./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/email_spec3_product34.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/email_spec3_product34.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 34d763a2f472f3a687bfbf36d5640fefeb493025c54d66615a1e88fff5fbc163 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 17:58:41,207 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 17:58:41,231 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 17:58:41,279 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 17:58:41,280 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 17:58:41,283 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 17:58:41,284 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 17:58:41,287 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 17:58:41,289 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 17:58:41,293 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 17:58:41,294 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 17:58:41,295 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 17:58:41,295 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 17:58:41,297 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 17:58:41,299 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 17:58:41,301 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 17:58:41,302 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 17:58:41,303 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 17:58:41,305 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 17:58:41,310 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 17:58:41,312 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 17:58:41,313 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 17:58:41,314 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 17:58:41,315 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 17:58:41,321 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 17:58:41,322 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 17:58:41,322 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 17:58:41,323 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 17:58:41,324 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 17:58:41,325 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 17:58:41,325 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 17:58:41,326 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 17:58:41,327 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 17:58:41,328 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 17:58:41,329 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 17:58:41,329 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 17:58:41,330 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 17:58:41,330 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 17:58:41,330 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 17:58:41,331 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 17:58:41,332 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 17:58:41,334 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 17:58:41,362 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 17:58:41,362 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 17:58:41,363 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 17:58:41,363 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 17:58:41,364 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 17:58:41,364 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 17:58:41,365 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 17:58:41,365 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 17:58:41,365 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 17:58:41,365 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 17:58:41,366 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 17:58:41,366 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 17:58:41,367 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 17:58:41,367 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 17:58:41,367 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 17:58:41,367 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 17:58:41,368 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 17:58:41,368 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 17:58:41,368 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 17:58:41,368 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 17:58:41,368 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 17:58:41,369 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 17:58:41,369 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 17:58:41,369 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 17:58:41,369 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:41,370 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 17:58:41,370 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 17:58:41,371 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 17:58:41,371 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 17:58:41,372 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 17:58:41,372 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 17:58:41,372 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 17:58:41,372 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 17:58:41,373 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 34d763a2f472f3a687bfbf36d5640fefeb493025c54d66615a1e88fff5fbc163 [2022-02-20 17:58:41,597 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 17:58:41,623 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 17:58:41,625 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 17:58:41,626 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 17:58:41,627 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 17:58:41,628 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/email_spec3_product34.cil.c [2022-02-20 17:58:41,673 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/48b45108f/7bc296170b8c4e1391c2a128ff6bb690/FLAG71deadf53 [2022-02-20 17:58:42,157 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 17:58:42,158 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product34.cil.c [2022-02-20 17:58:42,180 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/48b45108f/7bc296170b8c4e1391c2a128ff6bb690/FLAG71deadf53 [2022-02-20 17:58:42,468 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/48b45108f/7bc296170b8c4e1391c2a128ff6bb690 [2022-02-20 17:58:42,470 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 17:58:42,472 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 17:58:42,476 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:42,476 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 17:58:42,481 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 17:58:42,483 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:42" (1/1) ... [2022-02-20 17:58:42,484 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@d0633f6 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:42, skipping insertion in model container [2022-02-20 17:58:42,485 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 05:58:42" (1/1) ... [2022-02-20 17:58:42,490 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 17:58:42,558 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 17:58:43,067 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product34.cil.c[43803,43816] [2022-02-20 17:58:43,152 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:43,172 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 17:58:43,250 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/email_spec3_product34.cil.c[43803,43816] [2022-02-20 17:58:43,273 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 17:58:43,304 INFO L208 MainTranslator]: Completed translation [2022-02-20 17:58:43,305 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43 WrapperNode [2022-02-20 17:58:43,305 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 17:58:43,306 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:43,307 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 17:58:43,307 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 17:58:43,313 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,342 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,432 INFO L137 Inliner]: procedures = 135, calls = 246, calls flagged for inlining = 62, calls inlined = 59, statements flattened = 1128 [2022-02-20 17:58:43,434 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 17:58:43,435 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 17:58:43,435 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 17:58:43,435 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 17:58:43,442 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,443 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,455 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,459 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,487 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,517 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,522 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,538 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 17:58:43,543 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 17:58:43,544 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 17:58:43,544 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 17:58:43,548 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (1/1) ... [2022-02-20 17:58:43,554 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 17:58:43,565 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:43,621 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 17:58:43,625 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 17:58:43,654 INFO L130 BoogieDeclarations]: Found specification of procedure getClientPrivateKey [2022-02-20 17:58:43,654 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientPrivateKey [2022-02-20 17:58:43,654 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookSize [2022-02-20 17:58:43,655 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookSize [2022-02-20 17:58:43,655 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailEncryptionKey [2022-02-20 17:58:43,655 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailEncryptionKey [2022-02-20 17:58:43,655 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookAddress [2022-02-20 17:58:43,655 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookAddress [2022-02-20 17:58:43,658 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailEncryptionKey [2022-02-20 17:58:43,659 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailEncryptionKey [2022-02-20 17:58:43,659 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailTo [2022-02-20 17:58:43,659 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailTo [2022-02-20 17:58:43,660 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailFrom [2022-02-20 17:58:43,660 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailFrom [2022-02-20 17:58:43,660 INFO L130 BoogieDeclarations]: Found specification of procedure isReadable [2022-02-20 17:58:43,660 INFO L138 BoogieDeclarations]: Found implementation of procedure isReadable [2022-02-20 17:58:43,660 INFO L130 BoogieDeclarations]: Found specification of procedure createClientKeyringEntry [2022-02-20 17:58:43,660 INFO L138 BoogieDeclarations]: Found implementation of procedure createClientKeyringEntry [2022-02-20 17:58:43,660 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailIsEncrypted [2022-02-20 17:58:43,661 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailIsEncrypted [2022-02-20 17:58:43,661 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailSignKey [2022-02-20 17:58:43,661 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailSignKey [2022-02-20 17:58:43,661 INFO L130 BoogieDeclarations]: Found specification of procedure chuckKeyAdd [2022-02-20 17:58:43,661 INFO L138 BoogieDeclarations]: Found implementation of procedure chuckKeyAdd [2022-02-20 17:58:43,661 INFO L130 BoogieDeclarations]: Found specification of procedure puts [2022-02-20 17:58:43,661 INFO L130 BoogieDeclarations]: Found specification of procedure getEmailFrom [2022-02-20 17:58:43,662 INFO L138 BoogieDeclarations]: Found implementation of procedure getEmailFrom [2022-02-20 17:58:43,662 INFO L130 BoogieDeclarations]: Found specification of procedure setClientId [2022-02-20 17:58:43,662 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientId [2022-02-20 17:58:43,662 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 17:58:43,662 INFO L130 BoogieDeclarations]: Found specification of procedure isSigned [2022-02-20 17:58:43,662 INFO L138 BoogieDeclarations]: Found implementation of procedure isSigned [2022-02-20 17:58:43,663 INFO L130 BoogieDeclarations]: Found specification of procedure isKeyPairValid [2022-02-20 17:58:43,663 INFO L138 BoogieDeclarations]: Found implementation of procedure isKeyPairValid [2022-02-20 17:58:43,663 INFO L130 BoogieDeclarations]: Found specification of procedure setClientAddressBookSize [2022-02-20 17:58:43,663 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientAddressBookSize [2022-02-20 17:58:43,663 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringUser [2022-02-20 17:58:43,663 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringUser [2022-02-20 17:58:43,663 INFO L130 BoogieDeclarations]: Found specification of procedure __automaton_fail [2022-02-20 17:58:43,664 INFO L138 BoogieDeclarations]: Found implementation of procedure __automaton_fail [2022-02-20 17:58:43,664 INFO L130 BoogieDeclarations]: Found specification of procedure setClientKeyringPublicKey [2022-02-20 17:58:43,664 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientKeyringPublicKey [2022-02-20 17:58:43,664 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing [2022-02-20 17:58:43,664 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing [2022-02-20 17:58:43,665 INFO L130 BoogieDeclarations]: Found specification of procedure outgoing__wrappee__Encrypt [2022-02-20 17:58:43,665 INFO L138 BoogieDeclarations]: Found implementation of procedure outgoing__wrappee__Encrypt [2022-02-20 17:58:43,665 INFO L130 BoogieDeclarations]: Found specification of procedure findPublicKey [2022-02-20 17:58:43,665 INFO L138 BoogieDeclarations]: Found implementation of procedure findPublicKey [2022-02-20 17:58:43,665 INFO L130 BoogieDeclarations]: Found specification of procedure sendEmail [2022-02-20 17:58:43,665 INFO L138 BoogieDeclarations]: Found implementation of procedure sendEmail [2022-02-20 17:58:43,665 INFO L130 BoogieDeclarations]: Found specification of procedure isEncrypted [2022-02-20 17:58:43,666 INFO L138 BoogieDeclarations]: Found implementation of procedure isEncrypted [2022-02-20 17:58:43,666 INFO L130 BoogieDeclarations]: Found specification of procedure setClientPrivateKey [2022-02-20 17:58:43,666 INFO L138 BoogieDeclarations]: Found implementation of procedure setClientPrivateKey [2022-02-20 17:58:43,666 INFO L130 BoogieDeclarations]: Found specification of procedure setEmailTo [2022-02-20 17:58:43,667 INFO L138 BoogieDeclarations]: Found implementation of procedure setEmailTo [2022-02-20 17:58:43,668 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 17:58:43,668 INFO L130 BoogieDeclarations]: Found specification of procedure generateKeyPair [2022-02-20 17:58:43,669 INFO L138 BoogieDeclarations]: Found implementation of procedure generateKeyPair [2022-02-20 17:58:43,669 INFO L130 BoogieDeclarations]: Found specification of procedure getClientAddressBookAddress [2022-02-20 17:58:43,669 INFO L138 BoogieDeclarations]: Found implementation of procedure getClientAddressBookAddress [2022-02-20 17:58:43,670 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 17:58:43,670 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 17:58:43,934 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 17:58:43,936 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 17:58:44,743 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 17:58:44,761 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 17:58:44,762 INFO L299 CfgBuilder]: Removed 1 assume(true) statements. [2022-02-20 17:58:44,764 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:44 BoogieIcfgContainer [2022-02-20 17:58:44,764 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 17:58:44,765 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 17:58:44,765 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 17:58:44,769 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 17:58:44,769 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 05:58:42" (1/3) ... [2022-02-20 17:58:44,770 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6e5aed1c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:44, skipping insertion in model container [2022-02-20 17:58:44,770 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 05:58:43" (2/3) ... [2022-02-20 17:58:44,770 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6e5aed1c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 05:58:44, skipping insertion in model container [2022-02-20 17:58:44,770 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 05:58:44" (3/3) ... [2022-02-20 17:58:44,771 INFO L111 eAbstractionObserver]: Analyzing ICFG email_spec3_product34.cil.c [2022-02-20 17:58:44,775 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 17:58:44,775 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 17:58:44,820 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 17:58:44,826 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 17:58:44,826 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 17:58:44,871 INFO L276 IsEmpty]: Start isEmpty. Operand has 458 states, 351 states have (on average 1.5327635327635327) internal successors, (538), 358 states have internal predecessors, (538), 76 states have call successors, (76), 29 states have call predecessors, (76), 29 states have return successors, (76), 74 states have call predecessors, (76), 76 states have call successors, (76) [2022-02-20 17:58:44,886 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 140 [2022-02-20 17:58:44,887 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:44,888 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:44,888 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:44,892 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:44,892 INFO L85 PathProgramCache]: Analyzing trace with hash 1281673911, now seen corresponding path program 1 times [2022-02-20 17:58:44,901 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:44,901 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [731252924] [2022-02-20 17:58:44,901 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:44,902 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:45,138 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,297 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:45,305 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,334 INFO L290 TraceCheckUtils]: 0: Hoare triple {538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,335 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,335 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,336 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {461#true} #1358#return; {461#true} is VALID [2022-02-20 17:58:45,343 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:45,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,353 INFO L290 TraceCheckUtils]: 0: Hoare triple {539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,354 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,354 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,354 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {461#true} #1360#return; {461#true} is VALID [2022-02-20 17:58:45,355 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:45,359 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,382 INFO L290 TraceCheckUtils]: 0: Hoare triple {538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {540#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:45,383 INFO L290 TraceCheckUtils]: 1: Hoare triple {540#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:45,383 INFO L290 TraceCheckUtils]: 2: Hoare triple {541#(= |setClientId_#in~handle| 1)} assume true; {541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:45,384 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {541#(= |setClientId_#in~handle| 1)} {471#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1362#return; {462#false} is VALID [2022-02-20 17:58:45,385 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:45,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,402 INFO L290 TraceCheckUtils]: 0: Hoare triple {539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,405 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,405 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,405 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1364#return; {462#false} is VALID [2022-02-20 17:58:45,406 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:45,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,412 INFO L290 TraceCheckUtils]: 0: Hoare triple {538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,412 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,412 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,412 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1366#return; {462#false} is VALID [2022-02-20 17:58:45,414 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:45,416 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,420 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,420 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1368#return; {462#false} is VALID [2022-02-20 17:58:45,431 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 47 [2022-02-20 17:58:45,432 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,437 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,438 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1344#return; {462#false} is VALID [2022-02-20 17:58:45,451 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 52 [2022-02-20 17:58:45,455 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,465 INFO L290 TraceCheckUtils]: 0: Hoare triple {543#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,466 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,466 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,466 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1346#return; {462#false} is VALID [2022-02-20 17:58:45,466 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:45,468 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,473 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~10; {461#true} is VALID [2022-02-20 17:58:45,473 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {461#true} is VALID [2022-02-20 17:58:45,473 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,473 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1258#return; {462#false} is VALID [2022-02-20 17:58:45,474 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:58:45,476 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,480 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~4; {461#true} is VALID [2022-02-20 17:58:45,480 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {461#true} is VALID [2022-02-20 17:58:45,480 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,480 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1260#return; {462#false} is VALID [2022-02-20 17:58:45,481 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:58:45,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,489 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~33; {461#true} is VALID [2022-02-20 17:58:45,490 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {461#true} is VALID [2022-02-20 17:58:45,490 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,490 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1278#return; {462#false} is VALID [2022-02-20 17:58:45,490 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:58:45,494 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,497 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {461#true} is VALID [2022-02-20 17:58:45,497 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle; {461#true} is VALID [2022-02-20 17:58:45,497 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {461#true} is VALID [2022-02-20 17:58:45,497 INFO L290 TraceCheckUtils]: 3: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,500 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {461#true} {462#false} #1280#return; {462#false} is VALID [2022-02-20 17:58:45,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 95 [2022-02-20 17:58:45,502 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,506 INFO L290 TraceCheckUtils]: 0: Hoare triple {542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,506 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,506 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,506 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1286#return; {462#false} is VALID [2022-02-20 17:58:45,506 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:58:45,508 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,512 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~38; {461#true} is VALID [2022-02-20 17:58:45,512 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {461#true} is VALID [2022-02-20 17:58:45,512 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,513 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1288#return; {462#false} is VALID [2022-02-20 17:58:45,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:58:45,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,517 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~33; {461#true} is VALID [2022-02-20 17:58:45,517 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {461#true} is VALID [2022-02-20 17:58:45,519 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,520 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1290#return; {462#false} is VALID [2022-02-20 17:58:45,520 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:58:45,521 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,525 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~10; {461#true} is VALID [2022-02-20 17:58:45,526 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {461#true} is VALID [2022-02-20 17:58:45,526 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,526 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1292#return; {462#false} is VALID [2022-02-20 17:58:45,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:58:45,528 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,530 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~32; {461#true} is VALID [2022-02-20 17:58:45,530 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {461#true} is VALID [2022-02-20 17:58:45,531 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,531 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {461#true} {462#false} #1304#return; {462#false} is VALID [2022-02-20 17:58:45,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:58:45,532 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {461#true} is VALID [2022-02-20 17:58:45,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume 1 == ~handle; {461#true} is VALID [2022-02-20 17:58:45,536 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {461#true} is VALID [2022-02-20 17:58:45,536 INFO L290 TraceCheckUtils]: 3: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,536 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {461#true} {462#false} #1306#return; {462#false} is VALID [2022-02-20 17:58:45,541 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {461#true} is VALID [2022-02-20 17:58:45,543 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {461#true} is VALID [2022-02-20 17:58:45,543 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {461#true} is VALID [2022-02-20 17:58:45,544 INFO L290 TraceCheckUtils]: 3: Hoare triple {461#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {461#true} is VALID [2022-02-20 17:58:45,544 INFO L290 TraceCheckUtils]: 4: Hoare triple {461#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {461#true} is VALID [2022-02-20 17:58:45,544 INFO L290 TraceCheckUtils]: 5: Hoare triple {461#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {461#true} is VALID [2022-02-20 17:58:45,546 INFO L272 TraceCheckUtils]: 6: Hoare triple {461#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:45,546 INFO L290 TraceCheckUtils]: 7: Hoare triple {538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,546 INFO L290 TraceCheckUtils]: 8: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,546 INFO L290 TraceCheckUtils]: 9: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,547 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {461#true} {461#true} #1358#return; {461#true} is VALID [2022-02-20 17:58:45,547 INFO L290 TraceCheckUtils]: 11: Hoare triple {461#true} assume { :end_inline_setup_bob__wrappee__Base } true; {461#true} is VALID [2022-02-20 17:58:45,548 INFO L272 TraceCheckUtils]: 12: Hoare triple {461#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:45,548 INFO L290 TraceCheckUtils]: 13: Hoare triple {539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,548 INFO L290 TraceCheckUtils]: 14: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,548 INFO L290 TraceCheckUtils]: 15: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,549 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {461#true} {461#true} #1360#return; {461#true} is VALID [2022-02-20 17:58:45,550 INFO L290 TraceCheckUtils]: 17: Hoare triple {461#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {471#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:45,551 INFO L272 TraceCheckUtils]: 18: Hoare triple {471#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:45,551 INFO L290 TraceCheckUtils]: 19: Hoare triple {538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {540#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:45,552 INFO L290 TraceCheckUtils]: 20: Hoare triple {540#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:45,552 INFO L290 TraceCheckUtils]: 21: Hoare triple {541#(= |setClientId_#in~handle| 1)} assume true; {541#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:45,553 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {541#(= |setClientId_#in~handle| 1)} {471#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1362#return; {462#false} is VALID [2022-02-20 17:58:45,553 INFO L290 TraceCheckUtils]: 23: Hoare triple {462#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {462#false} is VALID [2022-02-20 17:58:45,553 INFO L272 TraceCheckUtils]: 24: Hoare triple {462#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:45,553 INFO L290 TraceCheckUtils]: 25: Hoare triple {539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,554 INFO L290 TraceCheckUtils]: 26: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,554 INFO L290 TraceCheckUtils]: 27: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,554 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {461#true} {462#false} #1364#return; {462#false} is VALID [2022-02-20 17:58:45,554 INFO L290 TraceCheckUtils]: 29: Hoare triple {462#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {462#false} is VALID [2022-02-20 17:58:45,555 INFO L272 TraceCheckUtils]: 30: Hoare triple {462#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:45,555 INFO L290 TraceCheckUtils]: 31: Hoare triple {538#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,555 INFO L290 TraceCheckUtils]: 32: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,555 INFO L290 TraceCheckUtils]: 33: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,556 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {461#true} {462#false} #1366#return; {462#false} is VALID [2022-02-20 17:58:45,556 INFO L290 TraceCheckUtils]: 35: Hoare triple {462#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {462#false} is VALID [2022-02-20 17:58:45,556 INFO L272 TraceCheckUtils]: 36: Hoare triple {462#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:45,556 INFO L290 TraceCheckUtils]: 37: Hoare triple {539#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,557 INFO L290 TraceCheckUtils]: 38: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,557 INFO L290 TraceCheckUtils]: 39: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,557 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {461#true} {462#false} #1368#return; {462#false} is VALID [2022-02-20 17:58:45,557 INFO L290 TraceCheckUtils]: 41: Hoare triple {462#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {462#false} is VALID [2022-02-20 17:58:45,558 INFO L290 TraceCheckUtils]: 42: Hoare triple {462#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {462#false} is VALID [2022-02-20 17:58:45,558 INFO L290 TraceCheckUtils]: 43: Hoare triple {462#false} assume !true; {462#false} is VALID [2022-02-20 17:58:45,558 INFO L290 TraceCheckUtils]: 44: Hoare triple {462#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {462#false} is VALID [2022-02-20 17:58:45,558 INFO L272 TraceCheckUtils]: 45: Hoare triple {462#false} call sendEmail(~bob~0, ~rjh~0); {462#false} is VALID [2022-02-20 17:58:45,559 INFO L290 TraceCheckUtils]: 46: Hoare triple {462#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {462#false} is VALID [2022-02-20 17:58:45,559 INFO L272 TraceCheckUtils]: 47: Hoare triple {462#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:45,559 INFO L290 TraceCheckUtils]: 48: Hoare triple {542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,559 INFO L290 TraceCheckUtils]: 49: Hoare triple {461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,560 INFO L290 TraceCheckUtils]: 50: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,560 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {461#true} {462#false} #1344#return; {462#false} is VALID [2022-02-20 17:58:45,560 INFO L272 TraceCheckUtils]: 52: Hoare triple {462#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {543#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:45,560 INFO L290 TraceCheckUtils]: 53: Hoare triple {543#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,560 INFO L290 TraceCheckUtils]: 54: Hoare triple {461#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,561 INFO L290 TraceCheckUtils]: 55: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,561 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {461#true} {462#false} #1346#return; {462#false} is VALID [2022-02-20 17:58:45,561 INFO L290 TraceCheckUtils]: 57: Hoare triple {462#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {462#false} is VALID [2022-02-20 17:58:45,561 INFO L290 TraceCheckUtils]: 58: Hoare triple {462#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {462#false} is VALID [2022-02-20 17:58:45,562 INFO L272 TraceCheckUtils]: 59: Hoare triple {462#false} call outgoing(~sender#1, ~email~0#1); {462#false} is VALID [2022-02-20 17:58:45,562 INFO L290 TraceCheckUtils]: 60: Hoare triple {462#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {462#false} is VALID [2022-02-20 17:58:45,562 INFO L272 TraceCheckUtils]: 61: Hoare triple {462#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {461#true} is VALID [2022-02-20 17:58:45,562 INFO L290 TraceCheckUtils]: 62: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~10; {461#true} is VALID [2022-02-20 17:58:45,562 INFO L290 TraceCheckUtils]: 63: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {461#true} is VALID [2022-02-20 17:58:45,563 INFO L290 TraceCheckUtils]: 64: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,563 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {461#true} {462#false} #1258#return; {462#false} is VALID [2022-02-20 17:58:45,563 INFO L290 TraceCheckUtils]: 66: Hoare triple {462#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {462#false} is VALID [2022-02-20 17:58:45,563 INFO L290 TraceCheckUtils]: 67: Hoare triple {462#false} assume 0 == sign_~privkey~1#1; {462#false} is VALID [2022-02-20 17:58:45,564 INFO L290 TraceCheckUtils]: 68: Hoare triple {462#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {462#false} is VALID [2022-02-20 17:58:45,564 INFO L272 TraceCheckUtils]: 69: Hoare triple {462#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {461#true} is VALID [2022-02-20 17:58:45,564 INFO L290 TraceCheckUtils]: 70: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~4; {461#true} is VALID [2022-02-20 17:58:45,564 INFO L290 TraceCheckUtils]: 71: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {461#true} is VALID [2022-02-20 17:58:45,565 INFO L290 TraceCheckUtils]: 72: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,565 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {461#true} {462#false} #1260#return; {462#false} is VALID [2022-02-20 17:58:45,565 INFO L290 TraceCheckUtils]: 74: Hoare triple {462#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {462#false} is VALID [2022-02-20 17:58:45,565 INFO L290 TraceCheckUtils]: 75: Hoare triple {462#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {462#false} is VALID [2022-02-20 17:58:45,566 INFO L272 TraceCheckUtils]: 76: Hoare triple {462#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {462#false} is VALID [2022-02-20 17:58:45,566 INFO L290 TraceCheckUtils]: 77: Hoare triple {462#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {462#false} is VALID [2022-02-20 17:58:45,566 INFO L272 TraceCheckUtils]: 78: Hoare triple {462#false} call #t~ret38#1 := getEmailTo(~msg#1); {461#true} is VALID [2022-02-20 17:58:45,566 INFO L290 TraceCheckUtils]: 79: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~33; {461#true} is VALID [2022-02-20 17:58:45,566 INFO L290 TraceCheckUtils]: 80: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {461#true} is VALID [2022-02-20 17:58:45,567 INFO L290 TraceCheckUtils]: 81: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,567 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {461#true} {462#false} #1278#return; {462#false} is VALID [2022-02-20 17:58:45,567 INFO L290 TraceCheckUtils]: 83: Hoare triple {462#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {462#false} is VALID [2022-02-20 17:58:45,567 INFO L272 TraceCheckUtils]: 84: Hoare triple {462#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {461#true} is VALID [2022-02-20 17:58:45,567 INFO L290 TraceCheckUtils]: 85: Hoare triple {461#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {461#true} is VALID [2022-02-20 17:58:45,568 INFO L290 TraceCheckUtils]: 86: Hoare triple {461#true} assume 1 == ~handle; {461#true} is VALID [2022-02-20 17:58:45,568 INFO L290 TraceCheckUtils]: 87: Hoare triple {461#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {461#true} is VALID [2022-02-20 17:58:45,568 INFO L290 TraceCheckUtils]: 88: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,568 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {461#true} {462#false} #1280#return; {462#false} is VALID [2022-02-20 17:58:45,569 INFO L290 TraceCheckUtils]: 90: Hoare triple {462#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {462#false} is VALID [2022-02-20 17:58:45,569 INFO L290 TraceCheckUtils]: 91: Hoare triple {462#false} assume !