763#true} is VALID [2022-02-20 17:59:18,611 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,611 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21764#false} #1017#return; {21764#false} is VALID [2022-02-20 17:59:18,611 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 17:59:18,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {21763#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {21763#true} is VALID [2022-02-20 17:59:18,614 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle; {21763#true} is VALID [2022-02-20 17:59:18,614 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {21763#true} is VALID [2022-02-20 17:59:18,614 INFO L290 TraceCheckUtils]: 3: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,614 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21763#true} {21764#false} #1019#return; {21764#false} is VALID [2022-02-20 17:59:18,615 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:59:18,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,617 INFO L290 TraceCheckUtils]: 0: Hoare triple {21847#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,617 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,617 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,618 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21764#false} #1025#return; {21764#false} is VALID [2022-02-20 17:59:18,618 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:59:18,618 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,620 INFO L290 TraceCheckUtils]: 0: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21763#true} is VALID [2022-02-20 17:59:18,620 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {21763#true} is VALID [2022-02-20 17:59:18,620 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,620 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21764#false} #1027#return; {21764#false} is VALID [2022-02-20 17:59:18,621 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:59:18,622 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,624 INFO L290 TraceCheckUtils]: 0: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~31; {21763#true} is VALID [2022-02-20 17:59:18,624 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {21763#true} is VALID [2022-02-20 17:59:18,624 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,624 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21764#false} #1029#return; {21764#false} is VALID [2022-02-20 17:59:18,625 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 117 [2022-02-20 17:59:18,625 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21763#true} is VALID [2022-02-20 17:59:18,627 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21763#true} is VALID [2022-02-20 17:59:18,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,628 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21764#false} #1031#return; {21764#false} is VALID [2022-02-20 17:59:18,628 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 17:59:18,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,631 INFO L290 TraceCheckUtils]: 0: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~30; {21763#true} is VALID [2022-02-20 17:59:18,631 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {21763#true} is VALID [2022-02-20 17:59:18,632 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,632 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21763#true} {21764#false} #1043#return; {21764#false} is VALID [2022-02-20 17:59:18,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 132 [2022-02-20 17:59:18,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:18,636 INFO L290 TraceCheckUtils]: 0: Hoare triple {21763#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {21763#true} is VALID [2022-02-20 17:59:18,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume 1 == ~handle; {21763#true} is VALID [2022-02-20 17:59:18,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {21763#true} is VALID [2022-02-20 17:59:18,636 INFO L290 TraceCheckUtils]: 3: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,636 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21763#true} {21764#false} #1045#return; {21764#false} is VALID [2022-02-20 17:59:18,637 INFO L290 TraceCheckUtils]: 0: Hoare triple {21763#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {21763#true} is VALID [2022-02-20 17:59:18,637 INFO L290 TraceCheckUtils]: 1: Hoare triple {21763#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {21763#true} is VALID [2022-02-20 17:59:18,637 INFO L290 TraceCheckUtils]: 2: Hoare triple {21763#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21763#true} is VALID [2022-02-20 17:59:18,637 INFO L290 TraceCheckUtils]: 3: Hoare triple {21763#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {21763#true} is VALID [2022-02-20 17:59:18,637 INFO L290 TraceCheckUtils]: 4: Hoare triple {21763#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {21763#true} is VALID [2022-02-20 17:59:18,638 INFO L290 TraceCheckUtils]: 5: Hoare triple {21763#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21763#true} is VALID [2022-02-20 17:59:18,638 INFO L272 TraceCheckUtils]: 6: Hoare triple {21763#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21841#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:18,638 INFO L290 TraceCheckUtils]: 7: Hoare triple {21841#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,639 INFO L290 TraceCheckUtils]: 8: Hoare triple {21763#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,639 INFO L290 TraceCheckUtils]: 9: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,639 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21763#true} {21763#true} #1097#return; {21763#true} is VALID [2022-02-20 17:59:18,639 INFO L290 TraceCheckUtils]: 11: Hoare triple {21763#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21763#true} is VALID [2022-02-20 17:59:18,640 INFO L272 TraceCheckUtils]: 12: Hoare triple {21763#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21842#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:18,640 INFO L290 TraceCheckUtils]: 13: Hoare triple {21842#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,640 INFO L290 TraceCheckUtils]: 14: Hoare triple {21763#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,640 INFO L290 TraceCheckUtils]: 15: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,640 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21763#true} {21763#true} #1099#return; {21763#true} is VALID [2022-02-20 17:59:18,640 INFO L290 TraceCheckUtils]: 17: Hoare triple {21763#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21763#true} is VALID [2022-02-20 17:59:18,641 INFO L272 TraceCheckUtils]: 18: Hoare triple {21763#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21841#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:18,641 INFO L290 TraceCheckUtils]: 19: Hoare triple {21841#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,641 INFO L290 TraceCheckUtils]: 20: Hoare triple {21763#true} assume !(1 == ~handle); {21763#true} is VALID [2022-02-20 17:59:18,641 INFO L290 TraceCheckUtils]: 21: Hoare triple {21763#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,641 INFO L290 TraceCheckUtils]: 22: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,642 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21763#true} {21763#true} #1101#return; {21763#true} is VALID [2022-02-20 17:59:18,642 INFO L290 TraceCheckUtils]: 24: Hoare triple {21763#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21763#true} is VALID [2022-02-20 17:59:18,642 INFO L272 TraceCheckUtils]: 25: Hoare triple {21763#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21842#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:18,642 INFO L290 TraceCheckUtils]: 26: Hoare triple {21842#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,643 INFO L290 TraceCheckUtils]: 27: Hoare triple {21763#true} assume !(1 == ~handle); {21763#true} is VALID [2022-02-20 17:59:18,643 INFO L290 TraceCheckUtils]: 28: Hoare triple {21763#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,643 INFO L290 TraceCheckUtils]: 29: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,643 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21763#true} {21763#true} #1103#return; {21763#true} is VALID [2022-02-20 17:59:18,643 INFO L290 TraceCheckUtils]: 31: Hoare triple {21763#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21783#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:18,644 INFO L272 TraceCheckUtils]: 32: Hoare triple {21783#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21841#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:18,645 INFO L290 TraceCheckUtils]: 33: Hoare triple {21841#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21843#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,645 INFO L290 TraceCheckUtils]: 34: Hoare triple {21843#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21843#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,645 INFO L290 TraceCheckUtils]: 35: Hoare triple {21843#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {21843#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,646 INFO L290 TraceCheckUtils]: 36: Hoare triple {21843#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {21844#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,646 INFO L290 TraceCheckUtils]: 37: Hoare triple {21844#(= 3 |setClientId_#in~handle|)} assume true; {21844#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:18,646 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {21844#(= 3 |setClientId_#in~handle|)} {21783#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1105#return; {21790#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:59:18,647 INFO L290 TraceCheckUtils]: 39: Hoare triple {21790#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {21790#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:59:18,647 INFO L272 TraceCheckUtils]: 40: Hoare triple {21790#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21842#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:18,648 INFO L290 TraceCheckUtils]: 41: Hoare triple {21842#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21845#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:18,648 INFO L290 TraceCheckUtils]: 42: Hoare triple {21845#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21846#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:18,648 INFO L290 TraceCheckUtils]: 43: Hoare triple {21846#(= |setClientPrivateKey_#in~handle| 1)} assume true; {21846#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:18,649 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {21846#(= |setClientPrivateKey_#in~handle| 1)} {21790#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1107#return; {21764#false} is VALID [2022-02-20 17:59:18,649 INFO L290 TraceCheckUtils]: 45: Hoare triple {21764#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {21764#false} is VALID [2022-02-20 17:59:18,649 INFO L290 TraceCheckUtils]: 46: Hoare triple {21764#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21764#false} is VALID [2022-02-20 17:59:18,649 INFO L290 TraceCheckUtils]: 47: Hoare triple {21764#false} assume !false; {21764#false} is VALID [2022-02-20 17:59:18,650 INFO L290 TraceCheckUtils]: 48: Hoare triple {21764#false} assume test_~splverifierCounter~0#1 < 4; {21764#false} is VALID [2022-02-20 17:59:18,650 INFO L290 TraceCheckUtils]: 49: Hoare triple {21764#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21764#false} is VALID [2022-02-20 17:59:18,650 INFO L290 TraceCheckUtils]: 50: Hoare triple {21764#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {21764#false} is VALID [2022-02-20 17:59:18,650 INFO L290 TraceCheckUtils]: 51: Hoare triple {21764#false} assume !(0 != test_~tmp___9~0#1); {21764#false} is VALID [2022-02-20 17:59:18,650 INFO L290 TraceCheckUtils]: 52: Hoare triple {21764#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {21764#false} is VALID [2022-02-20 17:59:18,650 INFO L290 TraceCheckUtils]: 53: Hoare triple {21764#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {21764#false} is VALID [2022-02-20 17:59:18,650 INFO L290 TraceCheckUtils]: 54: Hoare triple {21764#false} assume !false; {21764#false} is VALID [2022-02-20 17:59:18,650 INFO L290 TraceCheckUtils]: 55: Hoare triple {21764#false} assume !(test_~splverifierCounter~0#1 < 4); {21764#false} is VALID [2022-02-20 17:59:18,651 INFO L290 TraceCheckUtils]: 56: Hoare triple {21764#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {21764#false} is VALID [2022-02-20 17:59:18,651 INFO L272 TraceCheckUtils]: 57: Hoare triple {21764#false} call sendEmail(~bob~0, ~rjh~0); {21764#false} is VALID [2022-02-20 17:59:18,651 INFO L290 TraceCheckUtils]: 58: Hoare triple {21764#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21764#false} is VALID [2022-02-20 17:59:18,651 INFO L272 TraceCheckUtils]: 59: Hoare triple {21764#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21847#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:18,651 INFO L290 TraceCheckUtils]: 60: Hoare triple {21847#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,651 INFO L290 TraceCheckUtils]: 61: Hoare triple {21763#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,651 INFO L290 TraceCheckUtils]: 62: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,652 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {21763#true} {21764#false} #1083#return; {21764#false} is VALID [2022-02-20 17:59:18,652 INFO L272 TraceCheckUtils]: 64: Hoare triple {21764#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21848#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:18,652 INFO L290 TraceCheckUtils]: 65: Hoare triple {21848#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,652 INFO L290 TraceCheckUtils]: 66: Hoare triple {21763#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,652 INFO L290 TraceCheckUtils]: 67: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,652 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {21763#true} {21764#false} #1085#return; {21764#false} is VALID [2022-02-20 17:59:18,652 INFO L290 TraceCheckUtils]: 69: Hoare triple {21764#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {21764#false} is VALID [2022-02-20 17:59:18,653 INFO L290 TraceCheckUtils]: 70: Hoare triple {21764#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {21764#false} is VALID [2022-02-20 17:59:18,653 INFO L272 TraceCheckUtils]: 71: Hoare triple {21764#false} call outgoing(~sender#1, ~email~0#1); {21764#false} is VALID [2022-02-20 17:59:18,653 INFO L290 TraceCheckUtils]: 72: Hoare triple {21764#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {21764#false} is VALID [2022-02-20 17:59:18,653 INFO L272 TraceCheckUtils]: 73: Hoare triple {21764#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {21763#true} is VALID [2022-02-20 17:59:18,653 INFO L290 TraceCheckUtils]: 74: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21763#true} is VALID [2022-02-20 17:59:18,653 INFO L290 TraceCheckUtils]: 75: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21763#true} is VALID [2022-02-20 17:59:18,653 INFO L290 TraceCheckUtils]: 76: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,654 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {21763#true} {21764#false} #1015#return; {21764#false} is VALID [2022-02-20 17:59:18,654 INFO L290 TraceCheckUtils]: 78: Hoare triple {21764#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {21764#false} is VALID [2022-02-20 17:59:18,654 INFO L290 TraceCheckUtils]: 79: Hoare triple {21764#false} assume 0 == sign_~privkey~1#1; {21764#false} is VALID [2022-02-20 17:59:18,654 INFO L290 TraceCheckUtils]: 80: Hoare triple {21764#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {21764#false} is VALID [2022-02-20 17:59:18,654 INFO L272 TraceCheckUtils]: 81: Hoare triple {21764#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {21763#true} is VALID [2022-02-20 17:59:18,654 INFO L290 TraceCheckUtils]: 82: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~31; {21763#true} is VALID [2022-02-20 17:59:18,654 INFO L290 TraceCheckUtils]: 83: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {21763#true} is VALID [2022-02-20 17:59:18,654 INFO L290 TraceCheckUtils]: 84: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,655 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {21763#true} {21764#false} #1017#return; {21764#false} is VALID [2022-02-20 17:59:18,655 INFO L290 TraceCheckUtils]: 86: Hoare triple {21764#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {21764#false} is VALID [2022-02-20 17:59:18,655 INFO L272 TraceCheckUtils]: 87: Hoare triple {21764#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {21763#true} is VALID [2022-02-20 17:59:18,655 INFO L290 TraceCheckUtils]: 88: Hoare triple {21763#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {21763#true} is VALID [2022-02-20 17:59:18,655 INFO L290 TraceCheckUtils]: 89: Hoare triple {21763#true} assume 1 == ~handle; {21763#true} is VALID [2022-02-20 17:59:18,655 INFO L290 TraceCheckUtils]: 90: Hoare triple {21763#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {21763#true} is VALID [2022-02-20 17:59:18,655 INFO L290 TraceCheckUtils]: 91: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,656 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {21763#true} {21764#false} #1019#return; {21764#false} is VALID [2022-02-20 17:59:18,656 INFO L290 TraceCheckUtils]: 93: Hoare triple {21764#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {21764#false} is VALID [2022-02-20 17:59:18,656 INFO L290 TraceCheckUtils]: 94: Hoare triple {21764#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {21764#false} is VALID [2022-02-20 17:59:18,656 INFO L290 TraceCheckUtils]: 95: Hoare triple {21764#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {21764#false} is VALID [2022-02-20 17:59:18,656 INFO L290 TraceCheckUtils]: 96: Hoare triple {21764#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {21764#false} is VALID [2022-02-20 17:59:18,656 INFO L290 TraceCheckUtils]: 97: Hoare triple {21764#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {21764#false} is VALID [2022-02-20 17:59:18,656 INFO L272 TraceCheckUtils]: 98: Hoare triple {21764#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {21847#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:18,657 INFO L290 TraceCheckUtils]: 99: Hoare triple {21847#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21763#true} is VALID [2022-02-20 