(0 != ~pubkey~1#1); {462#false} is VALID [2022-02-20 17:58:45,569 INFO L290 TraceCheckUtils]: 92: Hoare triple {462#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {462#false} is VALID [2022-02-20 17:58:45,569 INFO L290 TraceCheckUtils]: 93: Hoare triple {462#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {462#false} is VALID [2022-02-20 17:58:45,570 INFO L290 TraceCheckUtils]: 94: Hoare triple {462#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {462#false} is VALID [2022-02-20 17:58:45,570 INFO L272 TraceCheckUtils]: 95: Hoare triple {462#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:45,570 INFO L290 TraceCheckUtils]: 96: Hoare triple {542#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:45,570 INFO L290 TraceCheckUtils]: 97: Hoare triple {461#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:45,570 INFO L290 TraceCheckUtils]: 98: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,571 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {461#true} {462#false} #1286#return; {462#false} is VALID [2022-02-20 17:58:45,576 INFO L290 TraceCheckUtils]: 100: Hoare triple {462#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {462#false} is VALID [2022-02-20 17:58:45,577 INFO L272 TraceCheckUtils]: 101: Hoare triple {462#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {461#true} is VALID [2022-02-20 17:58:45,577 INFO L290 TraceCheckUtils]: 102: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~38; {461#true} is VALID [2022-02-20 17:58:45,577 INFO L290 TraceCheckUtils]: 103: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {461#true} is VALID [2022-02-20 17:58:45,577 INFO L290 TraceCheckUtils]: 104: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,577 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {461#true} {462#false} #1288#return; {462#false} is VALID [2022-02-20 17:58:45,578 INFO L290 TraceCheckUtils]: 106: Hoare triple {462#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {462#false} is VALID [2022-02-20 17:58:45,578 INFO L290 TraceCheckUtils]: 107: Hoare triple {462#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {462#false} is VALID [2022-02-20 17:58:45,578 INFO L272 TraceCheckUtils]: 108: Hoare triple {462#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {461#true} is VALID [2022-02-20 17:58:45,578 INFO L290 TraceCheckUtils]: 109: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~33; {461#true} is VALID [2022-02-20 17:58:45,578 INFO L290 TraceCheckUtils]: 110: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {461#true} is VALID [2022-02-20 17:58:45,579 INFO L290 TraceCheckUtils]: 111: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,579 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {461#true} {462#false} #1290#return; {462#false} is VALID [2022-02-20 17:58:45,579 INFO L290 TraceCheckUtils]: 113: Hoare triple {462#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {462#false} is VALID [2022-02-20 17:58:45,579 INFO L272 TraceCheckUtils]: 114: Hoare triple {462#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {461#true} is VALID [2022-02-20 17:58:45,580 INFO L290 TraceCheckUtils]: 115: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~10; {461#true} is VALID [2022-02-20 17:58:45,580 INFO L290 TraceCheckUtils]: 116: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {461#true} is VALID [2022-02-20 17:58:45,582 INFO L290 TraceCheckUtils]: 117: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,582 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {461#true} {462#false} #1292#return; {462#false} is VALID [2022-02-20 17:58:45,583 INFO L290 TraceCheckUtils]: 119: Hoare triple {462#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {462#false} is VALID [2022-02-20 17:58:45,583 INFO L290 TraceCheckUtils]: 120: Hoare triple {462#false} assume !(0 != incoming_~privkey~0#1); {462#false} is VALID [2022-02-20 17:58:45,583 INFO L290 TraceCheckUtils]: 121: Hoare triple {462#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {462#false} is VALID [2022-02-20 17:58:45,583 INFO L290 TraceCheckUtils]: 122: Hoare triple {462#false} assume 1 == ~sent_signed~0; {462#false} is VALID [2022-02-20 17:58:45,584 INFO L272 TraceCheckUtils]: 123: Hoare triple {462#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {461#true} is VALID [2022-02-20 17:58:45,584 INFO L290 TraceCheckUtils]: 124: Hoare triple {461#true} ~handle := #in~handle;havoc ~retValue_acc~32; {461#true} is VALID [2022-02-20 17:58:45,584 INFO L290 TraceCheckUtils]: 125: Hoare triple {461#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {461#true} is VALID [2022-02-20 17:58:45,584 INFO L290 TraceCheckUtils]: 126: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,584 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {461#true} {462#false} #1304#return; {462#false} is VALID [2022-02-20 17:58:45,584 INFO L290 TraceCheckUtils]: 128: Hoare triple {462#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {462#false} is VALID [2022-02-20 17:58:45,585 INFO L272 TraceCheckUtils]: 129: Hoare triple {462#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {461#true} is VALID [2022-02-20 17:58:45,585 INFO L290 TraceCheckUtils]: 130: Hoare triple {461#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {461#true} is VALID [2022-02-20 17:58:45,585 INFO L290 TraceCheckUtils]: 131: Hoare triple {461#true} assume 1 == ~handle; {461#true} is VALID [2022-02-20 17:58:45,585 INFO L290 TraceCheckUtils]: 132: Hoare triple {461#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {461#true} is VALID [2022-02-20 17:58:45,585 INFO L290 TraceCheckUtils]: 133: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:45,585 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {461#true} {462#false} #1306#return; {462#false} is VALID [2022-02-20 17:58:45,586 INFO L290 TraceCheckUtils]: 135: Hoare triple {462#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {462#false} is VALID [2022-02-20 17:58:45,586 INFO L290 TraceCheckUtils]: 136: Hoare triple {462#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {462#false} is VALID [2022-02-20 17:58:45,586 INFO L272 TraceCheckUtils]: 137: Hoare triple {462#false} call __automaton_fail(); {462#false} is VALID [2022-02-20 17:58:45,586 INFO L290 TraceCheckUtils]: 138: Hoare triple {462#false} assume !false; {462#false} is VALID [2022-02-20 17:58:45,587 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 35 trivial. 0 not checked. [2022-02-20 17:58:45,587 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:45,588 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [731252924] [2022-02-20 17:58:45,588 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [731252924] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:45,588 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [791307067] [2022-02-20 17:58:45,589 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:45,589 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:45,589 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:45,593 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:45,594 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 17:58:45,944 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:45,951 INFO L263 TraceCheckSpWp]: Trace formula consists of 1293 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 17:58:46,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:46,053 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:46,440 INFO L290 TraceCheckUtils]: 0: Hoare triple {461#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {461#true} is VALID [2022-02-20 17:58:46,441 INFO L290 TraceCheckUtils]: 1: Hoare triple {461#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {461#true} is VALID [2022-02-20 17:58:46,441 INFO L290 TraceCheckUtils]: 2: Hoare triple {461#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {461#true} is VALID [2022-02-20 17:58:46,441 INFO L290 TraceCheckUtils]: 3: Hoare triple {461#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {461#true} is VALID [2022-02-20 17:58:46,441 INFO L290 TraceCheckUtils]: 4: Hoare triple {461#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {461#true} is VALID [2022-02-20 17:58:46,441 INFO L290 TraceCheckUtils]: 5: Hoare triple {461#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {461#true} is VALID [2022-02-20 17:58:46,441 INFO L272 TraceCheckUtils]: 6: Hoare triple {461#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {461#true} is VALID [2022-02-20 17:58:46,442 INFO L290 TraceCheckUtils]: 7: Hoare triple {461#true} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:46,442 INFO L290 TraceCheckUtils]: 8: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:46,442 INFO L290 TraceCheckUtils]: 9: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:46,442 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {461#true} {461#true} #1358#return; {461#true} is VALID [2022-02-20 17:58:46,442 INFO L290 TraceCheckUtils]: 11: Hoare triple {461#true} assume { :end_inline_setup_bob__wrappee__Base } true; {461#true} is VALID [2022-02-20 17:58:46,442 INFO L272 TraceCheckUtils]: 12: Hoare triple {461#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {461#true} is VALID [2022-02-20 17:58:46,442 INFO L290 TraceCheckUtils]: 13: Hoare triple {461#true} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:46,443 INFO L290 TraceCheckUtils]: 14: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:46,443 INFO L290 TraceCheckUtils]: 15: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:46,443 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {461#true} {461#true} #1360#return; {461#true} is VALID [2022-02-20 17:58:46,443 INFO L290 TraceCheckUtils]: 17: Hoare triple {461#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {461#true} is VALID [2022-02-20 17:58:46,443 INFO L272 TraceCheckUtils]: 18: Hoare triple {461#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {461#true} is VALID [2022-02-20 17:58:46,443 INFO L290 TraceCheckUtils]: 19: Hoare triple {461#true} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:46,443 INFO L290 TraceCheckUtils]: 20: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:46,444 INFO L290 TraceCheckUtils]: 21: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:46,444 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {461#true} {461#true} #1362#return; {461#true} is VALID [2022-02-20 17:58:46,444 INFO L290 TraceCheckUtils]: 23: Hoare triple {461#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {461#true} is VALID [2022-02-20 17:58:46,444 INFO L272 TraceCheckUtils]: 24: Hoare triple {461#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {461#true} is VALID [2022-02-20 17:58:46,444 INFO L290 TraceCheckUtils]: 25: Hoare triple {461#true} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:46,444 INFO L290 TraceCheckUtils]: 26: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:46,444 INFO L290 TraceCheckUtils]: 27: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:46,445 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {461#true} {461#true} #1364#return; {461#true} is VALID [2022-02-20 17:58:46,445 INFO L290 TraceCheckUtils]: 29: Hoare triple {461#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {461#true} is VALID [2022-02-20 17:58:46,445 INFO L272 TraceCheckUtils]: 30: Hoare triple {461#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {461#true} is VALID [2022-02-20 17:58:46,445 INFO L290 TraceCheckUtils]: 31: Hoare triple {461#true} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:46,445 INFO L290 TraceCheckUtils]: 32: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:46,445 INFO L290 TraceCheckUtils]: 33: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:46,445 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {461#true} {461#true} #1366#return; {461#true} is VALID [2022-02-20 17:58:46,446 INFO L290 TraceCheckUtils]: 35: Hoare triple {461#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {461#true} is VALID [2022-02-20 17:58:46,446 INFO L272 TraceCheckUtils]: 36: Hoare triple {461#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {461#true} is VALID [2022-02-20 17:58:46,446 INFO L290 TraceCheckUtils]: 37: Hoare triple {461#true} ~handle := #in~handle;~value := #in~value; {461#true} is VALID [2022-02-20 17:58:46,446 INFO L290 TraceCheckUtils]: 38: Hoare triple {461#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {461#true} is VALID [2022-02-20 17:58:46,446 INFO L290 TraceCheckUtils]: 39: Hoare triple {461#true} assume true; {461#true} is VALID [2022-02-20 17:58:46,446 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {461#true} {461#true} #1368#return; {461#true} is VALID [2022-02-20 17:58:46,446 INFO L290 TraceCheckUtils]: 41: Hoare triple {461#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {461#true} is VALID [2022-02-20 17:58:46,447 INFO L290 TraceCheckUtils]: 42: Hoare triple {461#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {461#true} is VALID [2022-02-20 17:58:46,450 INFO L290 TraceCheckUtils]: 43: Hoare triple {461#true} assume !true; {462#false} is VALID [2022-02-20 17:58:46,450 INFO L290 TraceCheckUtils]: 44: Hoare triple {462#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {462#false} is VALID [2022-02-20 17:58:46,450 INFO L272 TraceCheckUtils]: 45: Hoare triple {462#false} call sendEmail(~bob~0, ~rjh~0); {462#false} is VALID [2022-02-20 17:58:46,450 INFO L290 TraceCheckUtils]: 46: Hoare triple {462#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {462#false} is VALID [2022-02-20 17:58:46,450 INFO L272 TraceCheckUtils]: 47: Hoare triple {462#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {462#false} is VALID [2022-02-20 17:58:46,451 INFO L290 TraceCheckUtils]: 48: Hoare triple {462#false} ~handle := #in~handle;~value := #in~value; {462#false} is VALID [2022-02-20 17:58:46,451 INFO L290 TraceCheckUtils]: 49: Hoare triple {462#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {462#false} is VALID [2022-02-20 17:58:46,451 INFO L290 TraceCheckUtils]: 50: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,451 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {462#false} {462#false} #1344#return; {462#false} is VALID [2022-02-20 17:58:46,451 INFO L272 TraceCheckUtils]: 52: Hoare triple {462#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {462#false} is VALID [2022-02-20 17:58:46,451 INFO L290 TraceCheckUtils]: 53: Hoare triple {462#false} ~handle := #in~handle;~value := #in~value; {462#false} is VALID [2022-02-20 17:58:46,451 INFO L290 TraceCheckUtils]: 54: Hoare triple {462#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {462#false} is VALID [2022-02-20 17:58:46,452 INFO L290 TraceCheckUtils]: 55: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,452 INFO L284 TraceCheckUtils]: 56: Hoare quadruple {462#false} {462#false} #1346#return; {462#false} is VALID [2022-02-20 17:58:46,452 INFO L290 TraceCheckUtils]: 57: Hoare triple {462#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {462#false} is VALID [2022-02-20 17:58:46,452 INFO L290 TraceCheckUtils]: 58: Hoare triple {462#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {462#false} is VALID [2022-02-20 17:58:46,452 INFO L272 TraceCheckUtils]: 59: Hoare triple {462#false} call outgoing(~sender#1, ~email~0#1); {462#false} is VALID [2022-02-20 17:58:46,452 INFO L290 TraceCheckUtils]: 60: Hoare triple {462#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {462#false} is VALID [2022-02-20 17:58:46,452 INFO L272 TraceCheckUtils]: 61: Hoare triple {462#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {462#false} is VALID [2022-02-20 17:58:46,453 INFO L290 TraceCheckUtils]: 62: Hoare triple {462#false} ~handle := #in~handle;havoc ~retValue_acc~10; {462#false} is VALID [2022-02-20 17:58:46,453 INFO L290 TraceCheckUtils]: 63: Hoare triple {462#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {462#false} is VALID [2022-02-20 17:58:46,453 INFO L290 TraceCheckUtils]: 64: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,453 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {462#false} {462#false} #1258#return; {462#false} is VALID [2022-02-20 17:58:46,453 INFO L290 TraceCheckUtils]: 66: Hoare triple {462#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {462#false} is VALID [2022-02-20 17:58:46,453 INFO L290 TraceCheckUtils]: 67: Hoare triple {462#false} assume 0 == sign_~privkey~1#1; {462#false} is VALID [2022-02-20 17:58:46,453 INFO L290 TraceCheckUtils]: 68: Hoare triple {462#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {462#false} is VALID [2022-02-20 17:58:46,453 INFO L272 TraceCheckUtils]: 69: Hoare triple {462#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {462#false} is VALID [2022-02-20 17:58:46,454 INFO L290 TraceCheckUtils]: 70: Hoare triple {462#false} ~handle := #in~handle;havoc ~retValue_acc~4; {462#false} is VALID [2022-02-20 17:58:46,454 INFO L290 TraceCheckUtils]: 71: Hoare triple {462#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {462#false} is VALID [2022-02-20 17:58:46,455 INFO L290 TraceCheckUtils]: 72: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,455 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {462#false} {462#false} #1260#return; {462#false} is VALID [2022-02-20 17:58:46,455 INFO L290 TraceCheckUtils]: 74: Hoare triple {462#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {462#false} is VALID [2022-02-20 17:58:46,455 INFO L290 TraceCheckUtils]: 75: Hoare triple {462#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {462#false} is VALID [2022-02-20 17:58:46,455 INFO L272 TraceCheckUtils]: 76: Hoare triple {462#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {462#false} is VALID [2022-02-20 17:58:46,455 INFO L290 TraceCheckUtils]: 77: Hoare triple {462#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {462#false} is VALID [2022-02-20 17:58:46,455 INFO L272 TraceCheckUtils]: 78: Hoare triple {462#false} call #t~ret38#1 := getEmailTo(~msg#1); {462#false} is VALID [2022-02-20 17:58:46,456 INFO L290 TraceCheckUtils]: 79: Hoare triple {462#false} ~handle := #in~handle;havoc ~retValue_acc~33; {462#false} is VALID [2022-02-20 17:58:46,456 INFO L290 TraceCheckUtils]: 80: Hoare triple {462#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {462#false} is VALID [2022-02-20 17:58:46,456 INFO L290 TraceCheckUtils]: 81: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,456 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {462#false} {462#false} #1278#return; {462#false} is VALID [2022-02-20 17:58:46,456 INFO L290 TraceCheckUtils]: 83: Hoare triple {462#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {462#false} is VALID [2022-02-20 17:58:46,456 INFO L272 TraceCheckUtils]: 84: Hoare triple {462#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {462#false} is VALID [2022-02-20 17:58:46,456 INFO L290 TraceCheckUtils]: 85: Hoare triple {462#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {462#false} is VALID [2022-02-20 17:58:46,457 INFO L290 TraceCheckUtils]: 86: Hoare triple {462#false} assume 1 == ~handle; {462#false} is VALID [2022-02-20 17:58:46,457 INFO L290 TraceCheckUtils]: 87: Hoare triple {462#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {462#false} is VALID [2022-02-20 17:58:46,458 INFO L290 TraceCheckUtils]: 88: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,459 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {462#false} {462#false} #1280#return; {462#false} is VALID [2022-02-20 17:58:46,460 INFO L290 TraceCheckUtils]: 90: Hoare triple {462#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {462#false} is VALID [2022-02-20 17:58:46,460 INFO L290 TraceCheckUtils]: 91: Hoare triple {462#false} assume !(0 != ~pubkey~1#1); {462#false} is VALID [2022-02-20 17:58:46,460 INFO L290 TraceCheckUtils]: 92: Hoare triple {462#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {462#false} is VALID [2022-02-20 17:58:46,460 INFO L290 TraceCheckUtils]: 93: Hoare triple {462#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {462#false} is VALID [2022-02-20 17:58:46,461 INFO L290 TraceCheckUtils]: 94: Hoare triple {462#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {462#false} is VALID [2022-02-20 17:58:46,461 INFO L272 TraceCheckUtils]: 95: Hoare triple {462#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {462#false} is VALID [2022-02-20 17:58:46,461 INFO L290 TraceCheckUtils]: 96: Hoare triple {462#false} ~handle := #in~handle;~value := #in~value; {462#false} is VALID [2022-02-20 17:58:46,461 INFO L290 TraceCheckUtils]: 97: Hoare triple {462#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {462#false} is VALID [2022-02-20 17:58:46,461 INFO L290 TraceCheckUtils]: 98: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,461 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {462#false} {462#false} #1286#return; {462#false} is VALID [2022-02-20 17:58:46,461 INFO L290 TraceCheckUtils]: 100: Hoare triple {462#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {462#false} is VALID [2022-02-20 17:58:46,462 INFO L272 TraceCheckUtils]: 101: Hoare triple {462#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {462#false} is VALID [2022-02-20 17:58:46,464 INFO L290 TraceCheckUtils]: 102: Hoare triple {462#false} ~handle := #in~handle;havoc ~retValue_acc~38; {462#false} is VALID [2022-02-20 17:58:46,465 INFO L290 TraceCheckUtils]: 103: Hoare triple {462#false} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {462#false} is VALID [2022-02-20 17:58:46,465 INFO L290 TraceCheckUtils]: 104: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,465 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {462#false} {462#false} #1288#return; {462#false} is VALID [2022-02-20 17:58:46,465 INFO L290 TraceCheckUtils]: 106: Hoare triple {462#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {462#false} is VALID [2022-02-20 17:58:46,465 INFO L290 TraceCheckUtils]: 107: Hoare triple {462#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {462#false} is VALID [2022-02-20 17:58:46,465 INFO L272 TraceCheckUtils]: 108: Hoare triple {462#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {462#false} is VALID [2022-02-20 17:58:46,465 INFO L290 TraceCheckUtils]: 109: Hoare triple {462#false} ~handle := #in~handle;havoc ~retValue_acc~33; {462#false} is VALID [2022-02-20 17:58:46,466 INFO L290 TraceCheckUtils]: 110: Hoare triple {462#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {462#false} is VALID [2022-02-20 17:58:46,466 INFO L290 TraceCheckUtils]: 111: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,466 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {462#false} {462#false} #1290#return; {462#false} is VALID [2022-02-20 17:58:46,466 INFO L290 TraceCheckUtils]: 113: Hoare triple {462#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {462#false} is VALID [2022-02-20 17:58:46,466 INFO L272 TraceCheckUtils]: 114: Hoare triple {462#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {462#false} is VALID [2022-02-20 17:58:46,467 INFO L290 TraceCheckUtils]: 115: Hoare triple {462#false} ~handle := #in~handle;havoc ~retValue_acc~10; {462#false} is VALID [2022-02-20 17:58:46,467 INFO L290 TraceCheckUtils]: 116: Hoare triple {462#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {462#false} is VALID [2022-02-20 17:58:46,467 INFO L290 TraceCheckUtils]: 117: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,467 INFO L284 TraceCheckUtils]: 118: Hoare quadruple {462#false} {462#false} #1292#return; {462#false} is VALID [2022-02-20 17:58:46,467 INFO L290 TraceCheckUtils]: 119: Hoare triple {462#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {462#false} is VALID [2022-02-20 17:58:46,472 INFO L290 TraceCheckUtils]: 120: Hoare triple {462#false} assume !(0 != incoming_~privkey~0#1); {462#false} is VALID [2022-02-20 17:58:46,472 INFO L290 TraceCheckUtils]: 121: Hoare triple {462#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {462#false} is VALID [2022-02-20 17:58:46,472 INFO L290 TraceCheckUtils]: 122: Hoare triple {462#false} assume 1 == ~sent_signed~0; {462#false} is VALID [2022-02-20 17:58:46,472 INFO L272 TraceCheckUtils]: 123: Hoare triple {462#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {462#false} is VALID [2022-02-20 17:58:46,473 INFO L290 TraceCheckUtils]: 124: Hoare triple {462#false} ~handle := #in~handle;havoc ~retValue_acc~32; {462#false} is VALID [2022-02-20 17:58:46,473 INFO L290 TraceCheckUtils]: 125: Hoare triple {462#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {462#false} is VALID [2022-02-20 17:58:46,473 INFO L290 TraceCheckUtils]: 126: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,473 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {462#false} {462#false} #1304#return; {462#false} is VALID [2022-02-20 17:58:46,474 INFO L290 TraceCheckUtils]: 128: Hoare triple {462#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {462#false} is VALID [2022-02-20 17:58:46,474 INFO L272 TraceCheckUtils]: 129: Hoare triple {462#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {462#false} is VALID [2022-02-20 17:58:46,474 INFO L290 TraceCheckUtils]: 130: Hoare triple {462#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {462#false} is VALID [2022-02-20 17:58:46,474 INFO L290 TraceCheckUtils]: 131: Hoare triple {462#false} assume 1 == ~handle; {462#false} is VALID [2022-02-20 17:58:46,474 INFO L290 TraceCheckUtils]: 132: Hoare triple {462#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {462#false} is VALID [2022-02-20 17:58:46,474 INFO L290 TraceCheckUtils]: 133: Hoare triple {462#false} assume true; {462#false} is VALID [2022-02-20 17:58:46,474 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {462#false} {462#false} #1306#return; {462#false} is VALID [2022-02-20 17:58:46,475 INFO L290 TraceCheckUtils]: 135: Hoare triple {462#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {462#false} is VALID [2022-02-20 17:58:46,475 INFO L290 TraceCheckUtils]: 136: Hoare triple {462#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {462#false} is VALID [2022-02-20 17:58:46,475 INFO L272 TraceCheckUtils]: 137: Hoare triple {462#false} call __automaton_fail(); {462#false} is VALID [2022-02-20 17:58:46,475 INFO L290 TraceCheckUtils]: 138: Hoare triple {462#false} assume !false; {462#false} is VALID [2022-02-20 17:58:46,478 INFO L134 CoverageAnalysis]: Checked inductivity of 41 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:46,478 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:46,478 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [791307067] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:46,478 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:46,478 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [9] total 9 [2022-02-20 17:58:46,480 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [571091044] [2022-02-20 17:58:46,481 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:46,485 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 139 [2022-02-20 17:58:46,488 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:46,490 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:46,582 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 114 edges. 114 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:46,582 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 17:58:46,582 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:46,602 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 17:58:46,603 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:46,608 INFO L87 Difference]: Start difference. First operand has 458 states, 351 states have (on average 1.5327635327635327) internal successors, (538), 358 states have internal predecessors, (538), 76 states have call successors, (76), 29 states have call predecessors, (76), 29 states have return successors, (76), 74 states have call predecessors, (76), 76 states have call successors, (76) Second operand has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:47,074 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:47,075 INFO L93 Difference]: Finished difference Result 722 states and 1070 transitions. [2022-02-20 17:58:47,075 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 17:58:47,075 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 139 [2022-02-20 17:58:47,076 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:47,078 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:47,114 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 1070 transitions. [2022-02-20 17:58:47,116 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:47,141 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 1070 transitions. [2022-02-20 17:58:47,141 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 1070 transitions. [2022-02-20 17:58:48,028 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1070 edges. 