17:59:18,657 INFO L290 TraceCheckUtils]: 100: Hoare triple {21763#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21763#true} is VALID [2022-02-20 17:59:18,657 INFO L290 TraceCheckUtils]: 101: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,657 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {21763#true} {21764#false} #1025#return; {21764#false} is VALID [2022-02-20 17:59:18,657 INFO L290 TraceCheckUtils]: 103: Hoare triple {21764#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {21764#false} is VALID [2022-02-20 17:59:18,657 INFO L272 TraceCheckUtils]: 104: Hoare triple {21764#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {21763#true} is VALID [2022-02-20 17:59:18,657 INFO L290 TraceCheckUtils]: 105: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~36; {21763#true} is VALID [2022-02-20 17:59:18,658 INFO L290 TraceCheckUtils]: 106: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {21763#true} is VALID [2022-02-20 17:59:18,658 INFO L290 TraceCheckUtils]: 107: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,658 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {21763#true} {21764#false} #1027#return; {21764#false} is VALID [2022-02-20 17:59:18,658 INFO L290 TraceCheckUtils]: 109: Hoare triple {21764#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {21764#false} is VALID [2022-02-20 17:59:18,658 INFO L290 TraceCheckUtils]: 110: Hoare triple {21764#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {21764#false} is VALID [2022-02-20 17:59:18,659 INFO L272 TraceCheckUtils]: 111: Hoare triple {21764#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {21763#true} is VALID [2022-02-20 17:59:18,659 INFO L290 TraceCheckUtils]: 112: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~31; {21763#true} is VALID [2022-02-20 17:59:18,659 INFO L290 TraceCheckUtils]: 113: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {21763#true} is VALID [2022-02-20 17:59:18,659 INFO L290 TraceCheckUtils]: 114: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,659 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {21763#true} {21764#false} #1029#return; {21764#false} is VALID [2022-02-20 17:59:18,659 INFO L290 TraceCheckUtils]: 116: Hoare triple {21764#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {21764#false} is VALID [2022-02-20 17:59:18,659 INFO L272 TraceCheckUtils]: 117: Hoare triple {21764#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {21763#true} is VALID [2022-02-20 17:59:18,660 INFO L290 TraceCheckUtils]: 118: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~9; {21763#true} is VALID [2022-02-20 17:59:18,660 INFO L290 TraceCheckUtils]: 119: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {21763#true} is VALID [2022-02-20 17:59:18,660 INFO L290 TraceCheckUtils]: 120: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,660 INFO L284 TraceCheckUtils]: 121: Hoare quadruple {21763#true} {21764#false} #1031#return; {21764#false} is VALID [2022-02-20 17:59:18,660 INFO L290 TraceCheckUtils]: 122: Hoare triple {21764#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {21764#false} is VALID [2022-02-20 17:59:18,660 INFO L290 TraceCheckUtils]: 123: Hoare triple {21764#false} assume !(0 != incoming_~privkey~0#1); {21764#false} is VALID [2022-02-20 17:59:18,660 INFO L290 TraceCheckUtils]: 124: Hoare triple {21764#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {21764#false} is VALID [2022-02-20 17:59:18,661 INFO L290 TraceCheckUtils]: 125: Hoare triple {21764#false} assume 1 == ~sent_signed~0; {21764#false} is VALID [2022-02-20 17:59:18,661 INFO L272 TraceCheckUtils]: 126: Hoare triple {21764#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {21763#true} is VALID [2022-02-20 17:59:18,661 INFO L290 TraceCheckUtils]: 127: Hoare triple {21763#true} ~handle := #in~handle;havoc ~retValue_acc~30; {21763#true} is VALID [2022-02-20 17:59:18,661 INFO L290 TraceCheckUtils]: 128: Hoare triple {21763#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {21763#true} is VALID [2022-02-20 17:59:18,661 INFO L290 TraceCheckUtils]: 129: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,661 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {21763#true} {21764#false} #1043#return; {21764#false} is VALID [2022-02-20 17:59:18,661 INFO L290 TraceCheckUtils]: 131: Hoare triple {21764#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {21764#false} is VALID [2022-02-20 17:59:18,662 INFO L272 TraceCheckUtils]: 132: Hoare triple {21764#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {21763#true} is VALID [2022-02-20 17:59:18,662 INFO L290 TraceCheckUtils]: 133: Hoare triple {21763#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {21763#true} is VALID [2022-02-20 17:59:18,662 INFO L290 TraceCheckUtils]: 134: Hoare triple {21763#true} assume 1 == ~handle; {21763#true} is VALID [2022-02-20 17:59:18,662 INFO L290 TraceCheckUtils]: 135: Hoare triple {21763#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {21763#true} is VALID [2022-02-20 17:59:18,662 INFO L290 TraceCheckUtils]: 136: Hoare triple {21763#true} assume true; {21763#true} is VALID [2022-02-20 17:59:18,662 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {21763#true} {21764#false} #1045#return; {21764#false} is VALID [2022-02-20 17:59:18,662 INFO L290 TraceCheckUtils]: 138: Hoare triple {21764#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {21764#false} is VALID [2022-02-20 17:59:18,662 INFO L290 TraceCheckUtils]: 139: Hoare triple {21764#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {21764#false} is VALID [2022-02-20 17:59:18,663 INFO L272 TraceCheckUtils]: 140: Hoare triple {21764#false} call __automaton_fail(); {21764#false} is VALID [2022-02-20 17:59:18,663 INFO L290 TraceCheckUtils]: 141: Hoare triple {21764#false} assume !false; {21764#false} is VALID [2022-02-20 17:59:18,663 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2022-02-20 17:59:18,663 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:18,663 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [826807388] [2022-02-20 17:59:18,664 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [826807388] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:18,664 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:18,664 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:59:18,664 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [996568088] [2022-02-20 17:59:18,664 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:18,665 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 142 [2022-02-20 17:59:18,665 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:18,665 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:18,755 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:18,755 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:59:18,756 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:18,756 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:59:18,757 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:18,757 INFO L87 Difference]: Start difference. First operand 429 states and 645 transitions. Second operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:29,618 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:29,619 INFO L93 Difference]: Finished difference Result 1024 states and 1540 transitions. [2022-02-20 17:59:29,619 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 17:59:29,619 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 142 [2022-02-20 17:59:29,619 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:29,620 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:29,635 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1358 transitions. [2022-02-20 17:59:29,635 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:29,650 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 1358 transitions. [2022-02-20 17:59:29,651 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 1358 transitions. [2022-02-20 17:59:30,819 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1358 edges. 1358 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:30,845 INFO L225 Difference]: With dead ends: 1024 [2022-02-20 17:59:30,845 INFO L226 Difference]: Without dead ends: 622 [2022-02-20 17:59:30,846 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 59 GetRequests, 37 SyntacticMatches, 0 SemanticMatches, 22 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 71 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=112, Invalid=440, Unknown=0, NotChecked=0, Total=552 [2022-02-20 17:59:30,847 INFO L933 BasicCegarLoop]: 660 mSDtfsCounter, 1441 mSDsluCounter, 1132 mSDsCounter, 0 mSdLazyCounter, 4360 mSolverCounterSat, 627 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 5.