1070 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:48,079 INFO L225 Difference]: With dead ends: 722 [2022-02-20 17:58:48,080 INFO L226 Difference]: Without dead ends: 450 [2022-02-20 17:58:48,085 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 178 GetRequests, 171 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:58:48,087 INFO L933 BasicCegarLoop]: 684 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 684 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:48,088 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 684 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:48,103 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 450 states. [2022-02-20 17:58:48,136 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 450 to 450. [2022-02-20 17:58:48,136 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:48,139 INFO L82 GeneralOperation]: Start isEquivalent. First operand 450 states. Second operand has 450 states, 345 states have (on average 1.527536231884058) internal successors, (527), 350 states have internal predecessors, (527), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 17:58:48,142 INFO L74 IsIncluded]: Start isIncluded. First operand 450 states. Second operand has 450 states, 345 states have (on average 1.527536231884058) internal successors, (527), 350 states have internal predecessors, (527), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 17:58:48,143 INFO L87 Difference]: Start difference. First operand 450 states. Second operand has 450 states, 345 states have (on average 1.527536231884058) internal successors, (527), 350 states have internal predecessors, (527), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 17:58:48,175 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:48,176 INFO L93 Difference]: Finished difference Result 450 states and 676 transitions. [2022-02-20 17:58:48,176 INFO L276 IsEmpty]: Start isEmpty. Operand 450 states and 676 transitions. [2022-02-20 17:58:48,179 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:48,179 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:48,181 INFO L74 IsIncluded]: Start isIncluded. First operand has 450 states, 345 states have (on average 1.527536231884058) internal successors, (527), 350 states have internal predecessors, (527), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) Second operand 450 states. [2022-02-20 17:58:48,182 INFO L87 Difference]: Start difference. First operand has 450 states, 345 states have (on average 1.527536231884058) internal successors, (527), 350 states have internal predecessors, (527), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) Second operand 450 states. [2022-02-20 17:58:48,206 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:48,206 INFO L93 Difference]: Finished difference Result 450 states and 676 transitions. [2022-02-20 17:58:48,206 INFO L276 IsEmpty]: Start isEmpty. Operand 450 states and 676 transitions. [2022-02-20 17:58:48,209 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:48,209 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:48,209 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:48,209 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:48,211 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 450 states, 345 states have (on average 1.527536231884058) internal successors, (527), 350 states have internal predecessors, (527), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 17:58:48,236 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 450 states to 450 states and 676 transitions. [2022-02-20 17:58:48,238 INFO L78 Accepts]: Start accepts. Automaton has 450 states and 676 transitions. Word has length 139 [2022-02-20 17:58:48,238 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:48,238 INFO L470 AbstractCegarLoop]: Abstraction has 450 states and 676 transitions. [2022-02-20 17:58:48,239 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 37.0) internal successors, (74), 2 states have internal predecessors, (74), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:48,239 INFO L276 IsEmpty]: Start isEmpty. Operand 450 states and 676 transitions. [2022-02-20 17:58:48,242 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 160 [2022-02-20 17:58:48,243 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:48,243 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:48,264 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:48,447 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable0 [2022-02-20 17:58:48,448 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:48,448 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:48,448 INFO L85 PathProgramCache]: Analyzing trace with hash -1402145748, now seen corresponding path program 1 times [2022-02-20 17:58:48,448 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:48,448 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1482767968] [2022-02-20 17:58:48,448 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:48,449 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:48,499 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,546 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:48,548 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {3571#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,551 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,551 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,551 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3481#true} #1358#return; {3481#true} is VALID [2022-02-20 17:58:48,557 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:48,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,561 INFO L290 TraceCheckUtils]: 0: Hoare triple {3572#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,562 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,562 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3481#true} #1360#return; {3481#true} is VALID [2022-02-20 17:58:48,562 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:48,565 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,579 INFO L290 TraceCheckUtils]: 0: Hoare triple {3571#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3573#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:48,579 INFO L290 TraceCheckUtils]: 1: Hoare triple {3573#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:48,580 INFO L290 TraceCheckUtils]: 2: Hoare triple {3574#(= |setClientId_#in~handle| 1)} assume true; {3574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:48,581 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3574#(= |setClientId_#in~handle| 1)} {3491#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1362#return; {3482#false} is VALID [2022-02-20 17:58:48,581 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:48,583 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,585 INFO L290 TraceCheckUtils]: 0: Hoare triple {3572#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,585 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,585 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,585 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1364#return; {3482#false} is VALID [2022-02-20 17:58:48,586 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:48,587 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,590 INFO L290 TraceCheckUtils]: 0: Hoare triple {3571#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,590 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,590 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,590 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1366#return; {3482#false} is VALID [2022-02-20 17:58:48,590 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:48,592 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,594 INFO L290 TraceCheckUtils]: 0: Hoare triple {3572#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,594 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,594 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,595 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1368#return; {3482#false} is VALID [2022-02-20 17:58:48,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 48 [2022-02-20 17:58:48,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,614 INFO L290 TraceCheckUtils]: 0: Hoare triple {3575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,615 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1344#return; {3482#false} is VALID [2022-02-20 17:58:48,623 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 53 [2022-02-20 17:58:48,624 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,626 INFO L290 TraceCheckUtils]: 0: Hoare triple {3576#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,626 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,627 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,627 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1346#return; {3482#false} is VALID [2022-02-20 17:58:48,627 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:58:48,628 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,630 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3481#true} is VALID [2022-02-20 17:58:48,630 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3481#true} is VALID [2022-02-20 17:58:48,630 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,630 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1258#return; {3482#false} is VALID [2022-02-20 17:58:48,630 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:58:48,631 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,633 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~4; {3481#true} is VALID [2022-02-20 17:58:48,633 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {3481#true} is VALID [2022-02-20 17:58:48,633 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,633 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1260#return; {3482#false} is VALID [2022-02-20 17:58:48,633 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:58:48,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,636 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,636 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,636 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,637 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1262#return; {3482#false} is VALID [2022-02-20 17:58:48,637 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 84 [2022-02-20 17:58:48,638 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,640 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~8; {3481#true} is VALID [2022-02-20 17:58:48,640 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle; {3481#true} is VALID [2022-02-20 17:58:48,640 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume 0 == ~index;~retValue_acc~8 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~8; {3481#true} is VALID [2022-02-20 17:58:48,640 INFO L290 TraceCheckUtils]: 3: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,640 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3481#true} {3482#false} #1264#return; {3482#false} is VALID [2022-02-20 17:58:48,640 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:58:48,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,644 INFO L290 TraceCheckUtils]: 0: Hoare triple {3576#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,644 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,644 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,644 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1266#return; {3482#false} is VALID [2022-02-20 17:58:48,644 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 98 [2022-02-20 17:58:48,645 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,647 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,648 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,648 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,648 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1278#return; {3482#false} is VALID [2022-02-20 17:58:48,648 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 104 [2022-02-20 17:58:48,649 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,651 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3481#true} is VALID [2022-02-20 17:58:48,651 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle; {3481#true} is VALID [2022-02-20 17:58:48,651 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3481#true} is VALID [2022-02-20 17:58:48,651 INFO L290 TraceCheckUtils]: 3: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,651 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3481#true} {3482#false} #1280#return; {3482#false} is VALID [2022-02-20 17:58:48,652 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:48,652 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,655 INFO L290 TraceCheckUtils]: 0: Hoare triple {3575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,655 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,655 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,655 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1286#return; {3482#false} is VALID [2022-02-20 17:58:48,655 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 17:58:48,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,658 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~38; {3481#true} is VALID [2022-02-20 17:58:48,658 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {3481#true} is VALID [2022-02-20 17:58:48,658 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,658 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1288#return; {3482#false} is VALID [2022-02-20 17:58:48,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 128 [2022-02-20 17:58:48,659 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,661 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,661 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,661 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,661 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1290#return; {3482#false} is VALID [2022-02-20 17:58:48,661 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 134 [2022-02-20 17:58:48,662 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,664 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3481#true} is VALID [2022-02-20 17:58:48,664 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3481#true} is VALID [2022-02-20 17:58:48,664 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,664 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1292#return; {3482#false} is VALID [2022-02-20 17:58:48,665 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 143 [2022-02-20 17:58:48,665 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,667 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~32; {3481#true} is VALID [2022-02-20 17:58:48,667 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {3481#true} is VALID [2022-02-20 17:58:48,667 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,668 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {3481#true} {3482#false} #1304#return; {3482#false} is VALID [2022-02-20 17:58:48,668 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 149 [2022-02-20 17:58:48,669 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:48,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3481#true} is VALID [2022-02-20 17:58:48,671 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume 1 == ~handle; {3481#true} is VALID [2022-02-20 17:58:48,671 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3481#true} is VALID [2022-02-20 17:58:48,671 INFO L290 TraceCheckUtils]: 3: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,671 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {3481#true} {3482#false} #1306#return; {3482#false} is VALID [2022-02-20 17:58:48,671 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {3481#true} is VALID [2022-02-20 17:58:48,675 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {3481#true} is VALID [2022-02-20 17:58:48,675 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3481#true} is VALID [2022-02-20 17:58:48,675 INFO L290 TraceCheckUtils]: 3: Hoare triple {3481#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {3481#true} is VALID [2022-02-20 17:58:48,675 INFO L290 TraceCheckUtils]: 4: Hoare triple {3481#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {3481#true} is VALID [2022-02-20 17:58:48,676 INFO L290 TraceCheckUtils]: 5: Hoare triple {3481#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3481#true} is VALID [2022-02-20 17:58:48,677 INFO L272 TraceCheckUtils]: 6: Hoare triple {3481#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3571#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:48,677 INFO L290 TraceCheckUtils]: 7: Hoare triple {3571#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,677 INFO L290 TraceCheckUtils]: 8: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,677 INFO L290 TraceCheckUtils]: 9: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,677 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3481#true} {3481#true} #1358#return; {3481#true} is VALID [2022-02-20 17:58:48,677 INFO L290 TraceCheckUtils]: 11: Hoare triple {3481#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3481#true} is VALID [2022-02-20 17:58:48,678 INFO L272 TraceCheckUtils]: 12: Hoare triple {3481#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3572#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:48,678 INFO L290 TraceCheckUtils]: 13: Hoare triple {3572#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,678 INFO L290 TraceCheckUtils]: 14: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,678 INFO L290 TraceCheckUtils]: 15: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,678 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3481#true} {3481#true} #1360#return; {3481#true} is VALID [2022-02-20 17:58:48,679 INFO L290 TraceCheckUtils]: 17: Hoare triple {3481#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3491#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:48,680 INFO L272 TraceCheckUtils]: 18: Hoare triple {3491#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3571#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:48,680 INFO L290 TraceCheckUtils]: 19: Hoare triple {3571#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3573#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:48,680 INFO L290 TraceCheckUtils]: 20: Hoare triple {3573#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:48,681 INFO L290 TraceCheckUtils]: 21: Hoare triple {3574#(= |setClientId_#in~handle| 1)} assume true; {3574#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:48,681 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3574#(= |setClientId_#in~handle| 1)} {3491#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1362#return; {3482#false} is VALID [2022-02-20 17:58:48,681 INFO L290 TraceCheckUtils]: 23: Hoare triple {3482#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {3482#false} is VALID [2022-02-20 17:58:48,681 INFO L272 TraceCheckUtils]: 24: Hoare triple {3482#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3572#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:48,682 INFO L290 TraceCheckUtils]: 25: Hoare triple {3572#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,682 INFO L290 TraceCheckUtils]: 26: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,682 INFO L290 TraceCheckUtils]: 27: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,682 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3481#true} {3482#false} #1364#return; {3482#false} is VALID [2022-02-20 17:58:48,682 INFO L290 TraceCheckUtils]: 29: Hoare triple {3482#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3482#false} is VALID [2022-02-20 17:58:48,682 INFO L272 TraceCheckUtils]: 30: Hoare triple {3482#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3571#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:48,682 INFO L290 TraceCheckUtils]: 31: Hoare triple {3571#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,682 INFO L290 TraceCheckUtils]: 32: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,682 INFO L290 TraceCheckUtils]: 33: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,683 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3481#true} {3482#false} #1366#return; {3482#false} is VALID [2022-02-20 17:58:48,683 INFO L290 TraceCheckUtils]: 35: Hoare triple {3482#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {3482#false} is VALID [2022-02-20 17:58:48,683 INFO L272 TraceCheckUtils]: 36: Hoare triple {3482#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3572#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:48,683 INFO L290 TraceCheckUtils]: 37: Hoare triple {3572#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,683 INFO L290 TraceCheckUtils]: 38: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,683 INFO L290 TraceCheckUtils]: 39: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,683 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3481#true} {3482#false} #1368#return; {3482#false} is VALID [2022-02-20 17:58:48,683 INFO L290 TraceCheckUtils]: 41: Hoare triple {3482#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {3482#false} is VALID [2022-02-20 17:58:48,683 INFO L290 TraceCheckUtils]: 42: Hoare triple {3482#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3482#false} is VALID [2022-02-20 17:58:48,684 INFO L290 TraceCheckUtils]: 43: Hoare triple {3482#false} assume !false; {3482#false} is VALID [2022-02-20 17:58:48,684 INFO L290 TraceCheckUtils]: 44: Hoare triple {3482#false} assume !(test_~splverifierCounter~0#1 < 4); {3482#false} is VALID [2022-02-20 17:58:48,684 INFO L290 TraceCheckUtils]: 45: Hoare triple {3482#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {3482#false} is VALID [2022-02-20 17:58:48,684 INFO L272 TraceCheckUtils]: 46: Hoare triple {3482#false} call sendEmail(~bob~0, ~rjh~0); {3482#false} is VALID [2022-02-20 17:58:48,684 INFO L290 TraceCheckUtils]: 47: Hoare triple {3482#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3482#false} is VALID [2022-02-20 17:58:48,684 INFO L272 TraceCheckUtils]: 48: Hoare triple {3482#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:48,684 INFO L290 TraceCheckUtils]: 49: Hoare triple {3575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,684 INFO L290 TraceCheckUtils]: 50: Hoare triple {3481#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,684 INFO L290 TraceCheckUtils]: 51: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,685 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3481#true} {3482#false} #1344#return; {3482#false} is VALID [2022-02-20 17:58:48,685 INFO L272 TraceCheckUtils]: 53: Hoare triple {3482#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3576#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:48,685 INFO L290 TraceCheckUtils]: 54: Hoare triple {3576#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,685 INFO L290 TraceCheckUtils]: 55: Hoare triple {3481#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,685 INFO L290 TraceCheckUtils]: 56: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,685 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3481#true} {3482#false} #1346#return; {3482#false} is VALID [2022-02-20 17:58:48,685 INFO L290 TraceCheckUtils]: 58: Hoare triple {3482#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {3482#false} is VALID [2022-02-20 17:58:48,685 INFO L290 TraceCheckUtils]: 59: Hoare triple {3482#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {3482#false} is VALID [2022-02-20 17:58:48,685 INFO L272 TraceCheckUtils]: 60: Hoare triple {3482#false} call outgoing(~sender#1, ~email~0#1); {3482#false} is VALID [2022-02-20 17:58:48,686 INFO L290 TraceCheckUtils]: 61: Hoare triple {3482#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {3482#false} is VALID [2022-02-20 17:58:48,686 INFO L272 TraceCheckUtils]: 62: Hoare triple {3482#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {3481#true} is VALID [2022-02-20 17:58:48,686 INFO L290 TraceCheckUtils]: 63: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3481#true} is VALID [2022-02-20 17:58:48,686 INFO L290 TraceCheckUtils]: 64: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3481#true} is VALID [2022-02-20 17:58:48,686 INFO L290 TraceCheckUtils]: 65: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,686 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3481#true} {3482#false} #1258#return; {3482#false} is VALID [2022-02-20 17:58:48,686 INFO L290 TraceCheckUtils]: 67: Hoare triple {3482#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {3482#false} is VALID [2022-02-20 17:58:48,686 INFO L290 TraceCheckUtils]: 68: Hoare triple {3482#false} assume 0 == sign_~privkey~1#1; {3482#false} is VALID [2022-02-20 17:58:48,686 INFO L290 TraceCheckUtils]: 69: Hoare triple {3482#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {3482#false} is VALID [2022-02-20 17:58:48,687 INFO L272 TraceCheckUtils]: 70: Hoare triple {3482#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3481#true} is VALID [2022-02-20 17:58:48,687 INFO L290 TraceCheckUtils]: 71: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~4; {3481#true} is VALID [2022-02-20 17:58:48,687 INFO L290 TraceCheckUtils]: 72: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {3481#true} is VALID [2022-02-20 17:58:48,687 INFO L290 TraceCheckUtils]: 73: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,687 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3481#true} {3482#false} #1260#return; {3482#false} is VALID [2022-02-20 17:58:48,687 INFO L290 TraceCheckUtils]: 75: Hoare triple {3482#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {3482#false} is VALID [2022-02-20 17:58:48,687 INFO L290 TraceCheckUtils]: 76: Hoare triple {3482#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {3482#false} is VALID [2022-02-20 17:58:48,687 INFO L290 TraceCheckUtils]: 77: Hoare triple {3482#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret41#1 := puts(17, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret41#1 && outgoing__wrappee__AddressBook_#t~ret41#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret41#1; {3482#false} is VALID [2022-02-20 17:58:48,687 INFO L272 TraceCheckUtils]: 78: Hoare triple {3482#false} call outgoing__wrappee__AddressBook_#t~ret42#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {3481#true} is VALID [2022-02-20 17:58:48,688 INFO L290 TraceCheckUtils]: 79: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,688 INFO L290 TraceCheckUtils]: 80: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,688 INFO L290 TraceCheckUtils]: 81: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,688 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3481#true} {3482#false} #1262#return; {3482#false} is VALID [2022-02-20 17:58:48,688 INFO L290 TraceCheckUtils]: 83: Hoare triple {3482#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret42#1 && outgoing__wrappee__AddressBook_#t~ret42#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~4#1 := outgoing__wrappee__AddressBook_#t~ret42#1;havoc outgoing__wrappee__AddressBook_#t~ret42#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~4#1;call outgoing__wrappee__AddressBook_#t~ret43#1 := puts(18, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret43#1 && outgoing__wrappee__AddressBook_#t~ret43#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret43#1; {3482#false} is VALID [2022-02-20 17:58:48,688 INFO L272 TraceCheckUtils]: 84: Hoare triple {3482#false} call outgoing__wrappee__AddressBook_#t~ret44#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {3481#true} is VALID [2022-02-20 17:58:48,688 INFO L290 TraceCheckUtils]: 85: Hoare triple {3481#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~8; {3481#true} is VALID [2022-02-20 17:58:48,688 INFO L290 TraceCheckUtils]: 86: Hoare triple {3481#true} assume 1 == ~handle; {3481#true} is VALID [2022-02-20 17:58:48,688 INFO L290 TraceCheckUtils]: 87: Hoare triple {3481#true} assume 0 == ~index;~retValue_acc~8 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~8; {3481#true} is VALID [2022-02-20 17:58:48,688 INFO L290 TraceCheckUtils]: 88: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,689 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {3481#true} {3482#false} #1264#return; {3482#false} is VALID [2022-02-20 17:58:48,689 INFO L290 TraceCheckUtils]: 90: Hoare triple {3482#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret44#1 && outgoing__wrappee__AddressBook_#t~ret44#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret44#1;havoc outgoing__wrappee__AddressBook_#t~ret44#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {3482#false} is VALID [2022-02-20 17:58:48,689 INFO L272 TraceCheckUtils]: 91: Hoare triple {3482#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {3576#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:48,689 INFO L290 TraceCheckUtils]: 92: Hoare triple {3576#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,689 INFO L290 TraceCheckUtils]: 93: Hoare triple {3481#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,689 INFO L290 TraceCheckUtils]: 94: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,689 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {3481#true} {3482#false} #1266#return; {3482#false} is VALID [2022-02-20 17:58:48,689 INFO L272 TraceCheckUtils]: 96: Hoare triple {3482#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3482#false} is VALID [2022-02-20 17:58:48,689 INFO L290 TraceCheckUtils]: 97: Hoare triple {3482#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {3482#false} is VALID [2022-02-20 17:58:48,690 INFO L272 TraceCheckUtils]: 98: Hoare triple {3482#false} call #t~ret38#1 := getEmailTo(~msg#1); {3481#true} is VALID [2022-02-20 17:58:48,690 INFO L290 TraceCheckUtils]: 99: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,690 INFO L290 TraceCheckUtils]: 100: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,690 INFO L290 TraceCheckUtils]: 101: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,690 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {3481#true} {3482#false} #1278#return; {3482#false} is VALID [2022-02-20 17:58:48,690 INFO L290 TraceCheckUtils]: 103: Hoare triple {3482#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {3482#false} is VALID [2022-02-20 17:58:48,690 INFO L272 TraceCheckUtils]: 104: Hoare triple {3482#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {3481#true} is VALID [2022-02-20 17:58:48,690 INFO L290 TraceCheckUtils]: 105: Hoare triple {3481#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3481#true} is VALID [2022-02-20 17:58:48,690 INFO L290 TraceCheckUtils]: 106: Hoare triple {3481#true} assume 1 == ~handle; {3481#true} is VALID [2022-02-20 17:58:48,690 INFO L290 TraceCheckUtils]: 107: Hoare triple {3481#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3481#true} is VALID [2022-02-20 17:58:48,691 INFO L290 TraceCheckUtils]: 108: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,691 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {3481#true} {3482#false} #1280#return; {3482#false} is VALID [2022-02-20 17:58:48,691 INFO L290 TraceCheckUtils]: 110: Hoare triple {3482#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {3482#false} is VALID [2022-02-20 17:58:48,691 INFO L290 TraceCheckUtils]: 111: Hoare triple {3482#false} assume !(0 != ~pubkey~1#1); {3482#false} is VALID [2022-02-20 17:58:48,691 INFO L290 TraceCheckUtils]: 112: Hoare triple {3482#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {3482#false} is VALID [2022-02-20 17:58:48,691 INFO L290 TraceCheckUtils]: 113: Hoare triple {3482#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {3482#false} is VALID [2022-02-20 17:58:48,691 INFO L290 TraceCheckUtils]: 114: Hoare triple {3482#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {3482#false} is VALID [2022-02-20 17:58:48,691 INFO L272 TraceCheckUtils]: 115: Hoare triple {3482#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {3575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:48,691 INFO L290 TraceCheckUtils]: 116: Hoare triple {3575#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:48,691 INFO L290 TraceCheckUtils]: 117: Hoare triple {3481#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:48,692 INFO L290 TraceCheckUtils]: 118: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,692 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {3481#true} {3482#false} #1286#return; {3482#false} is VALID [2022-02-20 17:58:48,692 INFO L290 TraceCheckUtils]: 120: Hoare triple {3482#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {3482#false} is VALID [2022-02-20 17:58:48,692 INFO L272 TraceCheckUtils]: 121: Hoare triple {3482#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {3481#true} is VALID [2022-02-20 17:58:48,692 INFO L290 TraceCheckUtils]: 122: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~38; {3481#true} is VALID [2022-02-20 17:58:48,692 INFO L290 TraceCheckUtils]: 123: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {3481#true} is VALID [2022-02-20 17:58:48,692 INFO L290 TraceCheckUtils]: 124: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,692 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {3481#true} {3482#false} #1288#return; {3482#false} is VALID [2022-02-20 17:58:48,692 INFO L290 TraceCheckUtils]: 126: Hoare triple {3482#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {3482#false} is VALID [2022-02-20 17:58:48,693 INFO L290 TraceCheckUtils]: 127: Hoare triple {3482#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {3482#false} is VALID [2022-02-20 17:58:48,693 INFO L272 TraceCheckUtils]: 128: Hoare triple {3482#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {3481#true} is VALID [2022-02-20 17:58:48,693 INFO L290 TraceCheckUtils]: 129: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,693 INFO L290 TraceCheckUtils]: 130: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {3481#true} is VALID [2022-02-20 17:58:48,693 INFO L290 TraceCheckUtils]: 131: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,693 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {3481#true} {3482#false} #1290#return; {3482#false} is VALID [2022-02-20 17:58:48,693 INFO L290 TraceCheckUtils]: 133: Hoare triple {3482#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {3482#false} is VALID [2022-02-20 17:58:48,693 INFO L272 TraceCheckUtils]: 134: Hoare triple {3482#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {3481#true} is VALID [2022-02-20 17:58:48,693 INFO L290 TraceCheckUtils]: 135: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~10; {3481#true} is VALID [2022-02-20 17:58:48,693 INFO L290 TraceCheckUtils]: 136: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3481#true} is VALID [2022-02-20 17:58:48,694 INFO L290 TraceCheckUtils]: 137: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,694 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {3481#true} {3482#false} #1292#return; {3482#false} is VALID [2022-02-20 17:58:48,694 INFO L290 TraceCheckUtils]: 139: Hoare triple {3482#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {3482#false} is VALID [2022-02-20 17:58:48,694 INFO L290 TraceCheckUtils]: 140: Hoare triple {3482#false} assume !(0 != incoming_~privkey~0#1); {3482#false} is VALID [2022-02-20 17:58:48,694 INFO L290 TraceCheckUtils]: 141: Hoare triple {3482#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {3482#false} is VALID [2022-02-20 17:58:48,694 INFO L290 TraceCheckUtils]: 142: Hoare triple {3482#false} assume 1 == ~sent_signed~0; {3482#false} is VALID [2022-02-20 17:58:48,694 INFO L272 TraceCheckUtils]: 143: Hoare triple {3482#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {3481#true} is VALID [2022-02-20 17:58:48,694 INFO L290 TraceCheckUtils]: 144: Hoare triple {3481#true} ~handle := #in~handle;havoc ~retValue_acc~32; {3481#true} is VALID [2022-02-20 17:58:48,694 INFO L290 TraceCheckUtils]: 145: Hoare triple {3481#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {3481#true} is VALID [2022-02-20 17:58:48,694 INFO L290 TraceCheckUtils]: 146: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,695 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {3481#true} {3482#false} #1304#return; {3482#false} is VALID [2022-02-20 17:58:48,695 INFO L290 TraceCheckUtils]: 148: Hoare triple {3482#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {3482#false} is VALID [2022-02-20 17:58:48,695 INFO L272 TraceCheckUtils]: 149: Hoare triple {3482#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {3481#true} is VALID [2022-02-20 17:58:48,695 INFO L290 TraceCheckUtils]: 150: Hoare triple {3481#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3481#true} is VALID [2022-02-20 17:58:48,695 INFO L290 TraceCheckUtils]: 151: Hoare triple {3481#true} assume 1 == ~handle; {3481#true} is VALID [2022-02-20 17:58:48,695 INFO L290 TraceCheckUtils]: 152: Hoare triple {3481#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3481#true} is VALID [2022-02-20 17:58:48,695 INFO L290 TraceCheckUtils]: 153: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:48,695 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {3481#true} {3482#false} #1306#return; {3482#false} is VALID [2022-02-20 17:58:48,695 INFO L290 TraceCheckUtils]: 155: Hoare triple {3482#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {3482#false} is VALID [2022-02-20 17:58:48,695 INFO L290 TraceCheckUtils]: 156: Hoare triple {3482#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {3482#false} is VALID [2022-02-20 17:58:48,696 INFO L272 TraceCheckUtils]: 157: Hoare triple {3482#false} call __automaton_fail(); {3482#false} is VALID [2022-02-20 17:58:48,696 INFO L290 TraceCheckUtils]: 158: Hoare triple {3482#false} assume !false; {3482#false} is VALID [2022-02-20 17:58:48,696 INFO L134 CoverageAnalysis]: Checked inductivity of 53 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 47 trivial. 