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1441 SdHoareTripleChecker+Valid, 1792 SdHoareTripleChecker+Invalid, 4987 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 627 IncrementalHoareTripleChecker+Valid, 4360 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 5.2s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:30,847 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1441 Valid, 1792 Invalid, 4987 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [627 Valid, 4360 Invalid, 0 Unknown, 0 Unchecked, 5.2s Time] [2022-02-20 17:59:30,848 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 622 states. [2022-02-20 17:59:30,941 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 622 to 429. [2022-02-20 17:59:30,941 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:30,943 INFO L82 GeneralOperation]: Start isEquivalent. First operand 622 states. Second operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) [2022-02-20 17:59:30,943 INFO L74 IsIncluded]: Start isIncluded. First operand 622 states. Second operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) [2022-02-20 17:59:30,944 INFO L87 Difference]: Start difference. First operand 622 states. Second operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) [2022-02-20 17:59:30,971 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:30,971 INFO L93 Difference]: Finished difference Result 622 states and 932 transitions. [2022-02-20 17:59:30,971 INFO L276 IsEmpty]: Start isEmpty. Operand 622 states and 932 transitions. [2022-02-20 17:59:30,975 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:30,975 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:30,976 INFO L74 IsIncluded]: Start isIncluded. First operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) Second operand 622 states. [2022-02-20 17:59:30,977 INFO L87 Difference]: Start difference. First operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) Second operand 622 states. [2022-02-20 17:59:31,003 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:31,004 INFO L93 Difference]: Finished difference Result 622 states and 932 transitions. [2022-02-20 17:59:31,004 INFO L276 IsEmpty]: Start isEmpty. Operand 622 states and 932 transitions. [2022-02-20 17:59:31,015 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:31,015 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:31,015 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:31,015 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:31,016 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 429 states, 327 states have (on average 1.4984709480122325) internal successors, (490), 334 states have internal predecessors, (490), 75 states have call successors, (75), 24 states have call predecessors, (75), 26 states have return successors, (79), 72 states have call predecessors, (79), 72 states have call successors, (79) [2022-02-20 17:59:31,033 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 429 states to 429 states and 644 transitions. [2022-02-20 17:59:31,034 INFO L78 Accepts]: Start accepts. Automaton has 429 states and 644 transitions. Word has length 142 [2022-02-20 17:59:31,034 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:31,034 INFO L470 AbstractCegarLoop]: Abstraction has 429 states and 644 transitions. [2022-02-20 17:59:31,034 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 12 states, 11 states have (on average 7.909090909090909) internal successors, (87), 8 states have internal predecessors, (87), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:31,035 INFO L276 IsEmpty]: Start isEmpty. Operand 429 states and 644 transitions. [2022-02-20 17:59:31,037 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 144 [2022-02-20 17:59:31,037 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:31,037 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:31,037 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 17:59:31,037 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:31,038 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:31,038 INFO L85 PathProgramCache]: Analyzing trace with hash -1250543763, now seen corresponding path program 2 times [2022-02-20 17:59:31,038 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:31,038 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1626796684] [2022-02-20 17:59:31,038 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:31,038 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:31,082 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,120 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:31,121 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,123 INFO L290 TraceCheckUtils]: 0: Hoare triple {25284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,124 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,124 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,124 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25205#true} #1097#return; {25205#true} is VALID [2022-02-20 17:59:31,130 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:31,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,133 INFO L290 TraceCheckUtils]: 0: Hoare triple {25285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,133 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,133 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,133 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25205#true} #1099#return; {25205#true} is VALID [2022-02-20 17:59:31,133 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:31,135 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,137 INFO L290 TraceCheckUtils]: 0: Hoare triple {25284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,137 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume !(1 == ~handle); {25205#true} is VALID [2022-02-20 17:59:31,137 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,137 INFO L290 TraceCheckUtils]: 3: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,137 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25205#true} {25205#true} #1101#return; {25205#true} is VALID [2022-02-20 17:59:31,138 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:31,139 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,141 INFO L290 TraceCheckUtils]: 0: Hoare triple {25285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,141 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume !(1 == ~handle); {25205#true} is VALID [2022-02-20 17:59:31,141 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,141 INFO L290 TraceCheckUtils]: 3: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,141 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25205#true} {25205#true} #1103#return; {25205#true} is VALID [2022-02-20 17:59:31,142 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:31,143 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {25284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25286#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,158 INFO L290 TraceCheckUtils]: 1: Hoare triple {25286#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25286#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,159 INFO L290 TraceCheckUtils]: 2: Hoare triple {25286#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25286#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,159 INFO L290 TraceCheckUtils]: 3: Hoare triple {25286#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25287#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,160 INFO L290 TraceCheckUtils]: 4: Hoare triple {25287#(= 3 |setClientId_#in~handle|)} assume true; {25287#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,160 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25287#(= 3 |setClientId_#in~handle|)} {25225#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1105#return; {25232#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:31,160 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:31,162 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,180 INFO L290 TraceCheckUtils]: 0: Hoare triple {25285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25288#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:31,181 INFO L290 TraceCheckUtils]: 1: Hoare triple {25288#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {25288#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:31,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {25288#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25289#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:31,182 INFO L290 TraceCheckUtils]: 3: Hoare triple {25289#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {25289#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:31,182 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25289#(= 2 |setClientPrivateKey_#in~handle|)} {25232#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1107#return; {25206#false} is VALID [2022-02-20 17:59:31,190 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:59:31,191 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {25290#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,205 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,205 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25206#false} #1083#return; {25206#false} is VALID [2022-02-20 17:59:31,217 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 65 [2022-02-20 17:59:31,218 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,221 INFO L290 TraceCheckUtils]: 0: Hoare triple {25291#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,221 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,221 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,221 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25206#false} #1085#return; {25206#false} is VALID [2022-02-20 17:59:31,221 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 