0 not checked. [2022-02-20 17:58:48,696 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:48,697 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1482767968] [2022-02-20 17:58:48,697 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1482767968] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:48,697 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1261633690] [2022-02-20 17:58:48,697 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:48,697 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:48,697 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:48,703 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:48,705 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 17:58:48,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,001 INFO L263 TraceCheckSpWp]: Trace formula consists of 1375 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 17:58:49,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:49,072 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:49,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {3481#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {3481#true} is VALID [2022-02-20 17:58:49,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {3481#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {3481#true} is VALID [2022-02-20 17:58:49,463 INFO L290 TraceCheckUtils]: 2: Hoare triple {3481#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3481#true} is VALID [2022-02-20 17:58:49,463 INFO L290 TraceCheckUtils]: 3: Hoare triple {3481#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {3481#true} is VALID [2022-02-20 17:58:49,464 INFO L290 TraceCheckUtils]: 4: Hoare triple {3481#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {3481#true} is VALID [2022-02-20 17:58:49,464 INFO L290 TraceCheckUtils]: 5: Hoare triple {3481#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {3481#true} is VALID [2022-02-20 17:58:49,464 INFO L272 TraceCheckUtils]: 6: Hoare triple {3481#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {3481#true} is VALID [2022-02-20 17:58:49,464 INFO L290 TraceCheckUtils]: 7: Hoare triple {3481#true} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:49,464 INFO L290 TraceCheckUtils]: 8: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:49,464 INFO L290 TraceCheckUtils]: 9: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:49,465 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3481#true} {3481#true} #1358#return; {3481#true} is VALID [2022-02-20 17:58:49,465 INFO L290 TraceCheckUtils]: 11: Hoare triple {3481#true} assume { :end_inline_setup_bob__wrappee__Base } true; {3481#true} is VALID [2022-02-20 17:58:49,465 INFO L272 TraceCheckUtils]: 12: Hoare triple {3481#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {3481#true} is VALID [2022-02-20 17:58:49,465 INFO L290 TraceCheckUtils]: 13: Hoare triple {3481#true} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:49,465 INFO L290 TraceCheckUtils]: 14: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:49,466 INFO L290 TraceCheckUtils]: 15: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:49,466 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3481#true} {3481#true} #1360#return; {3481#true} is VALID [2022-02-20 17:58:49,466 INFO L290 TraceCheckUtils]: 17: Hoare triple {3481#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {3481#true} is VALID [2022-02-20 17:58:49,466 INFO L272 TraceCheckUtils]: 18: Hoare triple {3481#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {3481#true} is VALID [2022-02-20 17:58:49,466 INFO L290 TraceCheckUtils]: 19: Hoare triple {3481#true} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:49,466 INFO L290 TraceCheckUtils]: 20: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:49,467 INFO L290 TraceCheckUtils]: 21: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:49,467 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {3481#true} {3481#true} #1362#return; {3481#true} is VALID [2022-02-20 17:58:49,467 INFO L290 TraceCheckUtils]: 23: Hoare triple {3481#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {3481#true} is VALID [2022-02-20 17:58:49,467 INFO L272 TraceCheckUtils]: 24: Hoare triple {3481#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {3481#true} is VALID [2022-02-20 17:58:49,467 INFO L290 TraceCheckUtils]: 25: Hoare triple {3481#true} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:49,467 INFO L290 TraceCheckUtils]: 26: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:49,468 INFO L290 TraceCheckUtils]: 27: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:49,468 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3481#true} {3481#true} #1364#return; {3481#true} is VALID [2022-02-20 17:58:49,468 INFO L290 TraceCheckUtils]: 29: Hoare triple {3481#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {3481#true} is VALID [2022-02-20 17:58:49,468 INFO L272 TraceCheckUtils]: 30: Hoare triple {3481#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {3481#true} is VALID [2022-02-20 17:58:49,468 INFO L290 TraceCheckUtils]: 31: Hoare triple {3481#true} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:49,468 INFO L290 TraceCheckUtils]: 32: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:49,469 INFO L290 TraceCheckUtils]: 33: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:49,469 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {3481#true} {3481#true} #1366#return; {3481#true} is VALID [2022-02-20 17:58:49,469 INFO L290 TraceCheckUtils]: 35: Hoare triple {3481#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {3481#true} is VALID [2022-02-20 17:58:49,469 INFO L272 TraceCheckUtils]: 36: Hoare triple {3481#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {3481#true} is VALID [2022-02-20 17:58:49,469 INFO L290 TraceCheckUtils]: 37: Hoare triple {3481#true} ~handle := #in~handle;~value := #in~value; {3481#true} is VALID [2022-02-20 17:58:49,469 INFO L290 TraceCheckUtils]: 38: Hoare triple {3481#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {3481#true} is VALID [2022-02-20 17:58:49,470 INFO L290 TraceCheckUtils]: 39: Hoare triple {3481#true} assume true; {3481#true} is VALID [2022-02-20 17:58:49,470 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {3481#true} {3481#true} #1368#return; {3481#true} is VALID [2022-02-20 17:58:49,470 INFO L290 TraceCheckUtils]: 41: Hoare triple {3481#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {3481#true} is VALID [2022-02-20 17:58:49,471 INFO L290 TraceCheckUtils]: 42: Hoare triple {3481#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {3706#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:49,472 INFO L290 TraceCheckUtils]: 43: Hoare triple {3706#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {3706#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 17:58:49,472 INFO L290 TraceCheckUtils]: 44: Hoare triple {3706#(<= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {3482#false} is VALID [2022-02-20 17:58:49,472 INFO L290 TraceCheckUtils]: 45: Hoare triple {3482#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {3482#false} is VALID [2022-02-20 17:58:49,472 INFO L272 TraceCheckUtils]: 46: Hoare triple {3482#false} call sendEmail(~bob~0, ~rjh~0); {3482#false} is VALID [2022-02-20 17:58:49,473 INFO L290 TraceCheckUtils]: 47: Hoare triple {3482#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {3482#false} is VALID [2022-02-20 17:58:49,473 INFO L272 TraceCheckUtils]: 48: Hoare triple {3482#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {3482#false} is VALID [2022-02-20 17:58:49,473 INFO L290 TraceCheckUtils]: 49: Hoare triple {3482#false} ~handle := #in~handle;~value := #in~value; {3482#false} is VALID [2022-02-20 17:58:49,473 INFO L290 TraceCheckUtils]: 50: Hoare triple {3482#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3482#false} is VALID [2022-02-20 17:58:49,473 INFO L290 TraceCheckUtils]: 51: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,473 INFO L284 TraceCheckUtils]: 52: Hoare quadruple {3482#false} {3482#false} #1344#return; {3482#false} is VALID [2022-02-20 17:58:49,474 INFO L272 TraceCheckUtils]: 53: Hoare triple {3482#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {3482#false} is VALID [2022-02-20 17:58:49,474 INFO L290 TraceCheckUtils]: 54: Hoare triple {3482#false} ~handle := #in~handle;~value := #in~value; {3482#false} is VALID [2022-02-20 17:58:49,474 INFO L290 TraceCheckUtils]: 55: Hoare triple {3482#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3482#false} is VALID [2022-02-20 17:58:49,474 INFO L290 TraceCheckUtils]: 56: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,474 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {3482#false} {3482#false} #1346#return; {3482#false} is VALID [2022-02-20 17:58:49,474 INFO L290 TraceCheckUtils]: 58: Hoare triple {3482#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {3482#false} is VALID [2022-02-20 17:58:49,475 INFO L290 TraceCheckUtils]: 59: Hoare triple {3482#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {3482#false} is VALID [2022-02-20 17:58:49,475 INFO L272 TraceCheckUtils]: 60: Hoare triple {3482#false} call outgoing(~sender#1, ~email~0#1); {3482#false} is VALID [2022-02-20 17:58:49,475 INFO L290 TraceCheckUtils]: 61: Hoare triple {3482#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {3482#false} is VALID [2022-02-20 17:58:49,475 INFO L272 TraceCheckUtils]: 62: Hoare triple {3482#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {3482#false} is VALID [2022-02-20 17:58:49,475 INFO L290 TraceCheckUtils]: 63: Hoare triple {3482#false} ~handle := #in~handle;havoc ~retValue_acc~10; {3482#false} is VALID [2022-02-20 17:58:49,475 INFO L290 TraceCheckUtils]: 64: Hoare triple {3482#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3482#false} is VALID [2022-02-20 17:58:49,476 INFO L290 TraceCheckUtils]: 65: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,476 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {3482#false} {3482#false} #1258#return; {3482#false} is VALID [2022-02-20 17:58:49,476 INFO L290 TraceCheckUtils]: 67: Hoare triple {3482#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {3482#false} is VALID [2022-02-20 17:58:49,476 INFO L290 TraceCheckUtils]: 68: Hoare triple {3482#false} assume 0 == sign_~privkey~1#1; {3482#false} is VALID [2022-02-20 17:58:49,476 INFO L290 TraceCheckUtils]: 69: Hoare triple {3482#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {3482#false} is VALID [2022-02-20 17:58:49,476 INFO L272 TraceCheckUtils]: 70: Hoare triple {3482#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {3482#false} is VALID [2022-02-20 17:58:49,477 INFO L290 TraceCheckUtils]: 71: Hoare triple {3482#false} ~handle := #in~handle;havoc ~retValue_acc~4; {3482#false} is VALID [2022-02-20 17:58:49,477 INFO L290 TraceCheckUtils]: 72: Hoare triple {3482#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {3482#false} is VALID [2022-02-20 17:58:49,477 INFO L290 TraceCheckUtils]: 73: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,477 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {3482#false} {3482#false} #1260#return; {3482#false} is VALID [2022-02-20 17:58:49,477 INFO L290 TraceCheckUtils]: 75: Hoare triple {3482#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {3482#false} is VALID [2022-02-20 17:58:49,477 INFO L290 TraceCheckUtils]: 76: Hoare triple {3482#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {3482#false} is VALID [2022-02-20 17:58:49,478 INFO L290 TraceCheckUtils]: 77: Hoare triple {3482#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret41#1 := puts(17, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret41#1 && outgoing__wrappee__AddressBook_#t~ret41#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret41#1; {3482#false} is VALID [2022-02-20 17:58:49,478 INFO L272 TraceCheckUtils]: 78: Hoare triple {3482#false} call outgoing__wrappee__AddressBook_#t~ret42#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {3482#false} is VALID [2022-02-20 17:58:49,478 INFO L290 TraceCheckUtils]: 79: Hoare triple {3482#false} ~handle := #in~handle;havoc ~retValue_acc~33; {3482#false} is VALID [2022-02-20 17:58:49,478 INFO L290 TraceCheckUtils]: 80: Hoare triple {3482#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {3482#false} is VALID [2022-02-20 17:58:49,478 INFO L290 TraceCheckUtils]: 81: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,478 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {3482#false} {3482#false} #1262#return; {3482#false} is VALID [2022-02-20 17:58:49,479 INFO L290 TraceCheckUtils]: 83: Hoare triple {3482#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret42#1 && outgoing__wrappee__AddressBook_#t~ret42#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~4#1 := outgoing__wrappee__AddressBook_#t~ret42#1;havoc outgoing__wrappee__AddressBook_#t~ret42#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~4#1;call outgoing__wrappee__AddressBook_#t~ret43#1 := puts(18, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret43#1 && outgoing__wrappee__AddressBook_#t~ret43#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret43#1; {3482#false} is VALID [2022-02-20 17:58:49,479 INFO L272 TraceCheckUtils]: 84: Hoare triple {3482#false} call outgoing__wrappee__AddressBook_#t~ret44#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {3482#false} is VALID [2022-02-20 17:58:49,479 INFO L290 TraceCheckUtils]: 85: Hoare triple {3482#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~8; {3482#false} is VALID [2022-02-20 17:58:49,479 INFO L290 TraceCheckUtils]: 86: Hoare triple {3482#false} assume 1 == ~handle; {3482#false} is VALID [2022-02-20 17:58:49,479 INFO L290 TraceCheckUtils]: 87: Hoare triple {3482#false} assume 0 == ~index;~retValue_acc~8 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~8; {3482#false} is VALID [2022-02-20 17:58:49,479 INFO L290 TraceCheckUtils]: 88: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,480 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {3482#false} {3482#false} #1264#return; {3482#false} is VALID [2022-02-20 17:58:49,480 INFO L290 TraceCheckUtils]: 90: Hoare triple {3482#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret44#1 && outgoing__wrappee__AddressBook_#t~ret44#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret44#1;havoc outgoing__wrappee__AddressBook_#t~ret44#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {3482#false} is VALID [2022-02-20 17:58:49,480 INFO L272 TraceCheckUtils]: 91: Hoare triple {3482#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {3482#false} is VALID [2022-02-20 17:58:49,480 INFO L290 TraceCheckUtils]: 92: Hoare triple {3482#false} ~handle := #in~handle;~value := #in~value; {3482#false} is VALID [2022-02-20 17:58:49,480 INFO L290 TraceCheckUtils]: 93: Hoare triple {3482#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {3482#false} is VALID [2022-02-20 17:58:49,480 INFO L290 TraceCheckUtils]: 94: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,480 INFO L284 TraceCheckUtils]: 95: Hoare quadruple {3482#false} {3482#false} #1266#return; {3482#false} is VALID [2022-02-20 17:58:49,481 INFO L272 TraceCheckUtils]: 96: Hoare triple {3482#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {3482#false} is VALID [2022-02-20 17:58:49,481 INFO L290 TraceCheckUtils]: 97: Hoare triple {3482#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {3482#false} is VALID [2022-02-20 17:58:49,481 INFO L272 TraceCheckUtils]: 98: Hoare triple {3482#false} call #t~ret38#1 := getEmailTo(~msg#1); {3482#false} is VALID [2022-02-20 17:58:49,481 INFO L290 TraceCheckUtils]: 99: Hoare triple {3482#false} ~handle := #in~handle;havoc ~retValue_acc~33; {3482#false} is VALID [2022-02-20 17:58:49,481 INFO L290 TraceCheckUtils]: 100: Hoare triple {3482#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {3482#false} is VALID [2022-02-20 17:58:49,481 INFO L290 TraceCheckUtils]: 101: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,482 INFO L284 TraceCheckUtils]: 102: Hoare quadruple {3482#false} {3482#false} #1278#return; {3482#false} is VALID [2022-02-20 17:58:49,482 INFO L290 TraceCheckUtils]: 103: Hoare triple {3482#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {3482#false} is VALID [2022-02-20 17:58:49,482 INFO L272 TraceCheckUtils]: 104: Hoare triple {3482#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {3482#false} is VALID [2022-02-20 17:58:49,482 INFO L290 TraceCheckUtils]: 105: Hoare triple {3482#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3482#false} is VALID [2022-02-20 17:58:49,482 INFO L290 TraceCheckUtils]: 106: Hoare triple {3482#false} assume 1 == ~handle; {3482#false} is VALID [2022-02-20 17:58:49,482 INFO L290 TraceCheckUtils]: 107: Hoare triple {3482#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3482#false} is VALID [2022-02-20 17:58:49,483 INFO L290 TraceCheckUtils]: 108: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,483 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {3482#false} {3482#false} #1280#return; {3482#false} is VALID [2022-02-20 17:58:49,483 INFO L290 TraceCheckUtils]: 110: Hoare triple {3482#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {3482#false} is VALID [2022-02-20 17:58:49,483 INFO L290 TraceCheckUtils]: 111: Hoare triple {3482#false} assume !(0 != ~pubkey~1#1); {3482#false} is VALID [2022-02-20 17:58:49,483 INFO L290 TraceCheckUtils]: 112: Hoare triple {3482#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {3482#false} is VALID [2022-02-20 17:58:49,483 INFO L290 TraceCheckUtils]: 113: Hoare triple {3482#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {3482#false} is VALID [2022-02-20 17:58:49,484 INFO L290 TraceCheckUtils]: 114: Hoare triple {3482#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {3482#false} is VALID [2022-02-20 17:58:49,484 INFO L272 TraceCheckUtils]: 115: Hoare triple {3482#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {3482#false} is VALID [2022-02-20 17:58:49,484 INFO L290 TraceCheckUtils]: 116: Hoare triple {3482#false} ~handle := #in~handle;~value := #in~value; {3482#false} is VALID [2022-02-20 17:58:49,484 INFO L290 TraceCheckUtils]: 117: Hoare triple {3482#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {3482#false} is VALID [2022-02-20 17:58:49,484 INFO L290 TraceCheckUtils]: 118: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,484 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {3482#false} {3482#false} #1286#return; {3482#false} is VALID [2022-02-20 17:58:49,485 INFO L290 TraceCheckUtils]: 120: Hoare triple {3482#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {3482#false} is VALID [2022-02-20 17:58:49,485 INFO L272 TraceCheckUtils]: 121: Hoare triple {3482#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {3482#false} is VALID [2022-02-20 17:58:49,485 INFO L290 TraceCheckUtils]: 122: Hoare triple {3482#false} ~handle := #in~handle;havoc ~retValue_acc~38; {3482#false} is VALID [2022-02-20 17:58:49,485 INFO L290 TraceCheckUtils]: 123: Hoare triple {3482#false} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {3482#false} is VALID [2022-02-20 17:58:49,485 INFO L290 TraceCheckUtils]: 124: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,485 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {3482#false} {3482#false} #1288#return; {3482#false} is VALID [2022-02-20 17:58:49,486 INFO L290 TraceCheckUtils]: 126: Hoare triple {3482#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {3482#false} is VALID [2022-02-20 17:58:49,486 INFO L290 TraceCheckUtils]: 127: Hoare triple {3482#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {3482#false} is VALID [2022-02-20 17:58:49,486 INFO L272 TraceCheckUtils]: 128: Hoare triple {3482#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {3482#false} is VALID [2022-02-20 17:58:49,486 INFO L290 TraceCheckUtils]: 129: Hoare triple {3482#false} ~handle := #in~handle;havoc ~retValue_acc~33; {3482#false} is VALID [2022-02-20 17:58:49,486 INFO L290 TraceCheckUtils]: 130: Hoare triple {3482#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {3482#false} is VALID [2022-02-20 17:58:49,486 INFO L290 TraceCheckUtils]: 131: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,487 INFO L284 TraceCheckUtils]: 132: Hoare quadruple {3482#false} {3482#false} #1290#return; {3482#false} is VALID [2022-02-20 17:58:49,487 INFO L290 TraceCheckUtils]: 133: Hoare triple {3482#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {3482#false} is VALID [2022-02-20 17:58:49,487 INFO L272 TraceCheckUtils]: 134: Hoare triple {3482#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {3482#false} is VALID [2022-02-20 17:58:49,487 INFO L290 TraceCheckUtils]: 135: Hoare triple {3482#false} ~handle := #in~handle;havoc ~retValue_acc~10; {3482#false} is VALID [2022-02-20 17:58:49,487 INFO L290 TraceCheckUtils]: 136: Hoare triple {3482#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {3482#false} is VALID [2022-02-20 17:58:49,487 INFO L290 TraceCheckUtils]: 137: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,488 INFO L284 TraceCheckUtils]: 138: Hoare quadruple {3482#false} {3482#false} #1292#return; {3482#false} is VALID [2022-02-20 17:58:49,488 INFO L290 TraceCheckUtils]: 139: Hoare triple {3482#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {3482#false} is VALID [2022-02-20 17:58:49,488 INFO L290 TraceCheckUtils]: 140: Hoare triple {3482#false} assume !(0 != incoming_~privkey~0#1); {3482#false} is VALID [2022-02-20 17:58:49,488 INFO L290 TraceCheckUtils]: 141: Hoare triple {3482#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {3482#false} is VALID [2022-02-20 17:58:49,488 INFO L290 TraceCheckUtils]: 142: Hoare triple {3482#false} assume 1 == ~sent_signed~0; {3482#false} is VALID [2022-02-20 17:58:49,488 INFO L272 TraceCheckUtils]: 143: Hoare triple {3482#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {3482#false} is VALID [2022-02-20 17:58:49,489 INFO L290 TraceCheckUtils]: 144: Hoare triple {3482#false} ~handle := #in~handle;havoc ~retValue_acc~32; {3482#false} is VALID [2022-02-20 17:58:49,489 INFO L290 TraceCheckUtils]: 145: Hoare triple {3482#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {3482#false} is VALID [2022-02-20 17:58:49,489 INFO L290 TraceCheckUtils]: 146: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,489 INFO L284 TraceCheckUtils]: 147: Hoare quadruple {3482#false} {3482#false} #1304#return; {3482#false} is VALID [2022-02-20 17:58:49,489 INFO L290 TraceCheckUtils]: 148: Hoare triple {3482#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {3482#false} is VALID [2022-02-20 17:58:49,489 INFO L272 TraceCheckUtils]: 149: Hoare triple {3482#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {3482#false} is VALID [2022-02-20 17:58:49,490 INFO L290 TraceCheckUtils]: 150: Hoare triple {3482#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {3482#false} is VALID [2022-02-20 17:58:49,490 INFO L290 TraceCheckUtils]: 151: Hoare triple {3482#false} assume 1 == ~handle; {3482#false} is VALID [2022-02-20 17:58:49,490 INFO L290 TraceCheckUtils]: 152: Hoare triple {3482#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {3482#false} is VALID [2022-02-20 17:58:49,490 INFO L290 TraceCheckUtils]: 153: Hoare triple {3482#false} assume true; {3482#false} is VALID [2022-02-20 17:58:49,490 INFO L284 TraceCheckUtils]: 154: Hoare quadruple {3482#false} {3482#false} #1306#return; {3482#false} is VALID [2022-02-20 17:58:49,490 INFO L290 TraceCheckUtils]: 155: Hoare triple {3482#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {3482#false} is VALID [2022-02-20 17:58:49,491 INFO L290 TraceCheckUtils]: 156: Hoare triple {3482#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {3482#false} is VALID [2022-02-20 17:58:49,491 INFO L272 TraceCheckUtils]: 157: Hoare triple {3482#false} call __automaton_fail(); {3482#false} is VALID [2022-02-20 17:58:49,491 INFO L290 TraceCheckUtils]: 158: Hoare triple {3482#false} assume !false; {3482#false} is VALID [2022-02-20 17:58:49,491 INFO L134 CoverageAnalysis]: Checked inductivity of 53 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 53 trivial. 0 not checked. [2022-02-20 17:58:49,492 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:49,492 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1261633690] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:49,492 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:49,492 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:49,492 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2031460029] [2022-02-20 17:58:49,493 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:49,494 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 159 [2022-02-20 17:58:49,495 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:49,495 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:49,593 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 128 edges. 128 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:49,594 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:49,594 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:49,594 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:49,595 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:49,596 INFO L87 Difference]: Start difference. First operand 450 states and 676 transitions. Second operand has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:50,249 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:50,249 INFO L93 Difference]: Finished difference Result 711 states and 1044 transitions. [2022-02-20 17:58:50,249 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:50,250 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) Word has length 159 [2022-02-20 17:58:50,250 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:50,250 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:50,267 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1044 transitions. [2022-02-20 17:58:50,268 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:50,294 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1044 transitions. [2022-02-20 17:58:50,294 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1044 transitions. [2022-02-20 17:58:51,018 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1044 edges. 1044 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:51,037 INFO L225 Difference]: With dead ends: 711 [2022-02-20 17:58:51,037 INFO L226 Difference]: Without dead ends: 453 [2022-02-20 17:58:51,038 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 204 GetRequests, 196 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:51,039 INFO L933 BasicCegarLoop]: 674 mSDtfsCounter, 1 mSDsluCounter, 672 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1 SdHoareTripleChecker+Valid, 1346 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:51,039 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1 Valid, 1346 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:51,041 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 453 states. [2022-02-20 17:58:51,057 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 453 to 452. [2022-02-20 17:58:51,058 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:51,059 INFO L82 GeneralOperation]: Start isEquivalent. First operand 453 states. Second operand has 452 states, 347 states have (on average 1.5244956772334295) internal successors, (529), 352 states have internal predecessors, (529), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 17:58:51,060 INFO L74 IsIncluded]: Start isIncluded. First operand 453 states. Second operand has 452 states, 347 states have (on average 1.5244956772334295) internal successors, (529), 352 states have internal predecessors, (529), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 17:58:51,061 INFO L87 Difference]: Start difference. First operand 453 states. Second operand has 452 states, 347 states have (on average 1.5244956772334295) internal successors, (529), 352 states have internal predecessors, (529), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 17:58:51,081 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:51,081 INFO L93 Difference]: Finished difference Result 453 states and 679 transitions. [2022-02-20 17:58:51,081 INFO L276 IsEmpty]: Start isEmpty. Operand 453 states and 679 transitions. [2022-02-20 17:58:51,083 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:51,083 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:51,085 INFO L74 IsIncluded]: Start isIncluded. First operand has 452 states, 347 states have (on average 1.5244956772334295) internal successors, (529), 352 states have internal predecessors, (529), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) Second operand 453 states. [2022-02-20 17:58:51,086 INFO L87 Difference]: Start difference. First operand has 452 states, 347 states have (on average 1.5244956772334295) internal successors, (529), 352 states have internal predecessors, (529), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) Second operand 453 states. [2022-02-20 17:58:51,107 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:51,107 INFO L93 Difference]: Finished difference Result 453 states and 679 transitions. [2022-02-20 17:58:51,107 INFO L276 IsEmpty]: Start isEmpty. Operand 453 states and 679 transitions. [2022-02-20 17:58:51,109 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:51,109 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:51,109 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:51,109 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:51,111 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 452 states, 347 states have (on average 1.5244956772334295) internal successors, (529), 352 states have internal predecessors, (529), 76 states have call successors, (76), 29 states have call predecessors, (76), 28 states have return successors, (73), 72 states have call predecessors, (73), 73 states have call successors, (73) [2022-02-20 17:58:51,134 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 452 states to 452 states and 678 transitions. [2022-02-20 17:58:51,134 INFO L78 Accepts]: Start accepts. Automaton has 452 states and 678 transitions. Word has length 159 [2022-02-20 17:58:51,134 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:51,135 INFO L470 AbstractCegarLoop]: Abstraction has 452 states and 678 transitions. [2022-02-20 17:58:51,135 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 27.333333333333332) internal successors, (82), 3 states have internal predecessors, (82), 2 states have call successors, (25), 2 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 2 states have call successors, (21) [2022-02-20 17:58:51,135 INFO L276 IsEmpty]: Start isEmpty. Operand 452 states and 678 transitions. [2022-02-20 17:58:51,137 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 147 [2022-02-20 17:58:51,137 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:51,137 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:51,162 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-02-20 17:58:51,362 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable1 [2022-02-20 17:58:51,362 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:51,363 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:51,363 INFO L85 PathProgramCache]: Analyzing trace with hash 1344644182, now seen corresponding path program 1 times [2022-02-20 17:58:51,363 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:51,363 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [261379529] [2022-02-20 17:58:51,363 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:51,363 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:51,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,460 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:51,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,465 INFO L290 TraceCheckUtils]: 0: Hoare triple {6645#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,465 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,465 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,465 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6568#true} #1358#return; {6568#true} is VALID [2022-02-20 17:58:51,471 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:51,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,475 INFO L290 TraceCheckUtils]: 0: Hoare triple {6646#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,475 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,476 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,476 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6568#true} #1360#return; {6568#true} is VALID [2022-02-20 17:58:51,476 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:51,478 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {6645#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6647#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {6647#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6648#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:51,491 INFO L290 TraceCheckUtils]: 2: Hoare triple {6648#(= |setClientId_#in~handle| 1)} assume true; {6648#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:51,492 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6648#(= |setClientId_#in~handle| 1)} {6578#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1362#return; {6569#false} is VALID [2022-02-20 17:58:51,492 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:51,494 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,496 INFO L290 TraceCheckUtils]: 0: Hoare triple {6646#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,496 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,496 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,496 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1364#return; {6569#false} is VALID [2022-02-20 17:58:51,497 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:51,498 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,500 INFO L290 TraceCheckUtils]: 0: Hoare triple {6645#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,501 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,501 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,501 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1366#return; {6569#false} is VALID [2022-02-20 17:58:51,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:51,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {6646#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,505 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,505 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,505 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1368#return; {6569#false} is VALID [2022-02-20 17:58:51,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 54 [2022-02-20 17:58:51,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,514 INFO L290 TraceCheckUtils]: 0: Hoare triple {6649#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,514 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,515 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,515 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1344#return; {6569#false} is VALID [2022-02-20 17:58:51,522 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:58:51,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,530 INFO L290 TraceCheckUtils]: 0: Hoare triple {6650#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,531 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,531 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,531 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1346#return; {6569#false} is VALID [2022-02-20 17:58:51,531 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 17:58:51,533 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~10; {6568#true} is VALID [2022-02-20 17:58:51,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {6568#true} is VALID [2022-02-20 17:58:51,536 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,536 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1258#return; {6569#false} is VALID [2022-02-20 17:58:51,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 76 [2022-02-20 17:58:51,537 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,539 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~4; {6568#true} is VALID [2022-02-20 17:58:51,539 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {6568#true} is VALID [2022-02-20 17:58:51,539 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,540 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1260#return; {6569#false} is VALID [2022-02-20 17:58:51,540 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 85 [2022-02-20 17:58:51,541 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,542 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~33; {6568#true} is VALID [2022-02-20 17:58:51,542 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {6568#true} is VALID [2022-02-20 17:58:51,543 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,543 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1278#return; {6569#false} is VALID [2022-02-20 17:58:51,543 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 91 [2022-02-20 17:58:51,544 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,546 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {6568#true} is VALID [2022-02-20 17:58:51,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle; {6568#true} is VALID [2022-02-20 17:58:51,546 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {6568#true} is VALID [2022-02-20 17:58:51,546 INFO L290 TraceCheckUtils]: 3: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,546 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {6568#true} {6569#false} #1280#return; {6569#false} is VALID [2022-02-20 17:58:51,546 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 102 [2022-02-20 17:58:51,548 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,552 INFO L290 TraceCheckUtils]: 0: Hoare triple {6649#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,552 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,552 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,552 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1286#return; {6569#false} is VALID [2022-02-20 17:58:51,552 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:58:51,553 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,555 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~38; {6568#true} is VALID [2022-02-20 17:58:51,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {6568#true} is VALID [2022-02-20 17:58:51,555 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,555 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1288#return; {6569#false} is VALID [2022-02-20 17:58:51,555 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 115 [2022-02-20 17:58:51,556 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,558 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~33; {6568#true} is VALID [2022-02-20 17:58:51,558 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {6568#true} is VALID [2022-02-20 17:58:51,558 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,558 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1290#return; {6569#false} is VALID [2022-02-20 17:58:51,558 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 121 [2022-02-20 17:58:51,559 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,561 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~10; {6568#true} is VALID [2022-02-20 17:58:51,561 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {6568#true} is VALID [2022-02-20 17:58:51,561 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,561 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1292#return; {6569#false} is VALID [2022-02-20 17:58:51,561 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 130 [2022-02-20 17:58:51,562 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,564 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~32; {6568#true} is VALID [2022-02-20 17:58:51,564 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {6568#true} is VALID [2022-02-20 17:58:51,564 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,564 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6568#true} {6569#false} #1304#return; {6569#false} is VALID [2022-02-20 17:58:51,564 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 17:58:51,566 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {6568#true} is VALID [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume 1 == ~handle; {6568#true} is VALID [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {6568#true} is VALID [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 3: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,568 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {6568#true} {6569#false} #1306#return; {6569#false} is VALID [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {6568#true} is VALID [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {6568#true} is VALID [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6568#true} is VALID [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 3: Hoare triple {6568#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {6568#true} is VALID [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 4: Hoare triple {6568#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {6568#true} is VALID [2022-02-20 17:58:51,568 INFO L290 TraceCheckUtils]: 5: Hoare triple {6568#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6568#true} is VALID [2022-02-20 17:58:51,569 INFO L272 TraceCheckUtils]: 6: Hoare triple {6568#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6645#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:51,569 INFO L290 TraceCheckUtils]: 7: Hoare triple {6645#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,569 INFO L290 TraceCheckUtils]: 8: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,569 INFO L290 TraceCheckUtils]: 9: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,570 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6568#true} {6568#true} #1358#return; {6568#true} is VALID [2022-02-20 17:58:51,570 INFO L290 TraceCheckUtils]: 11: Hoare triple {6568#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6568#true} is VALID [2022-02-20 17:58:51,570 INFO L272 TraceCheckUtils]: 12: Hoare triple {6568#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6646#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:51,570 INFO L290 TraceCheckUtils]: 13: Hoare triple {6646#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,571 INFO L290 TraceCheckUtils]: 14: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,571 INFO L290 TraceCheckUtils]: 15: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,571 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6568#true} {6568#true} #1360#return; {6568#true} is VALID [2022-02-20 17:58:51,571 INFO L290 TraceCheckUtils]: 17: Hoare triple {6568#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6578#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:51,572 INFO L272 TraceCheckUtils]: 18: Hoare triple {6578#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6645#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:51,572 INFO L290 TraceCheckUtils]: 19: Hoare triple {6645#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6647#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:51,573 INFO L290 TraceCheckUtils]: 20: Hoare triple {6647#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6648#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:51,573 INFO L290 TraceCheckUtils]: 21: Hoare triple {6648#(= |setClientId_#in~handle| 1)} assume true; {6648#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:51,573 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6648#(= |setClientId_#in~handle| 1)} {6578#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1362#return; {6569#false} is VALID [2022-02-20 17:58:51,574 INFO L290 TraceCheckUtils]: 23: Hoare triple {6569#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {6569#false} is VALID [2022-02-20 17:58:51,574 INFO L272 TraceCheckUtils]: 24: Hoare triple {6569#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6646#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:51,574 INFO L290 TraceCheckUtils]: 25: Hoare triple {6646#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,574 INFO L290 TraceCheckUtils]: 26: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,574 INFO L290 TraceCheckUtils]: 27: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,574 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6568#true} {6569#false} #1364#return; {6569#false} is VALID [2022-02-20 17:58:51,574 INFO L290 TraceCheckUtils]: 29: Hoare triple {6569#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6569#false} is VALID [2022-02-20 17:58:51,574 INFO L272 TraceCheckUtils]: 30: Hoare triple {6569#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6645#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:51,574 INFO L290 TraceCheckUtils]: 31: Hoare triple {6645#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,574 INFO L290 TraceCheckUtils]: 32: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,575 INFO L290 TraceCheckUtils]: 33: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,575 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6568#true} {6569#false} #1366#return; {6569#false} is VALID [2022-02-20 17:58:51,575 INFO L290 TraceCheckUtils]: 35: Hoare triple {6569#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {6569#false} is VALID [2022-02-20 17:58:51,575 INFO L272 TraceCheckUtils]: 36: Hoare triple {6569#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6646#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:51,575 INFO L290 TraceCheckUtils]: 37: Hoare triple {6646#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,575 INFO L290 TraceCheckUtils]: 38: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,575 INFO L290 TraceCheckUtils]: 39: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,575 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6568#true} {6569#false} #1368#return; {6569#false} is VALID [2022-02-20 17:58:51,575 INFO L290 TraceCheckUtils]: 41: Hoare triple {6569#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {6569#false} is VALID [2022-02-20 17:58:51,575 INFO L290 TraceCheckUtils]: 42: Hoare triple {6569#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 43: Hoare triple {6569#false} assume !false; {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 44: Hoare triple {6569#false} assume test_~splverifierCounter~0#1 < 4; {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 45: Hoare triple {6569#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 46: Hoare triple {6569#false} assume !(0 == test_~op1~0#1); {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 47: Hoare triple {6569#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 48: Hoare triple {6569#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 49: Hoare triple {6569#false} assume !false; {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 50: Hoare triple {6569#false} assume !(test_~splverifierCounter~0#1 < 4); {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 51: Hoare triple {6569#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L272 TraceCheckUtils]: 52: Hoare triple {6569#false} call sendEmail(~bob~0, ~rjh~0); {6569#false} is VALID [2022-02-20 17:58:51,576 INFO L290 TraceCheckUtils]: 53: Hoare triple {6569#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6569#false} is VALID [2022-02-20 17:58:51,577 INFO L272 TraceCheckUtils]: 54: Hoare triple {6569#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6649#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:51,577 INFO L290 TraceCheckUtils]: 55: Hoare triple {6649#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,577 INFO L290 TraceCheckUtils]: 56: Hoare triple {6568#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,577 INFO L290 TraceCheckUtils]: 57: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,577 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {6568#true} {6569#false} #1344#return; {6569#false} is VALID [2022-02-20 17:58:51,577 INFO L272 TraceCheckUtils]: 59: Hoare triple {6569#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6650#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:51,577 INFO L290 TraceCheckUtils]: 60: Hoare triple {6650#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,577 INFO L290 TraceCheckUtils]: 61: Hoare triple {6568#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,577 INFO L290 TraceCheckUtils]: 62: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,577 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {6568#true} {6569#false} #1346#return; {6569#false} is VALID [2022-02-20 17:58:51,577 INFO L290 TraceCheckUtils]: 64: Hoare triple {6569#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {6569#false} is VALID [2022-02-20 17:58:51,578 INFO L290 TraceCheckUtils]: 65: Hoare triple {6569#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {6569#false} is VALID [2022-02-20 17:58:51,578 INFO L272 TraceCheckUtils]: 66: Hoare triple {6569#false} call outgoing(~sender#1, ~email~0#1); {6569#false} is VALID [2022-02-20 17:58:51,578 INFO L290 TraceCheckUtils]: 67: Hoare triple {6569#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {6569#false} is VALID [2022-02-20 17:58:51,578 INFO L272 TraceCheckUtils]: 68: Hoare triple {6569#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {6568#true} is VALID [2022-02-20 17:58:51,578 INFO L290 TraceCheckUtils]: 69: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~10; {6568#true} is VALID [2022-02-20 17:58:51,578 INFO L290 TraceCheckUtils]: 70: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {6568#true} is VALID [2022-02-20 17:58:51,578 INFO L290 TraceCheckUtils]: 71: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,578 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {6568#true} {6569#false} #1258#return; {6569#false} is VALID [2022-02-20 17:58:51,578 INFO L290 TraceCheckUtils]: 73: Hoare triple {6569#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {6569#false} is VALID [2022-02-20 17:58:51,578 INFO L290 TraceCheckUtils]: 74: Hoare triple {6569#false} assume 0 == sign_~privkey~1#1; {6569#false} is VALID [2022-02-20 17:58:51,578 INFO L290 TraceCheckUtils]: 75: Hoare triple {6569#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {6569#false} is VALID [2022-02-20 17:58:51,578 INFO L272 TraceCheckUtils]: 76: Hoare triple {6569#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {6568#true} is VALID [2022-02-20 17:58:51,579 INFO L290 TraceCheckUtils]: 77: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~4; {6568#true} is VALID [2022-02-20 17:58:51,579 INFO L290 TraceCheckUtils]: 78: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {6568#true} is VALID [2022-02-20 17:58:51,579 INFO L290 TraceCheckUtils]: 79: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,579 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {6568#true} {6569#false} #1260#return; {6569#false} is VALID [2022-02-20 17:58:51,579 INFO L290 TraceCheckUtils]: 81: Hoare triple {6569#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {6569#false} is VALID [2022-02-20 17:58:51,579 INFO L290 TraceCheckUtils]: 82: Hoare triple {6569#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {6569#false} is VALID [2022-02-20 17:58:51,579 INFO L272 TraceCheckUtils]: 83: Hoare triple {6569#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {6569#false} is VALID [2022-02-20 17:58:51,579 INFO L290 TraceCheckUtils]: 84: Hoare triple {6569#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {6569#false} is VALID [2022-02-20 17:58:51,579 INFO L272 TraceCheckUtils]: 85: Hoare triple {6569#false} call #t~ret38#1 := getEmailTo(~msg#1); {6568#true} is VALID [2022-02-20 17:58:51,579 INFO L290 TraceCheckUtils]: 86: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~33; {6568#true} is VALID [2022-02-20 17:58:51,579 INFO L290 TraceCheckUtils]: 87: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {6568#true} is VALID [2022-02-20 17:58:51,580 INFO L290 TraceCheckUtils]: 88: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,580 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {6568#true} {6569#false} #1278#return; {6569#false} is VALID [2022-02-20 17:58:51,580 INFO L290 TraceCheckUtils]: 90: Hoare triple {6569#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {6569#false} is VALID [2022-02-20 17:58:51,580 INFO L272 TraceCheckUtils]: 91: Hoare triple {6569#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {6568#true} is VALID [2022-02-20 17:58:51,580 INFO L290 TraceCheckUtils]: 92: Hoare triple {6568#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {6568#true} is VALID [2022-02-20 17:58:51,580 INFO L290 TraceCheckUtils]: 93: Hoare triple {6568#true} assume 1 == ~handle; {6568#true} is VALID [2022-02-20 17:58:51,580 INFO L290 TraceCheckUtils]: 94: Hoare triple {6568#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {6568#true} is VALID [2022-02-20 17:58:51,580 INFO L290 TraceCheckUtils]: 95: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,580 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {6568#true} {6569#false} #1280#return; {6569#false} is VALID [2022-02-20 17:58:51,580 INFO L290 TraceCheckUtils]: 97: Hoare triple {6569#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {6569#false} is VALID [2022-02-20 17:58:51,580 INFO L290 TraceCheckUtils]: 98: Hoare triple {6569#false} assume !(0 != ~pubkey~1#1); {6569#false} is VALID [2022-02-20 17:58:51,581 INFO L290 TraceCheckUtils]: 99: Hoare triple {6569#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {6569#false} is VALID [2022-02-20 17:58:51,581 INFO L290 TraceCheckUtils]: 100: Hoare triple {6569#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {6569#false} is VALID [2022-02-20 17:58:51,581 INFO L290 TraceCheckUtils]: 101: Hoare triple {6569#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {6569#false} is VALID [2022-02-20 17:58:51,581 INFO L272 TraceCheckUtils]: 102: Hoare triple {6569#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {6649#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:51,581 INFO L290 TraceCheckUtils]: 103: Hoare triple {6649#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:51,581 INFO L290 TraceCheckUtils]: 104: Hoare triple {6568#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:51,581 INFO L290 TraceCheckUtils]: 105: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,581 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {6568#true} {6569#false} #1286#return; {6569#false} is VALID [2022-02-20 17:58:51,581 INFO L290 TraceCheckUtils]: 107: Hoare triple {6569#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {6569#false} is VALID [2022-02-20 17:58:51,581 INFO L272 TraceCheckUtils]: 108: Hoare triple {6569#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {6568#true} is VALID [2022-02-20 17:58:51,581 INFO L290 TraceCheckUtils]: 109: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~38; {6568#true} is VALID [2022-02-20 17:58:51,582 INFO L290 TraceCheckUtils]: 110: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {6568#true} is VALID [2022-02-20 17:58:51,582 INFO L290 TraceCheckUtils]: 111: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,582 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {6568#true} {6569#false} #1288#return; {6569#false} is VALID [2022-02-20 17:58:51,582 INFO L290 TraceCheckUtils]: 113: Hoare triple {6569#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {6569#false} is VALID [2022-02-20 17:58:51,582 INFO L290 TraceCheckUtils]: 114: Hoare triple {6569#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {6569#false} is VALID [2022-02-20 17:58:51,582 INFO L272 TraceCheckUtils]: 115: Hoare triple {6569#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {6568#true} is VALID [2022-02-20 17:58:51,582 INFO L290 TraceCheckUtils]: 116: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~33; {6568#true} is VALID [2022-02-20 17:58:51,582 INFO L290 TraceCheckUtils]: 117: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {6568#true} is VALID [2022-02-20 17:58:51,582 INFO L290 TraceCheckUtils]: 118: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,582 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {6568#true} {6569#false} #1290#return; {6569#false} is VALID [2022-02-20 17:58:51,582 INFO L290 TraceCheckUtils]: 120: Hoare triple {6569#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {6569#false} is VALID [2022-02-20 17:58:51,583 INFO L272 TraceCheckUtils]: 121: Hoare triple {6569#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {6568#true} is VALID [2022-02-20 17:58:51,583 INFO L290 TraceCheckUtils]: 122: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~10; {6568#true} is VALID [2022-02-20 17:58:51,583 INFO L290 TraceCheckUtils]: 123: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {6568#true} is VALID [2022-02-20 17:58:51,583 INFO L290 TraceCheckUtils]: 124: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,583 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {6568#true} {6569#false} #1292#return; {6569#false} is VALID [2022-02-20 17:58:51,583 INFO L290 TraceCheckUtils]: 126: Hoare triple {6569#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {6569#false} is VALID [2022-02-20 17:58:51,583 INFO L290 TraceCheckUtils]: 127: Hoare triple {6569#false} assume !(0 != incoming_~privkey~0#1); {6569#false} is VALID [2022-02-20 17:58:51,583 INFO L290 TraceCheckUtils]: 128: Hoare triple {6569#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {6569#false} is VALID [2022-02-20 17:58:51,583 INFO L290 TraceCheckUtils]: 129: Hoare triple {6569#false} assume 1 == ~sent_signed~0; {6569#false} is VALID [2022-02-20 17:58:51,583 INFO L272 TraceCheckUtils]: 130: Hoare triple {6569#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {6568#true} is VALID [2022-02-20 17:58:51,583 INFO L290 TraceCheckUtils]: 131: Hoare triple {6568#true} ~handle := #in~handle;havoc ~retValue_acc~32; {6568#true} is VALID [2022-02-20 17:58:51,584 INFO L290 TraceCheckUtils]: 132: Hoare triple {6568#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {6568#true} is VALID [2022-02-20 17:58:51,584 INFO L290 TraceCheckUtils]: 133: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,584 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {6568#true} {6569#false} #1304#return; {6569#false} is VALID [2022-02-20 17:58:51,584 INFO L290 TraceCheckUtils]: 135: Hoare triple {6569#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {6569#false} is VALID [2022-02-20 17:58:51,584 INFO L272 TraceCheckUtils]: 136: Hoare triple {6569#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {6568#true} is VALID [2022-02-20 17:58:51,584 INFO L290 TraceCheckUtils]: 137: Hoare triple {6568#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {6568#true} is VALID [2022-02-20 17:58:51,584 INFO L290 TraceCheckUtils]: 138: Hoare triple {6568#true} assume 1 == ~handle; {6568#true} is VALID [2022-02-20 17:58:51,584 INFO L290 TraceCheckUtils]: 139: Hoare triple {6568#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {6568#true} is VALID [2022-02-20 17:58:51,584 INFO L290 TraceCheckUtils]: 140: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:51,584 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {6568#true} {6569#false} #1306#return; {6569#false} is VALID [2022-02-20 17:58:51,584 INFO L290 TraceCheckUtils]: 142: Hoare triple {6569#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {6569#false} is VALID [2022-02-20 17:58:51,585 INFO L290 TraceCheckUtils]: 143: Hoare triple {6569#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {6569#false} is VALID [2022-02-20 17:58:51,585 INFO L272 TraceCheckUtils]: 144: Hoare triple {6569#false} call __automaton_fail(); {6569#false} is VALID [2022-02-20 17:58:51,585 INFO L290 TraceCheckUtils]: 145: Hoare triple {6569#false} assume !false; {6569#false} is VALID [2022-02-20 17:58:51,585 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:51,585 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:51,585 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [261379529] [2022-02-20 17:58:51,587 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [261379529] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:51,587 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1779473408] [2022-02-20 17:58:51,588 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:51,588 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:51,588 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:51,592 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:51,599 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2022-02-20 17:58:51,859 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,863 INFO L263 TraceCheckSpWp]: Trace formula consists of 1308 conjuncts, 3 conjunts are in the unsatisfiable core [2022-02-20 17:58:51,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:51,923 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:52,226 INFO L290 TraceCheckUtils]: 0: Hoare triple {6568#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L290 TraceCheckUtils]: 1: Hoare triple {6568#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L290 TraceCheckUtils]: 2: Hoare triple {6568#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L290 TraceCheckUtils]: 3: Hoare triple {6568#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L290 TraceCheckUtils]: 4: Hoare triple {6568#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L290 TraceCheckUtils]: 5: Hoare triple {6568#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L272 TraceCheckUtils]: 6: Hoare triple {6568#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L290 TraceCheckUtils]: 7: Hoare triple {6568#true} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L290 TraceCheckUtils]: 8: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L290 TraceCheckUtils]: 9: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {6568#true} {6568#true} #1358#return; {6568#true} is VALID [2022-02-20 17:58:52,227 INFO L290 TraceCheckUtils]: 11: Hoare triple {6568#true} assume { :end_inline_setup_bob__wrappee__Base } true; {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L272 TraceCheckUtils]: 12: Hoare triple {6568#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L290 TraceCheckUtils]: 13: Hoare triple {6568#true} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L290 TraceCheckUtils]: 14: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L290 TraceCheckUtils]: 15: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {6568#true} {6568#true} #1360#return; {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L290 TraceCheckUtils]: 17: Hoare triple {6568#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L272 TraceCheckUtils]: 18: Hoare triple {6568#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L290 TraceCheckUtils]: 19: Hoare triple {6568#true} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L290 TraceCheckUtils]: 20: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:52,228 INFO L290 TraceCheckUtils]: 21: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {6568#true} {6568#true} #1362#return; {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L290 TraceCheckUtils]: 23: Hoare triple {6568#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L272 TraceCheckUtils]: 24: Hoare triple {6568#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L290 TraceCheckUtils]: 25: Hoare triple {6568#true} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L290 TraceCheckUtils]: 26: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L290 TraceCheckUtils]: 27: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {6568#true} {6568#true} #1364#return; {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L290 TraceCheckUtils]: 29: Hoare triple {6568#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L272 TraceCheckUtils]: 30: Hoare triple {6568#true} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L290 TraceCheckUtils]: 31: Hoare triple {6568#true} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:52,229 INFO L290 TraceCheckUtils]: 32: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:52,230 INFO L290 TraceCheckUtils]: 33: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:52,230 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6568#true} {6568#true} #1366#return; {6568#true} is VALID [2022-02-20 17:58:52,230 INFO L290 TraceCheckUtils]: 35: Hoare triple {6568#true} assume { :end_inline_setup_chuck__wrappee__Base } true; {6568#true} is VALID [2022-02-20 17:58:52,230 INFO L272 TraceCheckUtils]: 36: Hoare triple {6568#true} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {6568#true} is VALID [2022-02-20 17:58:52,230 INFO L290 TraceCheckUtils]: 37: Hoare triple {6568#true} ~handle := #in~handle;~value := #in~value; {6568#true} is VALID [2022-02-20 17:58:52,230 INFO L290 TraceCheckUtils]: 38: Hoare triple {6568#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {6568#true} is VALID [2022-02-20 17:58:52,230 INFO L290 TraceCheckUtils]: 39: Hoare triple {6568#true} assume true; {6568#true} is VALID [2022-02-20 17:58:52,230 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {6568#true} {6568#true} #1368#return; {6568#true} is VALID [2022-02-20 17:58:52,230 INFO L290 TraceCheckUtils]: 41: Hoare triple {6568#true} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {6568#true} is VALID [2022-02-20 17:58:52,233 INFO L290 TraceCheckUtils]: 42: Hoare triple {6568#true} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {6780#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:52,237 INFO L290 TraceCheckUtils]: 43: Hoare triple {6780#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !false; {6780#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:52,237 INFO L290 TraceCheckUtils]: 44: Hoare triple {6780#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume test_~splverifierCounter~0#1 < 4; {6780#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:52,237 INFO L290 TraceCheckUtils]: 45: Hoare triple {6780#(= |ULTIMATE.start_test_~op1~0#1| 0)} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {6780#(= |ULTIMATE.start_test_~op1~0#1| 0)} is VALID [2022-02-20 17:58:52,238 INFO L290 TraceCheckUtils]: 46: Hoare triple {6780#(= |ULTIMATE.start_test_~op1~0#1| 0)} assume !(0 == test_~op1~0#1); {6569#false} is VALID [2022-02-20 17:58:52,238 INFO L290 TraceCheckUtils]: 47: Hoare triple {6569#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {6569#false} is VALID [2022-02-20 17:58:52,238 INFO L290 TraceCheckUtils]: 48: Hoare triple {6569#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {6569#false} is VALID [2022-02-20 17:58:52,238 INFO L290 TraceCheckUtils]: 49: Hoare triple {6569#false} assume !false; {6569#false} is VALID [2022-02-20 17:58:52,238 INFO L290 TraceCheckUtils]: 50: Hoare triple {6569#false} assume !