74 [2022-02-20 17:59:31,222 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,226 INFO L290 TraceCheckUtils]: 0: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25205#true} is VALID [2022-02-20 17:59:31,226 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25205#true} is VALID [2022-02-20 17:59:31,226 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,226 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25206#false} #1015#return; {25206#false} is VALID [2022-02-20 17:59:31,227 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 17:59:31,227 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,229 INFO L290 TraceCheckUtils]: 0: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~31; {25205#true} is VALID [2022-02-20 17:59:31,230 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {25205#true} is VALID [2022-02-20 17:59:31,230 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,230 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25206#false} #1017#return; {25206#false} is VALID [2022-02-20 17:59:31,230 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:59:31,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {25205#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {25205#true} is VALID [2022-02-20 17:59:31,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle; {25205#true} is VALID [2022-02-20 17:59:31,233 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {25205#true} is VALID [2022-02-20 17:59:31,233 INFO L290 TraceCheckUtils]: 3: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,233 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25205#true} {25206#false} #1019#return; {25206#false} is VALID [2022-02-20 17:59:31,233 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:59:31,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,235 INFO L290 TraceCheckUtils]: 0: Hoare triple {25290#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,235 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,236 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,236 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25206#false} #1025#return; {25206#false} is VALID [2022-02-20 17:59:31,236 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:59:31,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,238 INFO L290 TraceCheckUtils]: 0: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25205#true} is VALID [2022-02-20 17:59:31,238 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {25205#true} is VALID [2022-02-20 17:59:31,238 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,238 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25206#false} #1027#return; {25206#false} is VALID [2022-02-20 17:59:31,238 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:59:31,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,241 INFO L290 TraceCheckUtils]: 0: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~31; {25205#true} is VALID [2022-02-20 17:59:31,241 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {25205#true} is VALID [2022-02-20 17:59:31,241 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,241 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25206#false} #1029#return; {25206#false} is VALID [2022-02-20 17:59:31,241 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:59:31,242 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,243 INFO L290 TraceCheckUtils]: 0: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25205#true} is VALID [2022-02-20 17:59:31,244 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25205#true} is VALID [2022-02-20 17:59:31,244 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,244 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25206#false} #1031#return; {25206#false} is VALID [2022-02-20 17:59:31,244 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 127 [2022-02-20 17:59:31,245 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,246 INFO L290 TraceCheckUtils]: 0: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~30; {25205#true} is VALID [2022-02-20 17:59:31,246 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {25205#true} is VALID [2022-02-20 17:59:31,246 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,247 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25205#true} {25206#false} #1043#return; {25206#false} is VALID [2022-02-20 17:59:31,247 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 17:59:31,247 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:31,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {25205#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {25205#true} is VALID [2022-02-20 17:59:31,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume 1 == ~handle; {25205#true} is VALID [2022-02-20 17:59:31,250 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {25205#true} is VALID [2022-02-20 17:59:31,250 INFO L290 TraceCheckUtils]: 3: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,250 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25205#true} {25206#false} #1045#return; {25206#false} is VALID [2022-02-20 17:59:31,250 INFO L290 TraceCheckUtils]: 0: Hoare triple {25205#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(44, 4);call #Ultimate.allocInit(44, 5);call #Ultimate.allocInit(9, 6);call #Ultimate.allocInit(9, 7);call #Ultimate.allocInit(11, 8);call #Ultimate.allocInit(19, 9);call #Ultimate.allocInit(4, 10);call write~init~int(37, 10, 0, 1);call write~init~int(100, 10, 1, 1);call write~init~int(10, 10, 2, 1);call write~init~int(0, 10, 3, 1);call #Ultimate.allocInit(4, 11);call write~init~int(37, 11, 0, 1);call write~init~int(100, 11, 1, 1);call write~init~int(10, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(16, 25);call #Ultimate.allocInit(20, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(15, 30);call #Ultimate.allocInit(16, 31);call #Ultimate.allocInit(10, 32);call #Ultimate.allocInit(12, 33);call #Ultimate.allocInit(10, 34);call #Ultimate.allocInit(18, 35);call #Ultimate.allocInit(16, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(13, 38);call #Ultimate.allocInit(16, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(4, 41);call write~init~int(37, 41, 0, 1);call write~init~int(115, 41, 1, 1);call write~init~int(10, 41, 2, 1);call write~init~int(0, 41, 3, 1);~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~sent_signed~0 := -1;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0; {25205#true} is VALID [2022-02-20 17:59:31,251 INFO L290 TraceCheckUtils]: 1: Hoare triple {25205#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret14#1, main_~retValue_acc~17#1, main_~tmp~3#1;havoc main_~retValue_acc~17#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {25205#true} is VALID [2022-02-20 17:59:31,251 INFO L290 TraceCheckUtils]: 2: Hoare triple {25205#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25205#true} is VALID [2022-02-20 17:59:31,251 INFO L290 TraceCheckUtils]: 3: Hoare triple {25205#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~22#1;havoc valid_product_~retValue_acc~22#1;valid_product_~retValue_acc~22#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~22#1; {25205#true} is VALID [2022-02-20 17:59:31,251 INFO L290 TraceCheckUtils]: 4: Hoare triple {25205#true} main_#t~ret14#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret14#1 && main_#t~ret14#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret14#1;havoc main_#t~ret14#1; {25205#true} is VALID [2022-02-20 17:59:31,252 INFO L290 TraceCheckUtils]: 5: Hoare triple {25205#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet11#1, setup_#t~nondet12#1, setup_#t~nondet13#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset, setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset;havoc setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25205#true} is VALID [2022-02-20 17:59:31,252 INFO L272 TraceCheckUtils]: 6: Hoare triple {25205#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,253 INFO L290 TraceCheckUtils]: 7: Hoare triple {25284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,253 INFO L290 TraceCheckUtils]: 8: Hoare triple {25205#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,253 INFO L290 TraceCheckUtils]: 9: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,253 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25205#true} {25205#true} #1097#return; {25205#true} is VALID [2022-02-20 17:59:31,253 INFO L290 TraceCheckUtils]: 11: Hoare triple {25205#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25205#true} is VALID [2022-02-20 17:59:31,254 INFO L272 TraceCheckUtils]: 12: Hoare triple {25205#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:31,254 INFO L290 TraceCheckUtils]: 13: Hoare triple {25285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,254 INFO L290 TraceCheckUtils]: 14: Hoare triple {25205#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,254 INFO L290 TraceCheckUtils]: 15: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,254 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25205#true} {25205#true} #1099#return; {25205#true} is VALID [2022-02-20 17:59:31,254 INFO L290 TraceCheckUtils]: 17: Hoare triple {25205#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 6, 0;havoc setup_#t~nondet11#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25205#true} is VALID [2022-02-20 17:59:31,255 INFO L272 TraceCheckUtils]: 18: Hoare triple {25205#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,255 INFO L290 TraceCheckUtils]: 19: Hoare triple {25284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,255 INFO L290 TraceCheckUtils]: 20: Hoare triple {25205#true} assume !