(test_~splverifierCounter~0#1 < 4); {6569#false} is VALID [2022-02-20 17:58:52,238 INFO L290 TraceCheckUtils]: 51: Hoare triple {6569#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {6569#false} is VALID [2022-02-20 17:58:52,238 INFO L272 TraceCheckUtils]: 52: Hoare triple {6569#false} call sendEmail(~bob~0, ~rjh~0); {6569#false} is VALID [2022-02-20 17:58:52,238 INFO L290 TraceCheckUtils]: 53: Hoare triple {6569#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {6569#false} is VALID [2022-02-20 17:58:52,238 INFO L272 TraceCheckUtils]: 54: Hoare triple {6569#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {6569#false} is VALID [2022-02-20 17:58:52,238 INFO L290 TraceCheckUtils]: 55: Hoare triple {6569#false} ~handle := #in~handle;~value := #in~value; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L290 TraceCheckUtils]: 56: Hoare triple {6569#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L290 TraceCheckUtils]: 57: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L284 TraceCheckUtils]: 58: Hoare quadruple {6569#false} {6569#false} #1344#return; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L272 TraceCheckUtils]: 59: Hoare triple {6569#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L290 TraceCheckUtils]: 60: Hoare triple {6569#false} ~handle := #in~handle;~value := #in~value; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L290 TraceCheckUtils]: 61: Hoare triple {6569#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L290 TraceCheckUtils]: 62: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {6569#false} {6569#false} #1346#return; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L290 TraceCheckUtils]: 64: Hoare triple {6569#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L290 TraceCheckUtils]: 65: Hoare triple {6569#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {6569#false} is VALID [2022-02-20 17:58:52,239 INFO L272 TraceCheckUtils]: 66: Hoare triple {6569#false} call outgoing(~sender#1, ~email~0#1); {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L290 TraceCheckUtils]: 67: Hoare triple {6569#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L272 TraceCheckUtils]: 68: Hoare triple {6569#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L290 TraceCheckUtils]: 69: Hoare triple {6569#false} ~handle := #in~handle;havoc ~retValue_acc~10; {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L290 TraceCheckUtils]: 70: Hoare triple {6569#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L290 TraceCheckUtils]: 71: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {6569#false} {6569#false} #1258#return; {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L290 TraceCheckUtils]: 73: Hoare triple {6569#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L290 TraceCheckUtils]: 74: Hoare triple {6569#false} assume 0 == sign_~privkey~1#1; {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L290 TraceCheckUtils]: 75: Hoare triple {6569#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L272 TraceCheckUtils]: 76: Hoare triple {6569#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {6569#false} is VALID [2022-02-20 17:58:52,240 INFO L290 TraceCheckUtils]: 77: Hoare triple {6569#false} ~handle := #in~handle;havoc ~retValue_acc~4; {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L290 TraceCheckUtils]: 78: Hoare triple {6569#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L290 TraceCheckUtils]: 79: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L284 TraceCheckUtils]: 80: Hoare quadruple {6569#false} {6569#false} #1260#return; {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L290 TraceCheckUtils]: 81: Hoare triple {6569#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L290 TraceCheckUtils]: 82: Hoare triple {6569#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L272 TraceCheckUtils]: 83: Hoare triple {6569#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L290 TraceCheckUtils]: 84: Hoare triple {6569#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L272 TraceCheckUtils]: 85: Hoare triple {6569#false} call #t~ret38#1 := getEmailTo(~msg#1); {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L290 TraceCheckUtils]: 86: Hoare triple {6569#false} ~handle := #in~handle;havoc ~retValue_acc~33; {6569#false} is VALID [2022-02-20 17:58:52,241 INFO L290 TraceCheckUtils]: 87: Hoare triple {6569#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L290 TraceCheckUtils]: 88: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L284 TraceCheckUtils]: 89: Hoare quadruple {6569#false} {6569#false} #1278#return; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L290 TraceCheckUtils]: 90: Hoare triple {6569#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L272 TraceCheckUtils]: 91: Hoare triple {6569#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L290 TraceCheckUtils]: 92: Hoare triple {6569#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L290 TraceCheckUtils]: 93: Hoare triple {6569#false} assume 1 == ~handle; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L290 TraceCheckUtils]: 94: Hoare triple {6569#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L290 TraceCheckUtils]: 95: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L284 TraceCheckUtils]: 96: Hoare quadruple {6569#false} {6569#false} #1280#return; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L290 TraceCheckUtils]: 97: Hoare triple {6569#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {6569#false} is VALID [2022-02-20 17:58:52,242 INFO L290 TraceCheckUtils]: 98: Hoare triple {6569#false} assume !(0 != ~pubkey~1#1); {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L290 TraceCheckUtils]: 99: Hoare triple {6569#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L290 TraceCheckUtils]: 100: Hoare triple {6569#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L290 TraceCheckUtils]: 101: Hoare triple {6569#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L272 TraceCheckUtils]: 102: Hoare triple {6569#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L290 TraceCheckUtils]: 103: Hoare triple {6569#false} ~handle := #in~handle;~value := #in~value; {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L290 TraceCheckUtils]: 104: Hoare triple {6569#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L290 TraceCheckUtils]: 105: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L284 TraceCheckUtils]: 106: Hoare quadruple {6569#false} {6569#false} #1286#return; {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L290 TraceCheckUtils]: 107: Hoare triple {6569#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L272 TraceCheckUtils]: 108: Hoare triple {6569#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {6569#false} is VALID [2022-02-20 17:58:52,243 INFO L290 TraceCheckUtils]: 109: Hoare triple {6569#false} ~handle := #in~handle;havoc ~retValue_acc~38; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L290 TraceCheckUtils]: 110: Hoare triple {6569#false} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L290 TraceCheckUtils]: 111: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {6569#false} {6569#false} #1288#return; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L290 TraceCheckUtils]: 113: Hoare triple {6569#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L290 TraceCheckUtils]: 114: Hoare triple {6569#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L272 TraceCheckUtils]: 115: Hoare triple {6569#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L290 TraceCheckUtils]: 116: Hoare triple {6569#false} ~handle := #in~handle;havoc ~retValue_acc~33; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L290 TraceCheckUtils]: 117: Hoare triple {6569#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L290 TraceCheckUtils]: 118: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {6569#false} {6569#false} #1290#return; {6569#false} is VALID [2022-02-20 17:58:52,244 INFO L290 TraceCheckUtils]: 120: Hoare triple {6569#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L272 TraceCheckUtils]: 121: Hoare triple {6569#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L290 TraceCheckUtils]: 122: Hoare triple {6569#false} ~handle := #in~handle;havoc ~retValue_acc~10; {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L290 TraceCheckUtils]: 123: Hoare triple {6569#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L290 TraceCheckUtils]: 124: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L284 TraceCheckUtils]: 125: Hoare quadruple {6569#false} {6569#false} #1292#return; {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L290 TraceCheckUtils]: 126: Hoare triple {6569#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L290 TraceCheckUtils]: 127: Hoare triple {6569#false} assume !(0 != incoming_~privkey~0#1); {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L290 TraceCheckUtils]: 128: Hoare triple {6569#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L290 TraceCheckUtils]: 129: Hoare triple {6569#false} assume 1 == ~sent_signed~0; {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L272 TraceCheckUtils]: 130: Hoare triple {6569#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {6569#false} is VALID [2022-02-20 17:58:52,245 INFO L290 TraceCheckUtils]: 131: Hoare triple {6569#false} ~handle := #in~handle;havoc ~retValue_acc~32; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L290 TraceCheckUtils]: 132: Hoare triple {6569#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L290 TraceCheckUtils]: 133: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L284 TraceCheckUtils]: 134: Hoare quadruple {6569#false} {6569#false} #1304#return; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L290 TraceCheckUtils]: 135: Hoare triple {6569#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L272 TraceCheckUtils]: 136: Hoare triple {6569#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L290 TraceCheckUtils]: 137: Hoare triple {6569#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L290 TraceCheckUtils]: 138: Hoare triple {6569#false} assume 1 == ~handle; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L290 TraceCheckUtils]: 139: Hoare triple {6569#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L290 TraceCheckUtils]: 140: Hoare triple {6569#false} assume true; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L284 TraceCheckUtils]: 141: Hoare quadruple {6569#false} {6569#false} #1306#return; {6569#false} is VALID [2022-02-20 17:58:52,246 INFO L290 TraceCheckUtils]: 142: Hoare triple {6569#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {6569#false} is VALID [2022-02-20 17:58:52,247 INFO L290 TraceCheckUtils]: 143: Hoare triple {6569#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {6569#false} is VALID [2022-02-20 17:58:52,247 INFO L272 TraceCheckUtils]: 144: Hoare triple {6569#false} call __automaton_fail(); {6569#false} is VALID [2022-02-20 17:58:52,247 INFO L290 TraceCheckUtils]: 145: Hoare triple {6569#false} assume !false; {6569#false} is VALID [2022-02-20 17:58:52,247 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 41 trivial. 0 not checked. [2022-02-20 17:58:52,247 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:52,247 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1779473408] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:52,247 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:52,248 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 10 [2022-02-20 17:58:52,248 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [505300630] [2022-02-20 17:58:52,248 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:52,249 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 146 [2022-02-20 17:58:52,249 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:52,250 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:52,338 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 121 edges. 121 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:52,338 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 17:58:52,338 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:52,339 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 17:58:52,339 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:52,339 INFO L87 Difference]: Start difference. First operand 452 states and 678 transitions. Second operand has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:53,066 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:53,066 INFO L93 Difference]: Finished difference Result 952 states and 1448 transitions. [2022-02-20 17:58:53,067 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 17:58:53,067 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) Word has length 146 [2022-02-20 17:58:53,067 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:53,067 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:53,083 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1446 transitions. [2022-02-20 17:58:53,084 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:53,099 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 1446 transitions. [2022-02-20 17:58:53,099 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 1446 transitions. [2022-02-20 17:58:54,054 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1446 edges. 1446 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:54,074 INFO L225 Difference]: With dead ends: 952 [2022-02-20 17:58:54,074 INFO L226 Difference]: Without dead ends: 527 [2022-02-20 17:58:54,076 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 185 GetRequests, 177 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 17:58:54,077 INFO L933 BasicCegarLoop]: 696 mSDtfsCounter, 134 mSDsluCounter, 629 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 152 SdHoareTripleChecker+Valid, 1325 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:54,077 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [152 Valid, 1325 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:54,078 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 527 states. [2022-02-20 17:58:54,098 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 527 to 519. [2022-02-20 17:58:54,099 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:54,100 INFO L82 GeneralOperation]: Start isEquivalent. First operand 527 states. Second operand has 519 states, 400 states have (on average 1.545) internal successors, (618), 405 states have internal predecessors, (618), 90 states have call successors, (90), 29 states have call predecessors, (90), 28 states have return successors, (87), 86 states have call predecessors, (87), 87 states have call successors, (87) [2022-02-20 17:58:54,101 INFO L74 IsIncluded]: Start isIncluded. First operand 527 states. Second operand has 519 states, 400 states have (on average 1.545) internal successors, (618), 405 states have internal predecessors, (618), 90 states have call successors, (90), 29 states have call predecessors, (90), 28 states have return successors, (87), 86 states have call predecessors, (87), 87 states have call successors, (87) [2022-02-20 17:58:54,102 INFO L87 Difference]: Start difference. First operand 527 states. Second operand has 519 states, 400 states have (on average 1.545) internal successors, (618), 405 states have internal predecessors, (618), 90 states have call successors, (90), 29 states have call predecessors, (90), 28 states have return successors, (87), 86 states have call predecessors, (87), 87 states have call successors, (87) [2022-02-20 17:58:54,124 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:54,124 INFO L93 Difference]: Finished difference Result 527 states and 804 transitions. [2022-02-20 17:58:54,124 INFO L276 IsEmpty]: Start isEmpty. Operand 527 states and 804 transitions. [2022-02-20 17:58:54,126 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:54,127 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:54,128 INFO L74 IsIncluded]: Start isIncluded. First operand has 519 states, 400 states have (on average 1.545) internal successors, (618), 405 states have internal predecessors, (618), 90 states have call successors, (90), 29 states have call predecessors, (90), 28 states have return successors, (87), 86 states have call predecessors, (87), 87 states have call successors, (87) Second operand 527 states. [2022-02-20 17:58:54,129 INFO L87 Difference]: Start difference. First operand has 519 states, 400 states have (on average 1.545) internal successors, (618), 405 states have internal predecessors, (618), 90 states have call successors, (90), 29 states have call predecessors, (90), 28 states have return successors, (87), 86 states have call predecessors, (87), 87 states have call successors, (87) Second operand 527 states. [2022-02-20 17:58:54,151 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:54,151 INFO L93 Difference]: Finished difference Result 527 states and 804 transitions. [2022-02-20 17:58:54,151 INFO L276 IsEmpty]: Start isEmpty. Operand 527 states and 804 transitions. [2022-02-20 17:58:54,153 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:54,153 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:54,153 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:54,154 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:54,155 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 519 states, 400 states have (on average 1.545) internal successors, (618), 405 states have internal predecessors, (618), 90 states have call successors, (90), 29 states have call predecessors, (90), 28 states have return successors, (87), 86 states have call predecessors, (87), 87 states have call successors, (87) [2022-02-20 17:58:54,180 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 519 states to 519 states and 795 transitions. [2022-02-20 17:58:54,181 INFO L78 Accepts]: Start accepts. Automaton has 519 states and 795 transitions. Word has length 146 [2022-02-20 17:58:54,181 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:54,181 INFO L470 AbstractCegarLoop]: Abstraction has 519 states and 795 transitions. [2022-02-20 17:58:54,182 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 27.0) internal successors, (81), 3 states have internal predecessors, (81), 2 states have call successors, (22), 2 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 2 states have call successors, (18) [2022-02-20 17:58:54,182 INFO L276 IsEmpty]: Start isEmpty. Operand 519 states and 795 transitions. [2022-02-20 17:58:54,184 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 148 [2022-02-20 17:58:54,184 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:54,184 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:54,211 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2022-02-20 17:58:54,399 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:54,400 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:54,400 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:54,400 INFO L85 PathProgramCache]: Analyzing trace with hash 303383336, now seen corresponding path program 1 times [2022-02-20 17:58:54,400 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:54,400 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1260230124] [2022-02-20 17:58:54,400 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:54,401 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:54,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,497 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:54,499 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,502 INFO L290 TraceCheckUtils]: 0: Hoare triple {10263#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,502 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,502 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,502 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10186#true} #1358#return; {10186#true} is VALID [2022-02-20 17:58:54,507 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:54,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,511 INFO L290 TraceCheckUtils]: 0: Hoare triple {10264#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,511 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,511 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,511 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10186#true} #1360#return; {10186#true} is VALID [2022-02-20 17:58:54,512 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:54,514 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,527 INFO L290 TraceCheckUtils]: 0: Hoare triple {10263#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10265#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:54,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {10265#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10266#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:54,527 INFO L290 TraceCheckUtils]: 2: Hoare triple {10266#(= |setClientId_#in~handle| 1)} assume true; {10266#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:54,528 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10266#(= |setClientId_#in~handle| 1)} {10196#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1362#return; {10187#false} is VALID [2022-02-20 17:58:54,528 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 17:58:54,530 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,532 INFO L290 TraceCheckUtils]: 0: Hoare triple {10264#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,532 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,532 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,532 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1364#return; {10187#false} is VALID [2022-02-20 17:58:54,533 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 17:58:54,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,536 INFO L290 TraceCheckUtils]: 0: Hoare triple {10263#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,536 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,536 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,536 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1366#return; {10187#false} is VALID [2022-02-20 17:58:54,536 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 36 [2022-02-20 17:58:54,538 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,540 INFO L290 TraceCheckUtils]: 0: Hoare triple {10264#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,540 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,540 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,540 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1368#return; {10187#false} is VALID [2022-02-20 17:58:54,559 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 55 [2022-02-20 17:58:54,560 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,562 INFO L290 TraceCheckUtils]: 0: Hoare triple {10267#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,562 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,562 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,562 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1344#return; {10187#false} is VALID [2022-02-20 17:58:54,574 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 60 [2022-02-20 17:58:54,575 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,576 INFO L290 TraceCheckUtils]: 0: Hoare triple {10268#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,577 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,577 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,577 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1346#return; {10187#false} is VALID [2022-02-20 17:58:54,577 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2022-02-20 17:58:54,578 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,581 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~10; {10186#true} is VALID [2022-02-20 17:58:54,581 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {10186#true} is VALID [2022-02-20 17:58:54,581 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,581 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1258#return; {10187#false} is VALID [2022-02-20 17:58:54,581 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 17:58:54,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,584 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~4; {10186#true} is VALID [2022-02-20 17:58:54,584 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {10186#true} is VALID [2022-02-20 17:58:54,584 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,584 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1260#return; {10187#false} is VALID [2022-02-20 17:58:54,584 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:58:54,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,590 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~33; {10186#true} is VALID [2022-02-20 17:58:54,590 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10186#true} is VALID [2022-02-20 17:58:54,590 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,590 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1278#return; {10187#false} is VALID [2022-02-20 17:58:54,590 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:58:54,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,593 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {10186#true} is VALID [2022-02-20 17:58:54,593 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle; {10186#true} is VALID [2022-02-20 17:58:54,593 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {10186#true} is VALID [2022-02-20 17:58:54,593 INFO L290 TraceCheckUtils]: 3: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,593 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10186#true} {10187#false} #1280#return; {10187#false} is VALID [2022-02-20 17:58:54,593 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 103 [2022-02-20 17:58:54,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,599 INFO L290 TraceCheckUtils]: 0: Hoare triple {10267#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,599 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,599 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,599 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1286#return; {10187#false} is VALID [2022-02-20 17:58:54,599 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 109 [2022-02-20 17:58:54,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,602 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~38; {10186#true} is VALID [2022-02-20 17:58:54,602 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {10186#true} is VALID [2022-02-20 17:58:54,602 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,602 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1288#return; {10187#false} is VALID [2022-02-20 17:58:54,602 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 116 [2022-02-20 17:58:54,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,605 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~33; {10186#true} is VALID [2022-02-20 17:58:54,605 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10186#true} is VALID [2022-02-20 17:58:54,605 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,605 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1290#return; {10187#false} is VALID [2022-02-20 17:58:54,605 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 122 [2022-02-20 17:58:54,606 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,607 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~10; {10186#true} is VALID [2022-02-20 17:58:54,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {10186#true} is VALID [2022-02-20 17:58:54,608 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,608 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1292#return; {10187#false} is VALID [2022-02-20 17:58:54,608 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:58:54,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,611 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~32; {10186#true} is VALID [2022-02-20 17:58:54,611 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {10186#true} is VALID [2022-02-20 17:58:54,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,615 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10186#true} {10187#false} #1304#return; {10187#false} is VALID [2022-02-20 17:58:54,616 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 137 [2022-02-20 17:58:54,617 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,618 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {10186#true} is VALID [2022-02-20 17:58:54,619 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume 1 == ~handle; {10186#true} is VALID [2022-02-20 17:58:54,619 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {10186#true} is VALID [2022-02-20 17:58:54,619 INFO L290 TraceCheckUtils]: 3: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,619 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {10186#true} {10187#false} #1306#return; {10187#false} is VALID [2022-02-20 17:58:54,619 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {10186#true} is VALID [2022-02-20 17:58:54,619 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {10186#true} is VALID [2022-02-20 17:58:54,619 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10186#true} is VALID [2022-02-20 17:58:54,619 INFO L290 TraceCheckUtils]: 3: Hoare triple {10186#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {10186#true} is VALID [2022-02-20 17:58:54,619 INFO L290 TraceCheckUtils]: 4: Hoare triple {10186#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {10186#true} is VALID [2022-02-20 17:58:54,619 INFO L290 TraceCheckUtils]: 5: Hoare triple {10186#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10186#true} is VALID [2022-02-20 17:58:54,620 INFO L272 TraceCheckUtils]: 6: Hoare triple {10186#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10263#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:54,620 INFO L290 TraceCheckUtils]: 7: Hoare triple {10263#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,620 INFO L290 TraceCheckUtils]: 8: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,620 INFO L290 TraceCheckUtils]: 9: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,621 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10186#true} {10186#true} #1358#return; {10186#true} is VALID [2022-02-20 17:58:54,621 INFO L290 TraceCheckUtils]: 11: Hoare triple {10186#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10186#true} is VALID [2022-02-20 17:58:54,621 INFO L272 TraceCheckUtils]: 12: Hoare triple {10186#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10264#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:54,621 INFO L290 TraceCheckUtils]: 13: Hoare triple {10264#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,621 INFO L290 TraceCheckUtils]: 14: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,622 INFO L290 TraceCheckUtils]: 15: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,622 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10186#true} {10186#true} #1360#return; {10186#true} is VALID [2022-02-20 17:58:54,622 INFO L290 TraceCheckUtils]: 17: Hoare triple {10186#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10196#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} is VALID [2022-02-20 17:58:54,623 INFO L272 TraceCheckUtils]: 18: Hoare triple {10196#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10263#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:54,623 INFO L290 TraceCheckUtils]: 19: Hoare triple {10263#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10265#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:54,623 INFO L290 TraceCheckUtils]: 20: Hoare triple {10265#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10266#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:54,624 INFO L290 TraceCheckUtils]: 21: Hoare triple {10266#(= |setClientId_#in~handle| 1)} assume true; {10266#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:54,624 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {10266#(= |setClientId_#in~handle| 1)} {10196#(= |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1| 2)} #1362#return; {10187#false} is VALID [2022-02-20 17:58:54,624 INFO L290 TraceCheckUtils]: 23: Hoare triple {10187#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {10187#false} is VALID [2022-02-20 17:58:54,625 INFO L272 TraceCheckUtils]: 24: Hoare triple {10187#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10264#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:54,625 INFO L290 TraceCheckUtils]: 25: Hoare triple {10264#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,625 INFO L290 TraceCheckUtils]: 26: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,625 INFO L290 TraceCheckUtils]: 27: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,625 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {10186#true} {10187#false} #1364#return; {10187#false} is VALID [2022-02-20 17:58:54,625 INFO L290 TraceCheckUtils]: 29: Hoare triple {10187#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10187#false} is VALID [2022-02-20 17:58:54,625 INFO L272 TraceCheckUtils]: 30: Hoare triple {10187#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10263#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:54,625 INFO L290 TraceCheckUtils]: 31: Hoare triple {10263#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,626 INFO L290 TraceCheckUtils]: 32: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,626 INFO L290 TraceCheckUtils]: 33: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,626 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {10186#true} {10187#false} #1366#return; {10187#false} is VALID [2022-02-20 17:58:54,626 INFO L290 TraceCheckUtils]: 35: Hoare triple {10187#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10187#false} is VALID [2022-02-20 17:58:54,626 INFO L272 TraceCheckUtils]: 36: Hoare triple {10187#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10264#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:54,626 INFO L290 TraceCheckUtils]: 37: Hoare triple {10264#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,626 INFO L290 TraceCheckUtils]: 38: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,626 INFO L290 TraceCheckUtils]: 39: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,627 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {10186#true} {10187#false} #1368#return; {10187#false} is VALID [2022-02-20 17:58:54,627 INFO L290 TraceCheckUtils]: 41: Hoare triple {10187#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {10187#false} is VALID [2022-02-20 17:58:54,627 INFO L290 TraceCheckUtils]: 42: Hoare triple {10187#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10187#false} is VALID [2022-02-20 17:58:54,627 INFO L290 TraceCheckUtils]: 43: Hoare triple {10187#false} assume !false; {10187#false} is VALID [2022-02-20 17:58:54,627 INFO L290 TraceCheckUtils]: 44: Hoare triple {10187#false} assume test_~splverifierCounter~0#1 < 4; {10187#false} is VALID [2022-02-20 17:58:54,627 INFO L290 TraceCheckUtils]: 45: Hoare triple {10187#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10187#false} is VALID [2022-02-20 17:58:54,627 INFO L290 TraceCheckUtils]: 46: Hoare triple {10187#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {10187#false} is VALID [2022-02-20 17:58:54,628 INFO L290 TraceCheckUtils]: 47: Hoare triple {10187#false} assume !(0 != test_~tmp___9~0#1); {10187#false} is VALID [2022-02-20 17:58:54,628 INFO L290 TraceCheckUtils]: 48: Hoare triple {10187#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {10187#false} is VALID [2022-02-20 17:58:54,628 INFO L290 TraceCheckUtils]: 49: Hoare triple {10187#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10187#false} is VALID [2022-02-20 17:58:54,628 INFO L290 TraceCheckUtils]: 50: Hoare triple {10187#false} assume !false; {10187#false} is VALID [2022-02-20 17:58:54,628 INFO L290 TraceCheckUtils]: 51: Hoare triple {10187#false} assume !(test_~splverifierCounter~0#1 < 4); {10187#false} is VALID [2022-02-20 17:58:54,628 INFO L290 TraceCheckUtils]: 52: Hoare triple {10187#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {10187#false} is VALID [2022-02-20 17:58:54,628 INFO L272 TraceCheckUtils]: 53: Hoare triple {10187#false} call sendEmail(~bob~0, ~rjh~0); {10187#false} is VALID [2022-02-20 17:58:54,628 INFO L290 TraceCheckUtils]: 54: Hoare triple {10187#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10187#false} is VALID [2022-02-20 17:58:54,629 INFO L272 TraceCheckUtils]: 55: Hoare triple {10187#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10267#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:54,629 INFO L290 TraceCheckUtils]: 56: Hoare triple {10267#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,629 INFO L290 TraceCheckUtils]: 57: Hoare triple {10186#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,629 INFO L290 TraceCheckUtils]: 58: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,629 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {10186#true} {10187#false} #1344#return; {10187#false} is VALID [2022-02-20 17:58:54,629 INFO L272 TraceCheckUtils]: 60: Hoare triple {10187#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10268#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:54,629 INFO L290 TraceCheckUtils]: 61: Hoare triple {10268#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,629 INFO L290 TraceCheckUtils]: 62: Hoare triple {10186#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,630 INFO L290 TraceCheckUtils]: 63: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,630 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {10186#true} {10187#false} #1346#return; {10187#false} is VALID [2022-02-20 17:58:54,630 INFO L290 TraceCheckUtils]: 65: Hoare triple {10187#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {10187#false} is VALID [2022-02-20 17:58:54,630 INFO L290 TraceCheckUtils]: 66: Hoare triple {10187#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {10187#false} is VALID [2022-02-20 17:58:54,630 INFO L272 TraceCheckUtils]: 67: Hoare triple {10187#false} call outgoing(~sender#1, ~email~0#1); {10187#false} is VALID [2022-02-20 17:58:54,630 INFO L290 TraceCheckUtils]: 68: Hoare triple {10187#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {10187#false} is VALID [2022-02-20 17:58:54,630 INFO L272 TraceCheckUtils]: 69: Hoare triple {10187#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {10186#true} is VALID [2022-02-20 17:58:54,630 INFO L290 TraceCheckUtils]: 70: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~10; {10186#true} is VALID [2022-02-20 17:58:54,631 INFO L290 TraceCheckUtils]: 71: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {10186#true} is VALID [2022-02-20 17:58:54,631 INFO L290 TraceCheckUtils]: 72: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,631 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {10186#true} {10187#false} #1258#return; {10187#false} is VALID [2022-02-20 17:58:54,631 INFO L290 TraceCheckUtils]: 74: Hoare triple {10187#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {10187#false} is VALID [2022-02-20 17:58:54,631 INFO L290 TraceCheckUtils]: 75: Hoare triple {10187#false} assume 0 == sign_~privkey~1#1; {10187#false} is VALID [2022-02-20 17:58:54,631 INFO L290 TraceCheckUtils]: 76: Hoare triple {10187#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {10187#false} is VALID [2022-02-20 17:58:54,631 INFO L272 TraceCheckUtils]: 77: Hoare triple {10187#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {10186#true} is VALID [2022-02-20 17:58:54,631 INFO L290 TraceCheckUtils]: 78: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~4; {10186#true} is VALID [2022-02-20 17:58:54,632 INFO L290 TraceCheckUtils]: 79: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {10186#true} is VALID [2022-02-20 17:58:54,632 INFO L290 TraceCheckUtils]: 80: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,632 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {10186#true} {10187#false} #1260#return; {10187#false} is VALID [2022-02-20 17:58:54,632 INFO L290 TraceCheckUtils]: 82: Hoare triple {10187#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {10187#false} is VALID [2022-02-20 17:58:54,632 INFO L290 TraceCheckUtils]: 83: Hoare triple {10187#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {10187#false} is VALID [2022-02-20 17:58:54,632 INFO L272 TraceCheckUtils]: 84: Hoare triple {10187#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {10187#false} is VALID [2022-02-20 17:58:54,632 INFO L290 TraceCheckUtils]: 85: Hoare triple {10187#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {10187#false} is VALID [2022-02-20 17:58:54,632 INFO L272 TraceCheckUtils]: 86: Hoare triple {10187#false} call #t~ret38#1 := getEmailTo(~msg#1); {10186#true} is VALID [2022-02-20 17:58:54,633 INFO L290 TraceCheckUtils]: 87: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~33; {10186#true} is VALID [2022-02-20 17:58:54,633 INFO L290 TraceCheckUtils]: 88: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10186#true} is VALID [2022-02-20 17:58:54,633 INFO L290 TraceCheckUtils]: 89: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,633 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {10186#true} {10187#false} #1278#return; {10187#false} is VALID [2022-02-20 17:58:54,633 INFO L290 TraceCheckUtils]: 91: Hoare triple {10187#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {10187#false} is VALID [2022-02-20 17:58:54,633 INFO L272 TraceCheckUtils]: 92: Hoare triple {10187#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {10186#true} is VALID [2022-02-20 17:58:54,633 INFO L290 TraceCheckUtils]: 93: Hoare triple {10186#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {10186#true} is VALID [2022-02-20 17:58:54,633 INFO L290 TraceCheckUtils]: 94: Hoare triple {10186#true} assume 1 == ~handle; {10186#true} is VALID [2022-02-20 17:58:54,634 INFO L290 TraceCheckUtils]: 95: Hoare triple {10186#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {10186#true} is VALID [2022-02-20 17:58:54,634 INFO L290 TraceCheckUtils]: 96: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,634 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {10186#true} {10187#false} #1280#return; {10187#false} is VALID [2022-02-20 17:58:54,634 INFO L290 TraceCheckUtils]: 98: Hoare triple {10187#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {10187#false} is VALID [2022-02-20 17:58:54,634 INFO L290 TraceCheckUtils]: 99: Hoare triple {10187#false} assume !(0 != ~pubkey~1#1); {10187#false} is VALID [2022-02-20 17:58:54,634 INFO L290 TraceCheckUtils]: 100: Hoare triple {10187#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {10187#false} is VALID [2022-02-20 17:58:54,634 INFO L290 TraceCheckUtils]: 101: Hoare triple {10187#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {10187#false} is VALID [2022-02-20 17:58:54,634 INFO L290 TraceCheckUtils]: 102: Hoare triple {10187#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {10187#false} is VALID [2022-02-20 17:58:54,635 INFO L272 TraceCheckUtils]: 103: Hoare triple {10187#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {10267#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:54,635 INFO L290 TraceCheckUtils]: 104: Hoare triple {10267#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:54,635 INFO L290 TraceCheckUtils]: 105: Hoare triple {10186#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:54,635 INFO L290 TraceCheckUtils]: 106: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,635 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {10186#true} {10187#false} #1286#return; {10187#false} is VALID [2022-02-20 17:58:54,635 INFO L290 TraceCheckUtils]: 108: Hoare triple {10187#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {10187#false} is VALID [2022-02-20 17:58:54,635 INFO L272 TraceCheckUtils]: 109: Hoare triple {10187#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {10186#true} is VALID [2022-02-20 17:58:54,636 INFO L290 TraceCheckUtils]: 110: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~38; {10186#true} is VALID [2022-02-20 17:58:54,636 INFO L290 TraceCheckUtils]: 111: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {10186#true} is VALID [2022-02-20 17:58:54,636 INFO L290 TraceCheckUtils]: 112: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,636 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {10186#true} {10187#false} #1288#return; {10187#false} is VALID [2022-02-20 17:58:54,636 INFO L290 TraceCheckUtils]: 114: Hoare triple {10187#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {10187#false} is VALID [2022-02-20 17:58:54,636 INFO L290 TraceCheckUtils]: 115: Hoare triple {10187#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {10187#false} is VALID [2022-02-20 17:58:54,636 INFO L272 TraceCheckUtils]: 116: Hoare triple {10187#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {10186#true} is VALID [2022-02-20 17:58:54,636 INFO L290 TraceCheckUtils]: 117: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~33; {10186#true} is VALID [2022-02-20 17:58:54,637 INFO L290 TraceCheckUtils]: 118: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10186#true} is VALID [2022-02-20 17:58:54,637 INFO L290 TraceCheckUtils]: 119: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,637 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {10186#true} {10187#false} #1290#return; {10187#false} is VALID [2022-02-20 17:58:54,637 INFO L290 TraceCheckUtils]: 121: Hoare triple {10187#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {10187#false} is VALID [2022-02-20 17:58:54,637 INFO L272 TraceCheckUtils]: 122: Hoare triple {10187#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {10186#true} is VALID [2022-02-20 17:58:54,637 INFO L290 TraceCheckUtils]: 123: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~10; {10186#true} is VALID [2022-02-20 17:58:54,637 INFO L290 TraceCheckUtils]: 124: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {10186#true} is VALID [2022-02-20 17:58:54,637 INFO L290 TraceCheckUtils]: 125: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,638 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {10186#true} {10187#false} #1292#return; {10187#false} is VALID [2022-02-20 17:58:54,638 INFO L290 TraceCheckUtils]: 127: Hoare triple {10187#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {10187#false} is VALID [2022-02-20 17:58:54,638 INFO L290 TraceCheckUtils]: 128: Hoare triple {10187#false} assume !(0 != incoming_~privkey~0#1); {10187#false} is VALID [2022-02-20 17:58:54,638 INFO L290 TraceCheckUtils]: 129: Hoare triple {10187#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {10187#false} is VALID [2022-02-20 17:58:54,638 INFO L290 TraceCheckUtils]: 130: Hoare triple {10187#false} assume 1 == ~sent_signed~0; {10187#false} is VALID [2022-02-20 17:58:54,638 INFO L272 TraceCheckUtils]: 131: Hoare triple {10187#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {10186#true} is VALID [2022-02-20 17:58:54,638 INFO L290 TraceCheckUtils]: 132: Hoare triple {10186#true} ~handle := #in~handle;havoc ~retValue_acc~32; {10186#true} is VALID [2022-02-20 17:58:54,638 INFO L290 TraceCheckUtils]: 133: Hoare triple {10186#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {10186#true} is VALID [2022-02-20 17:58:54,639 INFO L290 TraceCheckUtils]: 134: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,639 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {10186#true} {10187#false} #1304#return; {10187#false} is VALID [2022-02-20 17:58:54,639 INFO L290 TraceCheckUtils]: 136: Hoare triple {10187#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {10187#false} is VALID [2022-02-20 17:58:54,639 INFO L272 TraceCheckUtils]: 137: Hoare triple {10187#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {10186#true} is VALID [2022-02-20 17:58:54,639 INFO L290 TraceCheckUtils]: 138: Hoare triple {10186#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {10186#true} is VALID [2022-02-20 17:58:54,639 INFO L290 TraceCheckUtils]: 139: Hoare triple {10186#true} assume 1 == ~handle; {10186#true} is VALID [2022-02-20 17:58:54,639 INFO L290 TraceCheckUtils]: 140: Hoare triple {10186#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {10186#true} is VALID [2022-02-20 17:58:54,639 INFO L290 TraceCheckUtils]: 141: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:54,640 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {10186#true} {10187#false} #1306#return; {10187#false} is VALID [2022-02-20 17:58:54,640 INFO L290 TraceCheckUtils]: 143: Hoare triple {10187#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {10187#false} is VALID [2022-02-20 17:58:54,640 INFO L290 TraceCheckUtils]: 144: Hoare triple {10187#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {10187#false} is VALID [2022-02-20 17:58:54,640 INFO L272 TraceCheckUtils]: 145: Hoare triple {10187#false} call __automaton_fail(); {10187#false} is VALID [2022-02-20 17:58:54,640 INFO L290 TraceCheckUtils]: 146: Hoare triple {10187#false} assume !false; {10187#false} is VALID [2022-02-20 17:58:54,640 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 3 proven. 3 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:58:54,641 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:54,641 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1260230124] [2022-02-20 17:58:54,641 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1260230124] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:54,641 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1859051047] [2022-02-20 17:58:54,641 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:54,642 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:54,642 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:54,643 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:54,672 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2022-02-20 17:58:54,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:54,945 INFO L263 TraceCheckSpWp]: Trace formula consists of 1315 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 17:58:55,007 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:55,010 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:55,366 INFO L290 TraceCheckUtils]: 0: Hoare triple {10186#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {10186#true} is VALID [2022-02-20 17:58:55,367 INFO L290 TraceCheckUtils]: 1: Hoare triple {10186#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {10186#true} is VALID [2022-02-20 17:58:55,367 INFO L290 TraceCheckUtils]: 2: Hoare triple {10186#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {10186#true} is VALID [2022-02-20 17:58:55,367 INFO L290 TraceCheckUtils]: 3: Hoare triple {10186#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {10186#true} is VALID [2022-02-20 17:58:55,367 INFO L290 TraceCheckUtils]: 4: Hoare triple {10186#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {10186#true} is VALID [2022-02-20 17:58:55,368 INFO L290 TraceCheckUtils]: 5: Hoare triple {10186#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {10186#true} is VALID [2022-02-20 17:58:55,368 INFO L272 TraceCheckUtils]: 6: Hoare triple {10186#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {10186#true} is VALID [2022-02-20 17:58:55,368 INFO L290 TraceCheckUtils]: 7: Hoare triple {10186#true} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:55,368 INFO L290 TraceCheckUtils]: 8: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:55,368 INFO L290 TraceCheckUtils]: 9: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:55,368 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10186#true} {10186#true} #1358#return; {10186#true} is VALID [2022-02-20 17:58:55,368 INFO L290 TraceCheckUtils]: 11: Hoare triple {10186#true} assume { :end_inline_setup_bob__wrappee__Base } true; {10186#true} is VALID [2022-02-20 17:58:55,368 INFO L272 TraceCheckUtils]: 12: Hoare triple {10186#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {10186#true} is VALID [2022-02-20 17:58:55,369 INFO L290 TraceCheckUtils]: 13: Hoare triple {10186#true} ~handle := #in~handle;~value := #in~value; {10186#true} is VALID [2022-02-20 17:58:55,369 INFO L290 TraceCheckUtils]: 14: Hoare triple {10186#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10186#true} is VALID [2022-02-20 17:58:55,369 INFO L290 TraceCheckUtils]: 15: Hoare triple {10186#true} assume true; {10186#true} is VALID [2022-02-20 17:58:55,369 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {10186#true} {10186#true} #1360#return; {10186#true} is VALID [2022-02-20 17:58:55,371 INFO L290 TraceCheckUtils]: 17: Hoare triple {10186#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {10323#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:55,371 INFO L272 TraceCheckUtils]: 18: Hoare triple {10323#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {10186#true} is VALID [2022-02-20 17:58:55,372 INFO L290 TraceCheckUtils]: 19: Hoare triple {10186#true} ~handle := #in~handle;~value := #in~value; {10330#(<= |setClientId_#in~handle| setClientId_~handle)} is VALID [2022-02-20 17:58:55,373 INFO L290 TraceCheckUtils]: 20: Hoare triple {10330#(<= |setClientId_#in~handle| setClientId_~handle)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10334#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:55,373 INFO L290 TraceCheckUtils]: 21: Hoare triple {10334#(<= |setClientId_#in~handle| 1)} assume true; {10334#(<= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:58:55,374 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {10334#(<= |setClientId_#in~handle| 1)} {10323#(<= 2 |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1362#return; {10187#false} is VALID [2022-02-20 17:58:55,374 INFO L290 TraceCheckUtils]: 23: Hoare triple {10187#false} assume { :end_inline_setup_rjh__wrappee__Base } true; {10187#false} is VALID [2022-02-20 17:58:55,374 INFO L272 TraceCheckUtils]: 24: Hoare triple {10187#false} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {10187#false} is VALID [2022-02-20 17:58:55,375 INFO L290 TraceCheckUtils]: 25: Hoare triple {10187#false} ~handle := #in~handle;~value := #in~value; {10187#false} is VALID [2022-02-20 17:58:55,375 INFO L290 TraceCheckUtils]: 26: Hoare triple {10187#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10187#false} is VALID [2022-02-20 17:58:55,375 INFO L290 TraceCheckUtils]: 27: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,375 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {10187#false} {10187#false} #1364#return; {10187#false} is VALID [2022-02-20 17:58:55,375 INFO L290 TraceCheckUtils]: 29: Hoare triple {10187#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {10187#false} is VALID [2022-02-20 17:58:55,375 INFO L272 TraceCheckUtils]: 30: Hoare triple {10187#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {10187#false} is VALID [2022-02-20 17:58:55,375 INFO L290 TraceCheckUtils]: 31: Hoare triple {10187#false} ~handle := #in~handle;~value := #in~value; {10187#false} is VALID [2022-02-20 17:58:55,376 INFO L290 TraceCheckUtils]: 32: Hoare triple {10187#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {10187#false} is VALID [2022-02-20 17:58:55,376 INFO L290 TraceCheckUtils]: 33: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,376 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {10187#false} {10187#false} #1366#return; {10187#false} is VALID [2022-02-20 17:58:55,376 INFO L290 TraceCheckUtils]: 35: Hoare triple {10187#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {10187#false} is VALID [2022-02-20 17:58:55,376 INFO L272 TraceCheckUtils]: 36: Hoare triple {10187#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {10187#false} is VALID [2022-02-20 17:58:55,376 INFO L290 TraceCheckUtils]: 37: Hoare triple {10187#false} ~handle := #in~handle;~value := #in~value; {10187#false} is VALID [2022-02-20 17:58:55,376 INFO L290 TraceCheckUtils]: 38: Hoare triple {10187#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {10187#false} is VALID [2022-02-20 17:58:55,376 INFO L290 TraceCheckUtils]: 39: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,376 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {10187#false} {10187#false} #1368#return; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 41: Hoare triple {10187#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 42: Hoare triple {10187#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 43: Hoare triple {10187#false} assume !false; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 44: Hoare triple {10187#false} assume test_~splverifierCounter~0#1 < 4; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 45: Hoare triple {10187#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 46: Hoare triple {10187#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 47: Hoare triple {10187#false} assume !(0 != test_~tmp___9~0#1); {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 48: Hoare triple {10187#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 49: Hoare triple {10187#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 50: Hoare triple {10187#false} assume !false; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 51: Hoare triple {10187#false} assume !(test_~splverifierCounter~0#1 < 4); {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 52: Hoare triple {10187#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L272 TraceCheckUtils]: 53: Hoare triple {10187#false} call sendEmail(~bob~0, ~rjh~0); {10187#false} is VALID [2022-02-20 17:58:55,377 INFO L290 TraceCheckUtils]: 54: Hoare triple {10187#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {10187#false} is VALID [2022-02-20 17:58:55,378 INFO L272 TraceCheckUtils]: 55: Hoare triple {10187#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {10187#false} is VALID [2022-02-20 17:58:55,378 INFO L290 TraceCheckUtils]: 56: Hoare triple {10187#false} ~handle := #in~handle;~value := #in~value; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L290 TraceCheckUtils]: 57: Hoare triple {10187#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L290 TraceCheckUtils]: 58: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L284 TraceCheckUtils]: 59: Hoare quadruple {10187#false} {10187#false} #1344#return; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L272 TraceCheckUtils]: 60: Hoare triple {10187#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L290 TraceCheckUtils]: 61: Hoare triple {10187#false} ~handle := #in~handle;~value := #in~value; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L290 TraceCheckUtils]: 62: Hoare triple {10187#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L290 TraceCheckUtils]: 63: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {10187#false} {10187#false} #1346#return; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L290 TraceCheckUtils]: 65: Hoare triple {10187#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L290 TraceCheckUtils]: 66: Hoare triple {10187#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L272 TraceCheckUtils]: 67: Hoare triple {10187#false} call outgoing(~sender#1, ~email~0#1); {10187#false} is VALID [2022-02-20 17:58:55,379 INFO L290 TraceCheckUtils]: 68: Hoare triple {10187#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {10187#false} is VALID [2022-02-20 17:58:55,380 INFO L272 TraceCheckUtils]: 69: Hoare triple {10187#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {10187#false} is VALID [2022-02-20 17:58:55,380 INFO L290 TraceCheckUtils]: 70: Hoare triple {10187#false} ~handle := #in~handle;havoc ~retValue_acc~10; {10187#false} is VALID [2022-02-20 17:58:55,380 INFO L290 TraceCheckUtils]: 71: Hoare triple {10187#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {10187#false} is VALID [2022-02-20 17:58:55,380 INFO L290 TraceCheckUtils]: 72: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,380 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {10187#false} {10187#false} #1258#return; {10187#false} is VALID [2022-02-20 17:58:55,380 INFO L290 TraceCheckUtils]: 74: Hoare triple {10187#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {10187#false} is VALID [2022-02-20 17:58:55,380 INFO L290 TraceCheckUtils]: 75: Hoare triple {10187#false} assume 0 == sign_~privkey~1#1; {10187#false} is VALID [2022-02-20 17:58:55,380 INFO L290 TraceCheckUtils]: 76: Hoare triple {10187#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {10187#false} is VALID [2022-02-20 17:58:55,383 INFO L272 TraceCheckUtils]: 77: Hoare triple {10187#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {10187#false} is VALID [2022-02-20 17:58:55,383 INFO L290 TraceCheckUtils]: 78: Hoare triple {10187#false} ~handle := #in~handle;havoc ~retValue_acc~4; {10187#false} is VALID [2022-02-20 17:58:55,383 INFO L290 TraceCheckUtils]: 79: Hoare triple {10187#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {10187#false} is VALID [2022-02-20 17:58:55,383 INFO L290 TraceCheckUtils]: 80: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,383 INFO L284 TraceCheckUtils]: 81: Hoare quadruple {10187#false} {10187#false} #1260#return; {10187#false} is VALID [2022-02-20 17:58:55,383 INFO L290 TraceCheckUtils]: 82: Hoare triple {10187#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {10187#false} is VALID [2022-02-20 17:58:55,383 INFO L290 TraceCheckUtils]: 83: Hoare triple {10187#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {10187#false} is VALID [2022-02-20 17:58:55,384 INFO L272 TraceCheckUtils]: 84: Hoare triple {10187#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {10187#false} is VALID [2022-02-20 17:58:55,384 INFO L290 TraceCheckUtils]: 85: Hoare triple {10187#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {10187#false} is VALID [2022-02-20 17:58:55,384 INFO L272 TraceCheckUtils]: 86: Hoare triple {10187#false} call #t~ret38#1 := getEmailTo(~msg#1); {10187#false} is VALID [2022-02-20 17:58:55,384 INFO L290 TraceCheckUtils]: 87: Hoare triple {10187#false} ~handle := #in~handle;havoc ~retValue_acc~33; {10187#false} is VALID [2022-02-20 17:58:55,384 INFO L290 TraceCheckUtils]: 88: Hoare triple {10187#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10187#false} is VALID [2022-02-20 17:58:55,384 INFO L290 TraceCheckUtils]: 89: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,384 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {10187#false} {10187#false} #1278#return; {10187#false} is VALID [2022-02-20 17:58:55,384 INFO L290 TraceCheckUtils]: 91: Hoare triple {10187#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {10187#false} is VALID [2022-02-20 17:58:55,385 INFO L272 TraceCheckUtils]: 92: Hoare triple {10187#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {10187#false} is VALID [2022-02-20 17:58:55,385 INFO L290 TraceCheckUtils]: 93: Hoare triple {10187#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {10187#false} is VALID [2022-02-20 17:58:55,385 INFO L290 TraceCheckUtils]: 94: Hoare triple {10187#false} assume 1 == ~handle; {10187#false} is VALID [2022-02-20 17:58:55,385 INFO L290 TraceCheckUtils]: 95: Hoare triple {10187#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {10187#false} is VALID [2022-02-20 17:58:55,385 INFO L290 TraceCheckUtils]: 96: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,385 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {10187#false} {10187#false} #1280#return; {10187#false} is VALID [2022-02-20 17:58:55,385 INFO L290 TraceCheckUtils]: 98: Hoare triple {10187#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {10187#false} is VALID [2022-02-20 17:58:55,386 INFO L290 TraceCheckUtils]: 99: Hoare triple {10187#false} assume !(0 != ~pubkey~1#1); {10187#false} is VALID [2022-02-20 17:58:55,386 INFO L290 TraceCheckUtils]: 100: Hoare triple {10187#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {10187#false} is VALID [2022-02-20 17:58:55,386 INFO L290 TraceCheckUtils]: 101: Hoare triple {10187#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {10187#false} is VALID [2022-02-20 17:58:55,386 INFO L290 TraceCheckUtils]: 102: Hoare triple {10187#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {10187#false} is VALID [2022-02-20 17:58:55,386 INFO L272 TraceCheckUtils]: 103: Hoare triple {10187#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {10187#false} is VALID [2022-02-20 17:58:55,386 INFO L290 TraceCheckUtils]: 104: Hoare triple {10187#false} ~handle := #in~handle;~value := #in~value; {10187#false} is VALID [2022-02-20 17:58:55,386 INFO L290 TraceCheckUtils]: 105: Hoare triple {10187#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {10187#false} is VALID [2022-02-20 17:58:55,387 INFO L290 TraceCheckUtils]: 106: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,387 INFO L284 TraceCheckUtils]: 107: Hoare quadruple {10187#false} {10187#false} #1286#return; {10187#false} is VALID [2022-02-20 17:58:55,387 INFO L290 TraceCheckUtils]: 108: Hoare triple {10187#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {10187#false} is VALID [2022-02-20 17:58:55,387 INFO L272 TraceCheckUtils]: 109: Hoare triple {10187#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {10187#false} is VALID [2022-02-20 17:58:55,387 INFO L290 TraceCheckUtils]: 110: Hoare triple {10187#false} ~handle := #in~handle;havoc ~retValue_acc~38; {10187#false} is VALID [2022-02-20 17:58:55,387 INFO L290 TraceCheckUtils]: 111: Hoare triple {10187#false} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {10187#false} is VALID [2022-02-20 17:58:55,387 INFO L290 TraceCheckUtils]: 112: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,388 INFO L284 TraceCheckUtils]: 113: Hoare quadruple {10187#false} {10187#false} #1288#return; {10187#false} is VALID [2022-02-20 17:58:55,388 INFO L290 TraceCheckUtils]: 114: Hoare triple {10187#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {10187#false} is VALID [2022-02-20 17:58:55,388 INFO L290 TraceCheckUtils]: 115: Hoare triple {10187#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {10187#false} is VALID [2022-02-20 17:58:55,388 INFO L272 TraceCheckUtils]: 116: Hoare triple {10187#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {10187#false} is VALID [2022-02-20 17:58:55,388 INFO L290 TraceCheckUtils]: 117: Hoare triple {10187#false} ~handle := #in~handle;havoc ~retValue_acc~33; {10187#false} is VALID [2022-02-20 17:58:55,388 INFO L290 TraceCheckUtils]: 118: Hoare triple {10187#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {10187#false} is VALID [2022-02-20 17:58:55,388 INFO L290 TraceCheckUtils]: 119: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,388 INFO L284 TraceCheckUtils]: 120: Hoare quadruple {10187#false} {10187#false} #1290#return; {10187#false} is VALID [2022-02-20 17:58:55,389 INFO L290 TraceCheckUtils]: 121: Hoare triple {10187#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {10187#false} is VALID [2022-02-20 17:58:55,389 INFO L272 TraceCheckUtils]: 122: Hoare triple {10187#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {10187#false} is VALID [2022-02-20 17:58:55,389 INFO L290 TraceCheckUtils]: 123: Hoare triple {10187#false} ~handle := #in~handle;havoc ~retValue_acc~10; {10187#false} is VALID [2022-02-20 17:58:55,389 INFO L290 TraceCheckUtils]: 124: Hoare triple {10187#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {10187#false} is VALID [2022-02-20 17:58:55,389 INFO L290 TraceCheckUtils]: 125: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,389 INFO L284 TraceCheckUtils]: 126: Hoare quadruple {10187#false} {10187#false} #1292#return; {10187#false} is VALID [2022-02-20 17:58:55,389 INFO L290 TraceCheckUtils]: 127: Hoare triple {10187#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {10187#false} is VALID [2022-02-20 17:58:55,389 INFO L290 TraceCheckUtils]: 128: Hoare triple {10187#false} assume !(0 != incoming_~privkey~0#1); {10187#false} is VALID [2022-02-20 17:58:55,390 INFO L290 TraceCheckUtils]: 129: Hoare triple {10187#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {10187#false} is VALID [2022-02-20 17:58:55,390 INFO L290 TraceCheckUtils]: 130: Hoare triple {10187#false} assume 1 == ~sent_signed~0; {10187#false} is VALID [2022-02-20 17:58:55,390 INFO L272 TraceCheckUtils]: 131: Hoare triple {10187#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {10187#false} is VALID [2022-02-20 17:58:55,390 INFO L290 TraceCheckUtils]: 132: Hoare triple {10187#false} ~handle := #in~handle;havoc ~retValue_acc~32; {10187#false} is VALID [2022-02-20 17:58:55,390 INFO L290 TraceCheckUtils]: 133: Hoare triple {10187#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {10187#false} is VALID [2022-02-20 17:58:55,390 INFO L290 TraceCheckUtils]: 134: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,390 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {10187#false} {10187#false} #1304#return; {10187#false} is VALID [2022-02-20 17:58:55,391 INFO L290 TraceCheckUtils]: 136: Hoare triple {10187#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {10187#false} is VALID [2022-02-20 17:58:55,391 INFO L272 TraceCheckUtils]: 137: Hoare triple {10187#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {10187#false} is VALID [2022-02-20 17:58:55,391 INFO L290 TraceCheckUtils]: 138: Hoare triple {10187#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {10187#false} is VALID [2022-02-20 17:58:55,391 INFO L290 TraceCheckUtils]: 139: Hoare triple {10187#false} assume 1 == ~handle; {10187#false} is VALID [2022-02-20 17:58:55,391 INFO L290 TraceCheckUtils]: 140: Hoare triple {10187#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {10187#false} is VALID [2022-02-20 17:58:55,391 INFO L290 TraceCheckUtils]: 141: Hoare triple {10187#false} assume true; {10187#false} is VALID [2022-02-20 17:58:55,391 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {10187#false} {10187#false} #1306#return; {10187#false} is VALID [2022-02-20 17:58:55,391 INFO L290 TraceCheckUtils]: 143: Hoare triple {10187#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {10187#false} is VALID [2022-02-20 17:58:55,392 INFO L290 TraceCheckUtils]: 144: Hoare triple {10187#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {10187#false} is VALID [2022-02-20 17:58:55,392 INFO L272 TraceCheckUtils]: 145: Hoare triple {10187#false} call __automaton_fail(); {10187#false} is VALID [2022-02-20 17:58:55,392 INFO L290 TraceCheckUtils]: 146: Hoare triple {10187#false} assume !false; {10187#false} is VALID [2022-02-20 17:58:55,392 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 24 trivial. 0 not checked. [2022-02-20 17:58:55,393 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:55,393 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1859051047] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:55,393 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:55,393 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [9] total 12 [2022-02-20 17:58:55,393 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1143185671] [2022-02-20 17:58:55,393 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:55,394 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 22.5) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) Word has length 147 [2022-02-20 17:58:55,394 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:55,395 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 22.5) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:55,497 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 130 edges. 130 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:55,498 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:55,498 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:55,498 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:55,498 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=24, Invalid=108, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:58:55,499 INFO L87 Difference]: Start difference. First operand 519 states and 795 transitions. Second operand has 5 states, 4 states have (on average 22.5) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:56,866 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:56,866 INFO L93 Difference]: Finished difference Result 1029 states and 1580 transitions. [2022-02-20 17:58:56,866 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:58:56,867 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 22.5) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) Word has length 147 [2022-02-20 17:58:56,867 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:58:56,867 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 22.5) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:56,881 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1342 transitions. [2022-02-20 17:58:56,882 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 22.5) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:56,895 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1342 transitions. [2022-02-20 17:58:56,895 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1342 transitions. [2022-02-20 17:58:57,810 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1342 edges. 