(1 == ~handle); {25205#true} is VALID [2022-02-20 17:59:31,256 INFO L290 TraceCheckUtils]: 21: Hoare triple {25205#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,256 INFO L290 TraceCheckUtils]: 22: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,256 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25205#true} {25205#true} #1101#return; {25205#true} is VALID [2022-02-20 17:59:31,256 INFO L290 TraceCheckUtils]: 24: Hoare triple {25205#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25205#true} is VALID [2022-02-20 17:59:31,257 INFO L272 TraceCheckUtils]: 25: Hoare triple {25205#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:31,257 INFO L290 TraceCheckUtils]: 26: Hoare triple {25285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,257 INFO L290 TraceCheckUtils]: 27: Hoare triple {25205#true} assume !(1 == ~handle); {25205#true} is VALID [2022-02-20 17:59:31,257 INFO L290 TraceCheckUtils]: 28: Hoare triple {25205#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,257 INFO L290 TraceCheckUtils]: 29: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,257 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25205#true} {25205#true} #1103#return; {25205#true} is VALID [2022-02-20 17:59:31,258 INFO L290 TraceCheckUtils]: 31: Hoare triple {25205#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~0#1.base, setup_~__cil_tmp2~0#1.offset := 7, 0;havoc setup_#t~nondet12#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25225#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:31,259 INFO L272 TraceCheckUtils]: 32: Hoare triple {25225#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:31,259 INFO L290 TraceCheckUtils]: 33: Hoare triple {25284#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25286#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,259 INFO L290 TraceCheckUtils]: 34: Hoare triple {25286#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25286#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,260 INFO L290 TraceCheckUtils]: 35: Hoare triple {25286#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25286#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,260 INFO L290 TraceCheckUtils]: 36: Hoare triple {25286#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25287#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,260 INFO L290 TraceCheckUtils]: 37: Hoare triple {25287#(= 3 |setClientId_#in~handle|)} assume true; {25287#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:31,261 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {25287#(= 3 |setClientId_#in~handle|)} {25225#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1105#return; {25232#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:31,261 INFO L290 TraceCheckUtils]: 39: Hoare triple {25232#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} assume { :end_inline_setup_chuck__wrappee__Base } true; {25232#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} is VALID [2022-02-20 17:59:31,262 INFO L272 TraceCheckUtils]: 40: Hoare triple {25232#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:31,262 INFO L290 TraceCheckUtils]: 41: Hoare triple {25285#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25288#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:31,263 INFO L290 TraceCheckUtils]: 42: Hoare triple {25288#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume !(1 == ~handle); {25288#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:31,263 INFO L290 TraceCheckUtils]: 43: Hoare triple {25288#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25289#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:31,263 INFO L290 TraceCheckUtils]: 44: Hoare triple {25289#(= 2 |setClientPrivateKey_#in~handle|)} assume true; {25289#(= 2 |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:31,264 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {25289#(= 2 |setClientPrivateKey_#in~handle|)} {25232#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 2))} #1107#return; {25206#false} is VALID [2022-02-20 17:59:31,264 INFO L290 TraceCheckUtils]: 46: Hoare triple {25206#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~1#1.base, setup_~__cil_tmp3~1#1.offset := 8, 0;havoc setup_#t~nondet13#1; {25206#false} is VALID [2022-02-20 17:59:31,264 INFO L290 TraceCheckUtils]: 47: Hoare triple {25206#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet50#1, test_#t~nondet51#1, test_#t~nondet52#1, test_#t~nondet53#1, test_#t~nondet54#1, test_#t~nondet55#1, test_#t~nondet56#1, test_#t~nondet57#1, test_#t~nondet58#1, test_#t~nondet59#1, test_#t~nondet60#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~1#1, test_~tmp___2~0#1, test_~tmp___3~0#1, test_~tmp___4~0#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~1#1;havoc test_~tmp___2~0#1;havoc test_~tmp___3~0#1;havoc test_~tmp___4~0#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25206#false} is VALID [2022-02-20 17:59:31,264 INFO L290 TraceCheckUtils]: 48: Hoare triple {25206#false} assume !false; {25206#false} is VALID [2022-02-20 17:59:31,265 INFO L290 TraceCheckUtils]: 49: Hoare triple {25206#false} assume test_~splverifierCounter~0#1 < 4; {25206#false} is VALID [2022-02-20 17:59:31,265 INFO L290 TraceCheckUtils]: 50: Hoare triple {25206#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25206#false} is VALID [2022-02-20 17:59:31,265 INFO L290 TraceCheckUtils]: 51: Hoare triple {25206#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {25206#false} is VALID [2022-02-20 17:59:31,265 INFO L290 TraceCheckUtils]: 52: Hoare triple {25206#false} assume !(0 != test_~tmp___9~0#1); {25206#false} is VALID [2022-02-20 17:59:31,265 INFO L290 TraceCheckUtils]: 53: Hoare triple {25206#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet51#1 && test_#t~nondet51#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet51#1;havoc test_#t~nondet51#1; {25206#false} is VALID [2022-02-20 17:59:31,265 INFO L290 TraceCheckUtils]: 54: Hoare triple {25206#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {25206#false} is VALID [2022-02-20 17:59:31,265 INFO L290 TraceCheckUtils]: 55: Hoare triple {25206#false} assume !false; {25206#false} is VALID [2022-02-20 17:59:31,266 INFO L290 TraceCheckUtils]: 56: Hoare triple {25206#false} assume !(test_~splverifierCounter~0#1 < 4); {25206#false} is VALID [2022-02-20 17:59:31,266 INFO L290 TraceCheckUtils]: 57: Hoare triple {25206#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret6#1, bobToRjh_#t~ret7#1, bobToRjh_#t~ret8#1, bobToRjh_#t~ret9#1, bobToRjh_~tmp~2#1, bobToRjh_~tmp___0~0#1, bobToRjh_~tmp___1~0#1;havoc bobToRjh_~tmp~2#1;havoc bobToRjh_~tmp___0~0#1;havoc bobToRjh_~tmp___1~0#1;call bobToRjh_#t~ret6#1 := puts(4, 0);assume -2147483648 <= bobToRjh_#t~ret6#1 && bobToRjh_#t~ret6#1 <= 2147483647;havoc bobToRjh_#t~ret6#1; {25206#false} is VALID [2022-02-20 17:59:31,266 INFO L272 TraceCheckUtils]: 58: Hoare triple {25206#false} call sendEmail(~bob~0, ~rjh~0); {25206#false} is VALID [2022-02-20 17:59:31,266 INFO L290 TraceCheckUtils]: 59: Hoare triple {25206#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~15#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~42#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~42#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25206#false} is VALID [2022-02-20 17:59:31,266 INFO L272 TraceCheckUtils]: 60: Hoare triple {25206#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25290#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:31,266 INFO L290 TraceCheckUtils]: 61: Hoare triple {25290#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,266 INFO L290 TraceCheckUtils]: 62: Hoare triple {25205#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,267 INFO L290 TraceCheckUtils]: 63: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,267 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {25205#true} {25206#false} #1083#return; {25206#false} is VALID [2022-02-20 17:59:31,267 INFO L272 TraceCheckUtils]: 65: Hoare triple {25206#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25291#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:31,267 INFO L290 TraceCheckUtils]: 66: Hoare triple {25291#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,267 INFO L290 TraceCheckUtils]: 67: Hoare triple {25205#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,267 INFO L290 TraceCheckUtils]: 68: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,267 INFO L284 TraceCheckUtils]: 69: Hoare quadruple {25205#true} {25206#false} #1085#return; {25206#false} is VALID [2022-02-20 17:59:31,267 INFO L290 TraceCheckUtils]: 70: Hoare triple {25206#false} createEmail_~retValue_acc~42#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~42#1; {25206#false} is VALID [2022-02-20 17:59:31,268 INFO L290 TraceCheckUtils]: 71: Hoare triple {25206#false} #t~ret73#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret73#1 && #t~ret73#1 <= 2147483647;~tmp~15#1 := #t~ret73#1;havoc #t~ret73#1;~email~0#1 := ~tmp~15#1; {25206#false} is VALID [2022-02-20 17:59:31,268 INFO L272 TraceCheckUtils]: 72: Hoare triple {25206#false} call outgoing(~sender#1, ~email~0#1); {25206#false} is VALID [2022-02-20 17:59:31,268 INFO L290 TraceCheckUtils]: 73: Hoare triple {25206#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret75#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~16#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~16#1; {25206#false} is VALID [2022-02-20 17:59:31,268 INFO L272 TraceCheckUtils]: 74: Hoare triple {25206#false} call sign_#t~ret75#1 := getClientPrivateKey(sign_~client#1); {25205#true} is VALID [2022-02-20 17:59:31,268 INFO L290 TraceCheckUtils]: 75: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25205#true} is VALID [2022-02-20 17:59:31,268 INFO L290 TraceCheckUtils]: 76: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25205#true} is VALID [2022-02-20 17:59:31,268 INFO L290 TraceCheckUtils]: 77: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,269 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {25205#true} {25206#false} #1015#return; {25206#false} is VALID [2022-02-20 17:59:31,269 INFO L290 TraceCheckUtils]: 79: Hoare triple {25206#false} assume -2147483648 <= sign_#t~ret75#1 && sign_#t~ret75#1 <= 2147483647;sign_~tmp~16#1 := sign_#t~ret75#1;havoc sign_#t~ret75#1;sign_~privkey~1#1 := sign_~tmp~16#1; {25206#false} is VALID [2022-02-20 17:59:31,269 INFO L290 TraceCheckUtils]: 80: Hoare triple {25206#false} assume 0 == sign_~privkey~1#1; {25206#false} is VALID [2022-02-20 17:59:31,269 INFO L290 TraceCheckUtils]: 81: Hoare triple {25206#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__Encrypt } true;outgoing__wrappee__Encrypt_#in~client#1, outgoing__wrappee__Encrypt_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1, outgoing__wrappee__Encrypt_#t~ret65#1, outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1, outgoing__wrappee__Encrypt_~receiver~0#1, outgoing__wrappee__Encrypt_~tmp~11#1, outgoing__wrappee__Encrypt_~pubkey~0#1, outgoing__wrappee__Encrypt_~tmp___0~3#1;outgoing__wrappee__Encrypt_~client#1 := outgoing__wrappee__Encrypt_#in~client#1;outgoing__wrappee__Encrypt_~msg#1 := outgoing__wrappee__Encrypt_#in~msg#1;havoc outgoing__wrappee__Encrypt_~receiver~0#1;havoc outgoing__wrappee__Encrypt_~tmp~11#1;havoc outgoing__wrappee__Encrypt_~pubkey~0#1;havoc outgoing__wrappee__Encrypt_~tmp___0~3#1; {25206#false} is VALID [2022-02-20 17:59:31,269 INFO L272 TraceCheckUtils]: 82: Hoare triple {25206#false} call outgoing__wrappee__Encrypt_#t~ret64#1 := getEmailTo(outgoing__wrappee__Encrypt_~msg#1); {25205#true} is VALID [2022-02-20 17:59:31,269 INFO L290 TraceCheckUtils]: 83: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~31; {25205#true} is VALID [2022-02-20 17:59:31,269 INFO L290 TraceCheckUtils]: 84: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {25205#true} is VALID [2022-02-20 17:59:31,270 INFO L290 TraceCheckUtils]: 85: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,270 INFO L284 TraceCheckUtils]: 86: Hoare quadruple {25205#true} {25206#false} #1017#return; {25206#false} is VALID [2022-02-20 17:59:31,270 INFO L290 TraceCheckUtils]: 87: Hoare triple {25206#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret64#1 && outgoing__wrappee__Encrypt_#t~ret64#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp~11#1 := outgoing__wrappee__Encrypt_#t~ret64#1;havoc outgoing__wrappee__Encrypt_#t~ret64#1;outgoing__wrappee__Encrypt_~receiver~0#1 := outgoing__wrappee__Encrypt_~tmp~11#1; {25206#false} is VALID [2022-02-20 17:59:31,270 INFO L272 TraceCheckUtils]: 88: Hoare triple {25206#false} call outgoing__wrappee__Encrypt_#t~ret65#1 := findPublicKey(outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~receiver~0#1); {25205#true} is VALID [2022-02-20 17:59:31,270 INFO L290 TraceCheckUtils]: 89: Hoare triple {25205#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {25205#true} is VALID [2022-02-20 17:59:31,270 INFO L290 TraceCheckUtils]: 90: Hoare triple {25205#true} assume 1 == ~handle; {25205#true} is VALID [2022-02-20 17:59:31,270 INFO L290 TraceCheckUtils]: 91: Hoare triple {25205#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {25205#true} is VALID [2022-02-20 17:59:31,271 INFO L290 TraceCheckUtils]: 92: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,271 INFO L284 TraceCheckUtils]: 93: Hoare quadruple {25205#true} {25206#false} #1019#return; {25206#false} is VALID [2022-02-20 17:59:31,271 INFO L290 TraceCheckUtils]: 94: Hoare triple {25206#false} assume -2147483648 <= outgoing__wrappee__Encrypt_#t~ret65#1 && outgoing__wrappee__Encrypt_#t~ret65#1 <= 2147483647;outgoing__wrappee__Encrypt_~tmp___0~3#1 := outgoing__wrappee__Encrypt_#t~ret65#1;havoc outgoing__wrappee__Encrypt_#t~ret65#1;outgoing__wrappee__Encrypt_~pubkey~0#1 := outgoing__wrappee__Encrypt_~tmp___0~3#1; {25206#false} is VALID [2022-02-20 17:59:31,271 INFO L290 TraceCheckUtils]: 95: Hoare triple {25206#false} assume !(0 != outgoing__wrappee__Encrypt_~pubkey~0#1); {25206#false} is VALID [2022-02-20 17:59:31,271 INFO L290 TraceCheckUtils]: 96: Hoare triple {25206#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := outgoing__wrappee__Encrypt_~client#1, outgoing__wrappee__Encrypt_~msg#1;havoc outgoing__wrappee__Keys_#t~ret63#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~10#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~16#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~16#1; {25206#false} is VALID [2022-02-20 17:59:31,271 INFO L290 TraceCheckUtils]: 97: Hoare triple {25206#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~16#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~16#1; {25206#false} is VALID [2022-02-20 17:59:31,271 INFO L290 TraceCheckUtils]: 98: Hoare triple {25206#false} outgoing__wrappee__Keys_#t~ret63#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret63#1 && outgoing__wrappee__Keys_#t~ret63#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~10#1 := outgoing__wrappee__Keys_#t~ret63#1;havoc outgoing__wrappee__Keys_#t~ret63#1; {25206#false} is VALID [2022-02-20 17:59:31,271 INFO L272 TraceCheckUtils]: 99: Hoare triple {25206#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~10#1); {25290#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:31,272 INFO L290 TraceCheckUtils]: 100: Hoare triple {25290#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25205#true} is VALID [2022-02-20 17:59:31,272 INFO L290 TraceCheckUtils]: 101: Hoare triple {25205#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25205#true} is VALID [2022-02-20 17:59:31,272 INFO L290 TraceCheckUtils]: 102: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,272 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {25205#true} {25206#false} #1025#return; {25206#false} is VALID [2022-02-20 17:59:31,272 INFO L290 TraceCheckUtils]: 104: Hoare triple {25206#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret61#1, mail_#t~ret62#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~9#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~9#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1, __utac_acc__SignVerify_spec__1_#t~ret84#1, __utac_acc__SignVerify_spec__1_#t~nondet85#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret83#1 := puts(28, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret83#1 && __utac_acc__SignVerify_spec__1_#t~ret83#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret83#1; {25206#false} is VALID [2022-02-20 17:59:31,272 INFO L272 TraceCheckUtils]: 105: Hoare triple {25206#false} call __utac_acc__SignVerify_spec__1_#t~ret84#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {25205#true} is VALID [2022-02-20 17:59:31,272 INFO L290 TraceCheckUtils]: 106: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~36; {25205#true} is VALID [2022-02-20 17:59:31,273 INFO L290 TraceCheckUtils]: 107: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~36 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~36; {25205#true} is VALID [2022-02-20 17:59:31,273 INFO L290 TraceCheckUtils]: 108: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,273 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {25205#true} {25206#false} #1027#return; {25206#false} is VALID [2022-02-20 17:59:31,273 INFO L290 TraceCheckUtils]: 110: Hoare triple {25206#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret84#1 && __utac_acc__SignVerify_spec__1_#t~ret84#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret84#1;havoc __utac_acc__SignVerify_spec__1_#t~ret84#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~1#1.offset := 29, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet85#1; {25206#false} is VALID [2022-02-20 17:59:31,273 INFO L290 TraceCheckUtils]: 111: Hoare triple {25206#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret61#1 := puts(24, 0);assume -2147483648 <= mail_#t~ret61#1 && mail_#t~ret61#1 <= 2147483647;havoc mail_#t~ret61#1; {25206#false} is VALID [2022-02-20 17:59:31,273 INFO L272 TraceCheckUtils]: 112: Hoare triple {25206#false} call mail_#t~ret62#1 := getEmailTo(mail_~msg#1); {25205#true} is VALID [2022-02-20 17:59:31,273 INFO L290 TraceCheckUtils]: 113: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~31; {25205#true} is VALID [2022-02-20 17:59:31,274 INFO L290 TraceCheckUtils]: 114: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~31 := ~__ste_email_to0~0;#res := ~retValue_acc~31; {25205#true} is VALID [2022-02-20 17:59:31,274 INFO L290 TraceCheckUtils]: 115: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,274 INFO L284 TraceCheckUtils]: 116: Hoare quadruple {25205#true} {25206#false} #1029#return; {25206#false} is VALID [2022-02-20 17:59:31,274 INFO L290 TraceCheckUtils]: 117: Hoare triple {25206#false} assume -2147483648 <= mail_#t~ret62#1 && mail_#t~ret62#1 <= 2147483647;mail_~tmp~9#1 := mail_#t~ret62#1;havoc mail_#t~ret62#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~9#1, mail_~msg#1;havoc incoming_#t~ret68#1, incoming_#t~ret69#1, incoming_#t~ret70#1, incoming_#t~ret71#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~13#1, incoming_~tmp___0~4#1, incoming_~tmp___1~2#1, incoming_~tmp___2~1#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~13#1;havoc incoming_~tmp___0~4#1;havoc incoming_~tmp___1~2#1;havoc incoming_~tmp___2~1#1; {25206#false} is VALID [2022-02-20 17:59:31,274 INFO L272 TraceCheckUtils]: 118: Hoare triple {25206#false} call incoming_#t~ret68#1 := getClientPrivateKey(incoming_~client#1); {25205#true} is VALID [2022-02-20 17:59:31,274 INFO L290 TraceCheckUtils]: 119: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~9; {25205#true} is VALID [2022-02-20 17:59:31,274 INFO L290 TraceCheckUtils]: 120: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~9 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~9; {25205#true} is VALID [2022-02-20 17:59:31,275 INFO L290 TraceCheckUtils]: 121: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,275 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {25205#true} {25206#false} #1031#return; {25206#false} is VALID [2022-02-20 17:59:31,275 INFO L290 TraceCheckUtils]: 123: Hoare triple {25206#false} assume -2147483648 <= incoming_#t~ret68#1 && incoming_#t~ret68#1 <= 2147483647;incoming_~tmp~13#1 := incoming_#t~ret68#1;havoc incoming_#t~ret68#1;incoming_~privkey~0#1 := incoming_~tmp~13#1; {25206#false} is VALID [2022-02-20 17:59:31,275 INFO L290 TraceCheckUtils]: 124: Hoare triple {25206#false} assume !(0 != incoming_~privkey~0#1); {25206#false} is VALID [2022-02-20 17:59:31,275 INFO L290 TraceCheckUtils]: 125: Hoare triple {25206#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret77#1, verify_#t~ret78#1, verify_#t~ret79#1, verify_#t~ret80#1, verify_#t~ret81#1, verify_#t~ret82#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~17#1, verify_~tmp___0~5#1, verify_~pubkey~1#1, verify_~tmp___1~3#1, verify_~tmp___2~2#1, verify_~tmp___3~1#1, verify_~tmp___4~1#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~17#1;havoc verify_~tmp___0~5#1;havoc verify_~pubkey~1#1;havoc verify_~tmp___1~3#1;havoc verify_~tmp___2~2#1;havoc verify_~tmp___3~1#1;havoc verify_~tmp___4~1#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1, __utac_acc__SignVerify_spec__2_#t~nondet87#1, __utac_acc__SignVerify_spec__2_#t~ret88#1, __utac_acc__SignVerify_spec__2_#t~ret89#1, __utac_acc__SignVerify_spec__2_#t~ret90#1, __utac_acc__SignVerify_spec__2_#t~ret91#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~2#1, __utac_acc__SignVerify_spec__2_~tmp~18#1, __utac_acc__SignVerify_spec__2_~tmp___0~6#1, __utac_acc__SignVerify_spec__2_~tmp___1~4#1, __utac_acc__SignVerify_spec__2_~tmp___2~3#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~2#1;havoc __utac_acc__SignVerify_spec__2_~tmp~18#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~6#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~4#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~3#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret86#1 := puts(30, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret86#1 && __utac_acc__SignVerify_spec__2_#t~ret86#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret86#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~5#1.offset := 31, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet87#1; {25206#false} is VALID [2022-02-20 17:59:31,275 INFO L290 TraceCheckUtils]: 126: Hoare triple {25206#false} assume 1 == ~sent_signed~0; {25206#false} is VALID [2022-02-20 17:59:31,275 INFO L272 TraceCheckUtils]: 127: Hoare triple {25206#false} call __utac_acc__SignVerify_spec__2_#t~ret88#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {25205#true} is VALID [2022-02-20 17:59:31,276 INFO L290 TraceCheckUtils]: 128: Hoare triple {25205#true} ~handle := #in~handle;havoc ~retValue_acc~30; {25205#true} is VALID [2022-02-20 17:59:31,276 INFO L290 TraceCheckUtils]: 129: Hoare triple {25205#true} assume 1 == ~handle;~retValue_acc~30 := ~__ste_email_from0~0;#res := ~retValue_acc~30; {25205#true} is VALID [2022-02-20 17:59:31,276 INFO L290 TraceCheckUtils]: 130: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,276 INFO L284 TraceCheckUtils]: 131: Hoare quadruple {25205#true} {25206#false} #1043#return; {25206#false} is VALID [2022-02-20 17:59:31,276 INFO L290 TraceCheckUtils]: 132: Hoare triple {25206#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret88#1 && __utac_acc__SignVerify_spec__2_#t~ret88#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~18#1 := __utac_acc__SignVerify_spec__2_#t~ret88#1;havoc __utac_acc__SignVerify_spec__2_#t~ret88#1; {25206#false} is VALID [2022-02-20 17:59:31,276 INFO L272 TraceCheckUtils]: 133: Hoare triple {25206#false} call __utac_acc__SignVerify_spec__2_#t~ret89#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~18#1); {25205#true} is VALID [2022-02-20 17:59:31,276 INFO L290 TraceCheckUtils]: 134: Hoare triple {25205#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~14; {25205#true} is VALID [2022-02-20 17:59:31,277 INFO L290 TraceCheckUtils]: 135: Hoare triple {25205#true} assume 1 == ~handle; {25205#true} is VALID [2022-02-20 17:59:31,277 INFO L290 TraceCheckUtils]: 136: Hoare triple {25205#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~14 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~14; {25205#true} is VALID [2022-02-20 17:59:31,277 INFO L290 TraceCheckUtils]: 137: Hoare triple {25205#true} assume true; {25205#true} is VALID [2022-02-20 17:59:31,277 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {25205#true} {25206#false} #1045#return; {25206#false} is VALID [2022-02-20 17:59:31,277 INFO L290 TraceCheckUtils]: 139: Hoare triple {25206#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret89#1 && __utac_acc__SignVerify_spec__2_#t~ret89#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~6#1 := __utac_acc__SignVerify_spec__2_#t~ret89#1;havoc __utac_acc__SignVerify_spec__2_#t~ret89#1;__utac_acc__SignVerify_spec__2_~pubkey~2#1 := __utac_acc__SignVerify_spec__2_~tmp___0~6#1; {25206#false} is VALID [2022-02-20 17:59:31,277 INFO L290 TraceCheckUtils]: 140: Hoare triple {25206#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~2#1; {25206#false} is VALID [2022-02-20 17:59:31,277 INFO L272 TraceCheckUtils]: 141: Hoare triple {25206#false} call __automaton_fail(); {25206#false} is VALID [2022-02-20 17:59:31,277 INFO L290 TraceCheckUtils]: 142: Hoare triple {25206#false} assume !false; {25206#false} is VALID [2022-02-20 17:59:31,278 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 14 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2022-02-20 17:59:31,278 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:31,278 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1626796684] [2022-02-20 17:59:31,278 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1626796684] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:31,278 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:31,279 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:59:31,279 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1495800404] [2022-02-20 17:59:31,279 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:31,280 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.0) internal successors, (88), 8 states have internal predecessors, (88), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) Word has length 143 [2022-02-20 17:59:31,280 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:31,280 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.0) internal successors, (88), 8 states have internal predecessors, (88), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17) [2022-02-20 17:59:31,362 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 125 edges. 125 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:31,362 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:59:31,362 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:31,363 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:59:31,363 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:31,363 INFO L87 Difference]: Start difference. First operand 429 states and 644 transitions. Second operand has 12 states, 11 states have (on average 8.0) internal successors, (88), 8 states have internal predecessors, (88), 4 states have call successors, (20), 6 states have call predecessors, (20), 3 states have return successors, (17), 3 states have call predecessors, (17), 4 states have call successors, (17)