1342 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:57,830 INFO L225 Difference]: With dead ends: 1029 [2022-02-20 17:58:57,830 INFO L226 Difference]: Without dead ends: 521 [2022-02-20 17:58:57,832 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 187 GetRequests, 176 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=128, Unknown=0, NotChecked=0, Total=156 [2022-02-20 17:58:57,832 INFO L933 BasicCegarLoop]: 667 mSDtfsCounter, 152 mSDsluCounter, 1827 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 175 SdHoareTripleChecker+Valid, 2494 SdHoareTripleChecker+Invalid, 34 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:58:57,833 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [175 Valid, 2494 Invalid, 34 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:58:57,834 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 521 states. [2022-02-20 17:58:57,891 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 521 to 521. [2022-02-20 17:58:57,891 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:58:57,893 INFO L82 GeneralOperation]: Start isEquivalent. First operand 521 states. Second operand has 521 states, 401 states have (on average 1.5436408977556109) internal successors, (619), 407 states have internal predecessors, (619), 90 states have call successors, (90), 29 states have call predecessors, (90), 29 states have return successors, (89), 86 states have call predecessors, (89), 87 states have call successors, (89) [2022-02-20 17:58:57,894 INFO L74 IsIncluded]: Start isIncluded. First operand 521 states. Second operand has 521 states, 401 states have (on average 1.5436408977556109) internal successors, (619), 407 states have internal predecessors, (619), 90 states have call successors, (90), 29 states have call predecessors, (90), 29 states have return successors, (89), 86 states have call predecessors, (89), 87 states have call successors, (89) [2022-02-20 17:58:57,895 INFO L87 Difference]: Start difference. First operand 521 states. Second operand has 521 states, 401 states have (on average 1.5436408977556109) internal successors, (619), 407 states have internal predecessors, (619), 90 states have call successors, (90), 29 states have call predecessors, (90), 29 states have return successors, (89), 86 states have call predecessors, (89), 87 states have call successors, (89) [2022-02-20 17:58:57,916 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:57,916 INFO L93 Difference]: Finished difference Result 521 states and 798 transitions. [2022-02-20 17:58:57,916 INFO L276 IsEmpty]: Start isEmpty. Operand 521 states and 798 transitions. [2022-02-20 17:58:57,918 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:57,918 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:57,920 INFO L74 IsIncluded]: Start isIncluded. First operand has 521 states, 401 states have (on average 1.5436408977556109) internal successors, (619), 407 states have internal predecessors, (619), 90 states have call successors, (90), 29 states have call predecessors, (90), 29 states have return successors, (89), 86 states have call predecessors, (89), 87 states have call successors, (89) Second operand 521 states. [2022-02-20 17:58:57,921 INFO L87 Difference]: Start difference. First operand has 521 states, 401 states have (on average 1.5436408977556109) internal successors, (619), 407 states have internal predecessors, (619), 90 states have call successors, (90), 29 states have call predecessors, (90), 29 states have return successors, (89), 86 states have call predecessors, (89), 87 states have call successors, (89) Second operand 521 states. [2022-02-20 17:58:57,942 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:58:57,942 INFO L93 Difference]: Finished difference Result 521 states and 798 transitions. [2022-02-20 17:58:57,942 INFO L276 IsEmpty]: Start isEmpty. Operand 521 states and 798 transitions. [2022-02-20 17:58:57,945 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:58:57,945 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:58:57,945 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:58:57,945 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:58:57,947 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 521 states, 401 states have (on average 1.5436408977556109) internal successors, (619), 407 states have internal predecessors, (619), 90 states have call successors, (90), 29 states have call predecessors, (90), 29 states have return successors, (89), 86 states have call predecessors, (89), 87 states have call successors, (89) [2022-02-20 17:58:57,973 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 521 states to 521 states and 798 transitions. [2022-02-20 17:58:57,975 INFO L78 Accepts]: Start accepts. Automaton has 521 states and 798 transitions. Word has length 147 [2022-02-20 17:58:57,975 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:58:57,975 INFO L470 AbstractCegarLoop]: Abstraction has 521 states and 798 transitions. [2022-02-20 17:58:57,976 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 22.5) internal successors, (90), 5 states have internal predecessors, (90), 3 states have call successors, (22), 2 states have call predecessors, (22), 3 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:58:57,976 INFO L276 IsEmpty]: Start isEmpty. Operand 521 states and 798 transitions. [2022-02-20 17:58:57,978 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 168 [2022-02-20 17:58:57,979 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:58:57,979 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:58:58,006 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2022-02-20 17:58:58,195 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:58,195 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:58:58,196 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:58:58,196 INFO L85 PathProgramCache]: Analyzing trace with hash 1118335942, now seen corresponding path program 1 times [2022-02-20 17:58:58,196 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:58:58,196 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [379174273] [2022-02-20 17:58:58,196 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:58,196 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:58:58,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,290 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:58:58,294 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,296 INFO L290 TraceCheckUtils]: 0: Hoare triple {14008#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,296 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,296 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,297 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13916#true} #1358#return; {13916#true} is VALID [2022-02-20 17:58:58,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:58:58,306 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {14009#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,308 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,308 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13916#true} #1360#return; {13916#true} is VALID [2022-02-20 17:58:58,309 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:58:58,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,324 INFO L290 TraceCheckUtils]: 0: Hoare triple {14008#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14010#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,325 INFO L290 TraceCheckUtils]: 1: Hoare triple {14010#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {14010#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,325 INFO L290 TraceCheckUtils]: 2: Hoare triple {14010#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14011#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,325 INFO L290 TraceCheckUtils]: 3: Hoare triple {14011#(= 2 |setClientId_#in~handle|)} assume true; {14011#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,326 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {14011#(= 2 |setClientId_#in~handle|)} {13926#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1362#return; {13932#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:58,326 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:58:58,328 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,345 INFO L290 TraceCheckUtils]: 0: Hoare triple {14009#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14012#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:58,345 INFO L290 TraceCheckUtils]: 1: Hoare triple {14012#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14013#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:58,346 INFO L290 TraceCheckUtils]: 2: Hoare triple {14013#(= |setClientPrivateKey_#in~handle| 1)} assume true; {14013#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:58,346 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14013#(= |setClientPrivateKey_#in~handle| 1)} {13932#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1364#return; {13917#false} is VALID [2022-02-20 17:58:58,347 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 17:58:58,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {14008#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,351 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,351 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,351 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1366#return; {13917#false} is VALID [2022-02-20 17:58:58,351 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 17:58:58,353 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,355 INFO L290 TraceCheckUtils]: 0: Hoare triple {14009#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,355 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,355 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,355 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1368#return; {13917#false} is VALID [2022-02-20 17:58:58,365 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2022-02-20 17:58:58,366 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,368 INFO L290 TraceCheckUtils]: 0: Hoare triple {14014#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,368 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,368 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,368 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1344#return; {13917#false} is VALID [2022-02-20 17:58:58,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 17:58:58,379 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,381 INFO L290 TraceCheckUtils]: 0: Hoare triple {14015#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,381 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,381 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,381 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1346#return; {13917#false} is VALID [2022-02-20 17:58:58,381 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 17:58:58,382 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,383 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~10; {13916#true} is VALID [2022-02-20 17:58:58,384 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {13916#true} is VALID [2022-02-20 17:58:58,384 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,384 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1258#return; {13917#false} is VALID [2022-02-20 17:58:58,384 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 78 [2022-02-20 17:58:58,385 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,386 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~4; {13916#true} is VALID [2022-02-20 17:58:58,386 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {13916#true} is VALID [2022-02-20 17:58:58,387 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,387 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1260#return; {13917#false} is VALID [2022-02-20 17:58:58,387 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 86 [2022-02-20 17:58:58,388 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,390 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,390 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,391 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1262#return; {13917#false} is VALID [2022-02-20 17:58:58,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 92 [2022-02-20 17:58:58,392 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,393 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~8; {13916#true} is VALID [2022-02-20 17:58:58,393 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle; {13916#true} is VALID [2022-02-20 17:58:58,393 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume 0 == ~index;~retValue_acc~8 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~8; {13916#true} is VALID [2022-02-20 17:58:58,394 INFO L290 TraceCheckUtils]: 3: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,394 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13916#true} {13917#false} #1264#return; {13917#false} is VALID [2022-02-20 17:58:58,394 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 99 [2022-02-20 17:58:58,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,396 INFO L290 TraceCheckUtils]: 0: Hoare triple {14015#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,396 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,396 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,397 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1266#return; {13917#false} is VALID [2022-02-20 17:58:58,397 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 17:58:58,397 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,400 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,400 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,400 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,400 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1278#return; {13917#false} is VALID [2022-02-20 17:58:58,400 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 112 [2022-02-20 17:58:58,401 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,403 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {13916#true} is VALID [2022-02-20 17:58:58,403 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle; {13916#true} is VALID [2022-02-20 17:58:58,403 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {13916#true} is VALID [2022-02-20 17:58:58,403 INFO L290 TraceCheckUtils]: 3: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,403 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13916#true} {13917#false} #1280#return; {13917#false} is VALID [2022-02-20 17:58:58,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 123 [2022-02-20 17:58:58,404 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,407 INFO L290 TraceCheckUtils]: 0: Hoare triple {14014#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,407 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,407 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,407 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1286#return; {13917#false} is VALID [2022-02-20 17:58:58,407 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 129 [2022-02-20 17:58:58,408 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,410 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~38; {13916#true} is VALID [2022-02-20 17:58:58,410 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {13916#true} is VALID [2022-02-20 17:58:58,410 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,410 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1288#return; {13917#false} is VALID [2022-02-20 17:58:58,410 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 136 [2022-02-20 17:58:58,411 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,413 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,413 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,413 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,413 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1290#return; {13917#false} is VALID [2022-02-20 17:58:58,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 142 [2022-02-20 17:58:58,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,415 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~10; {13916#true} is VALID [2022-02-20 17:58:58,415 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {13916#true} is VALID [2022-02-20 17:58:58,416 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,416 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1292#return; {13917#false} is VALID [2022-02-20 17:58:58,416 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 151 [2022-02-20 17:58:58,417 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,418 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~32; {13916#true} is VALID [2022-02-20 17:58:58,418 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {13916#true} is VALID [2022-02-20 17:58:58,418 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,418 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13916#true} {13917#false} #1304#return; {13917#false} is VALID [2022-02-20 17:58:58,419 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 157 [2022-02-20 17:58:58,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,423 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {13916#true} is VALID [2022-02-20 17:58:58,423 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume 1 == ~handle; {13916#true} is VALID [2022-02-20 17:58:58,423 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {13916#true} is VALID [2022-02-20 17:58:58,423 INFO L290 TraceCheckUtils]: 3: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,423 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {13916#true} {13917#false} #1306#return; {13917#false} is VALID [2022-02-20 17:58:58,423 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {13916#true} is VALID [2022-02-20 17:58:58,424 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {13916#true} is VALID [2022-02-20 17:58:58,424 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13916#true} is VALID [2022-02-20 17:58:58,424 INFO L290 TraceCheckUtils]: 3: Hoare triple {13916#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {13916#true} is VALID [2022-02-20 17:58:58,424 INFO L290 TraceCheckUtils]: 4: Hoare triple {13916#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {13916#true} is VALID [2022-02-20 17:58:58,424 INFO L290 TraceCheckUtils]: 5: Hoare triple {13916#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13916#true} is VALID [2022-02-20 17:58:58,425 INFO L272 TraceCheckUtils]: 6: Hoare triple {13916#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {14008#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,425 INFO L290 TraceCheckUtils]: 7: Hoare triple {14008#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,425 INFO L290 TraceCheckUtils]: 8: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,425 INFO L290 TraceCheckUtils]: 9: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,426 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13916#true} {13916#true} #1358#return; {13916#true} is VALID [2022-02-20 17:58:58,426 INFO L290 TraceCheckUtils]: 11: Hoare triple {13916#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13916#true} is VALID [2022-02-20 17:58:58,426 INFO L272 TraceCheckUtils]: 12: Hoare triple {13916#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {14009#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:58,426 INFO L290 TraceCheckUtils]: 13: Hoare triple {14009#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,427 INFO L290 TraceCheckUtils]: 14: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,427 INFO L290 TraceCheckUtils]: 15: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,427 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13916#true} {13916#true} #1360#return; {13916#true} is VALID [2022-02-20 17:58:58,427 INFO L290 TraceCheckUtils]: 17: Hoare triple {13916#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {13926#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} is VALID [2022-02-20 17:58:58,428 INFO L272 TraceCheckUtils]: 18: Hoare triple {13926#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {14008#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,428 INFO L290 TraceCheckUtils]: 19: Hoare triple {14008#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {14010#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,429 INFO L290 TraceCheckUtils]: 20: Hoare triple {14010#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {14010#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,430 INFO L290 TraceCheckUtils]: 21: Hoare triple {14010#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {14011#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,430 INFO L290 TraceCheckUtils]: 22: Hoare triple {14011#(= 2 |setClientId_#in~handle|)} assume true; {14011#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:58:58,430 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {14011#(= 2 |setClientId_#in~handle|)} {13926#(= |ULTIMATE.start_setup_rjh_~rjh___0#1| |ULTIMATE.start_setup_rjh__wrappee__Base_~rjh___0#1|)} #1362#return; {13932#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:58,431 INFO L290 TraceCheckUtils]: 24: Hoare triple {13932#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} assume { :end_inline_setup_rjh__wrappee__Base } true; {13932#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} is VALID [2022-02-20 17:58:58,431 INFO L272 TraceCheckUtils]: 25: Hoare triple {13932#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {14009#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:58,432 INFO L290 TraceCheckUtils]: 26: Hoare triple {14009#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {14012#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:58:58,432 INFO L290 TraceCheckUtils]: 27: Hoare triple {14012#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14013#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:58,432 INFO L290 TraceCheckUtils]: 28: Hoare triple {14013#(= |setClientPrivateKey_#in~handle| 1)} assume true; {14013#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:58,433 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {14013#(= |setClientPrivateKey_#in~handle| 1)} {13932#(not (= |ULTIMATE.start_setup_rjh_~rjh___0#1| 1))} #1364#return; {13917#false} is VALID [2022-02-20 17:58:58,433 INFO L290 TraceCheckUtils]: 30: Hoare triple {13917#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13917#false} is VALID [2022-02-20 17:58:58,433 INFO L272 TraceCheckUtils]: 31: Hoare triple {13917#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {14008#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:58:58,433 INFO L290 TraceCheckUtils]: 32: Hoare triple {14008#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,433 INFO L290 TraceCheckUtils]: 33: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,434 INFO L290 TraceCheckUtils]: 34: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,434 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {13916#true} {13917#false} #1366#return; {13917#false} is VALID [2022-02-20 17:58:58,434 INFO L290 TraceCheckUtils]: 36: Hoare triple {13917#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13917#false} is VALID [2022-02-20 17:58:58,434 INFO L272 TraceCheckUtils]: 37: Hoare triple {13917#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {14009#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:58:58,434 INFO L290 TraceCheckUtils]: 38: Hoare triple {14009#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,434 INFO L290 TraceCheckUtils]: 39: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,434 INFO L290 TraceCheckUtils]: 40: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,435 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {13916#true} {13917#false} #1368#return; {13917#false} is VALID [2022-02-20 17:58:58,435 INFO L290 TraceCheckUtils]: 42: Hoare triple {13917#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {13917#false} is VALID [2022-02-20 17:58:58,435 INFO L290 TraceCheckUtils]: 43: Hoare triple {13917#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13917#false} is VALID [2022-02-20 17:58:58,435 INFO L290 TraceCheckUtils]: 44: Hoare triple {13917#false} assume !false; {13917#false} is VALID [2022-02-20 17:58:58,435 INFO L290 TraceCheckUtils]: 45: Hoare triple {13917#false} assume test_~splverifierCounter~0#1 < 4; {13917#false} is VALID [2022-02-20 17:58:58,435 INFO L290 TraceCheckUtils]: 46: Hoare triple {13917#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13917#false} is VALID [2022-02-20 17:58:58,435 INFO L290 TraceCheckUtils]: 47: Hoare triple {13917#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {13917#false} is VALID [2022-02-20 17:58:58,436 INFO L290 TraceCheckUtils]: 48: Hoare triple {13917#false} assume !(0 != test_~tmp___9~0#1); {13917#false} is VALID [2022-02-20 17:58:58,436 INFO L290 TraceCheckUtils]: 49: Hoare triple {13917#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {13917#false} is VALID [2022-02-20 17:58:58,436 INFO L290 TraceCheckUtils]: 50: Hoare triple {13917#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {13917#false} is VALID [2022-02-20 17:58:58,436 INFO L290 TraceCheckUtils]: 51: Hoare triple {13917#false} assume !false; {13917#false} is VALID [2022-02-20 17:58:58,436 INFO L290 TraceCheckUtils]: 52: Hoare triple {13917#false} assume !(test_~splverifierCounter~0#1 < 4); {13917#false} is VALID [2022-02-20 17:58:58,436 INFO L290 TraceCheckUtils]: 53: Hoare triple {13917#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {13917#false} is VALID [2022-02-20 17:58:58,436 INFO L272 TraceCheckUtils]: 54: Hoare triple {13917#false} call sendEmail(~bob~0, ~rjh~0); {13917#false} is VALID [2022-02-20 17:58:58,436 INFO L290 TraceCheckUtils]: 55: Hoare triple {13917#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13917#false} is VALID [2022-02-20 17:58:58,437 INFO L272 TraceCheckUtils]: 56: Hoare triple {13917#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {14014#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:58,437 INFO L290 TraceCheckUtils]: 57: Hoare triple {14014#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,437 INFO L290 TraceCheckUtils]: 58: Hoare triple {13916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,437 INFO L290 TraceCheckUtils]: 59: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,437 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {13916#true} {13917#false} #1344#return; {13917#false} is VALID [2022-02-20 17:58:58,437 INFO L272 TraceCheckUtils]: 61: Hoare triple {13917#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {14015#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:58,437 INFO L290 TraceCheckUtils]: 62: Hoare triple {14015#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,437 INFO L290 TraceCheckUtils]: 63: Hoare triple {13916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,438 INFO L290 TraceCheckUtils]: 64: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,438 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {13916#true} {13917#false} #1346#return; {13917#false} is VALID [2022-02-20 17:58:58,438 INFO L290 TraceCheckUtils]: 66: Hoare triple {13917#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {13917#false} is VALID [2022-02-20 17:58:58,438 INFO L290 TraceCheckUtils]: 67: Hoare triple {13917#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {13917#false} is VALID [2022-02-20 17:58:58,438 INFO L272 TraceCheckUtils]: 68: Hoare triple {13917#false} call outgoing(~sender#1, ~email~0#1); {13917#false} is VALID [2022-02-20 17:58:58,438 INFO L290 TraceCheckUtils]: 69: Hoare triple {13917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {13917#false} is VALID [2022-02-20 17:58:58,438 INFO L272 TraceCheckUtils]: 70: Hoare triple {13917#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {13916#true} is VALID [2022-02-20 17:58:58,439 INFO L290 TraceCheckUtils]: 71: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~10; {13916#true} is VALID [2022-02-20 17:58:58,439 INFO L290 TraceCheckUtils]: 72: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {13916#true} is VALID [2022-02-20 17:58:58,439 INFO L290 TraceCheckUtils]: 73: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,439 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {13916#true} {13917#false} #1258#return; {13917#false} is VALID [2022-02-20 17:58:58,439 INFO L290 TraceCheckUtils]: 75: Hoare triple {13917#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {13917#false} is VALID [2022-02-20 17:58:58,439 INFO L290 TraceCheckUtils]: 76: Hoare triple {13917#false} assume 0 == sign_~privkey~1#1; {13917#false} is VALID [2022-02-20 17:58:58,439 INFO L290 TraceCheckUtils]: 77: Hoare triple {13917#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {13917#false} is VALID [2022-02-20 17:58:58,439 INFO L272 TraceCheckUtils]: 78: Hoare triple {13917#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {13916#true} is VALID [2022-02-20 17:58:58,440 INFO L290 TraceCheckUtils]: 79: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~4; {13916#true} is VALID [2022-02-20 17:58:58,440 INFO L290 TraceCheckUtils]: 80: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {13916#true} is VALID [2022-02-20 17:58:58,440 INFO L290 TraceCheckUtils]: 81: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,441 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {13916#true} {13917#false} #1260#return; {13917#false} is VALID [2022-02-20 17:58:58,441 INFO L290 TraceCheckUtils]: 83: Hoare triple {13917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {13917#false} is VALID [2022-02-20 17:58:58,441 INFO L290 TraceCheckUtils]: 84: Hoare triple {13917#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {13917#false} is VALID [2022-02-20 17:58:58,441 INFO L290 TraceCheckUtils]: 85: Hoare triple {13917#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret41#1 := puts(17, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret41#1 && outgoing__wrappee__AddressBook_#t~ret41#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret41#1; {13917#false} is VALID [2022-02-20 17:58:58,441 INFO L272 TraceCheckUtils]: 86: Hoare triple {13917#false} call outgoing__wrappee__AddressBook_#t~ret42#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {13916#true} is VALID [2022-02-20 17:58:58,441 INFO L290 TraceCheckUtils]: 87: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,441 INFO L290 TraceCheckUtils]: 88: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,442 INFO L290 TraceCheckUtils]: 89: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,442 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {13916#true} {13917#false} #1262#return; {13917#false} is VALID [2022-02-20 17:58:58,442 INFO L290 TraceCheckUtils]: 91: Hoare triple {13917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret42#1 && outgoing__wrappee__AddressBook_#t~ret42#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~4#1 := outgoing__wrappee__AddressBook_#t~ret42#1;havoc outgoing__wrappee__AddressBook_#t~ret42#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~4#1;call outgoing__wrappee__AddressBook_#t~ret43#1 := puts(18, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret43#1 && outgoing__wrappee__AddressBook_#t~ret43#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret43#1; {13917#false} is VALID [2022-02-20 17:58:58,442 INFO L272 TraceCheckUtils]: 92: Hoare triple {13917#false} call outgoing__wrappee__AddressBook_#t~ret44#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {13916#true} is VALID [2022-02-20 17:58:58,442 INFO L290 TraceCheckUtils]: 93: Hoare triple {13916#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~8; {13916#true} is VALID [2022-02-20 17:58:58,442 INFO L290 TraceCheckUtils]: 94: Hoare triple {13916#true} assume 1 == ~handle; {13916#true} is VALID [2022-02-20 17:58:58,442 INFO L290 TraceCheckUtils]: 95: Hoare triple {13916#true} assume 0 == ~index;~retValue_acc~8 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~8; {13916#true} is VALID [2022-02-20 17:58:58,442 INFO L290 TraceCheckUtils]: 96: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,443 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {13916#true} {13917#false} #1264#return; {13917#false} is VALID [2022-02-20 17:58:58,443 INFO L290 TraceCheckUtils]: 98: Hoare triple {13917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret44#1 && outgoing__wrappee__AddressBook_#t~ret44#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret44#1;havoc outgoing__wrappee__AddressBook_#t~ret44#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {13917#false} is VALID [2022-02-20 17:58:58,443 INFO L272 TraceCheckUtils]: 99: Hoare triple {13917#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {14015#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:58:58,443 INFO L290 TraceCheckUtils]: 100: Hoare triple {14015#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,443 INFO L290 TraceCheckUtils]: 101: Hoare triple {13916#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,443 INFO L290 TraceCheckUtils]: 102: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,443 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {13916#true} {13917#false} #1266#return; {13917#false} is VALID [2022-02-20 17:58:58,444 INFO L272 TraceCheckUtils]: 104: Hoare triple {13917#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {13917#false} is VALID [2022-02-20 17:58:58,444 INFO L290 TraceCheckUtils]: 105: Hoare triple {13917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {13917#false} is VALID [2022-02-20 17:58:58,444 INFO L272 TraceCheckUtils]: 106: Hoare triple {13917#false} call #t~ret38#1 := getEmailTo(~msg#1); {13916#true} is VALID [2022-02-20 17:58:58,444 INFO L290 TraceCheckUtils]: 107: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,444 INFO L290 TraceCheckUtils]: 108: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,444 INFO L290 TraceCheckUtils]: 109: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,444 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {13916#true} {13917#false} #1278#return; {13917#false} is VALID [2022-02-20 17:58:58,444 INFO L290 TraceCheckUtils]: 111: Hoare triple {13917#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {13917#false} is VALID [2022-02-20 17:58:58,445 INFO L272 TraceCheckUtils]: 112: Hoare triple {13917#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {13916#true} is VALID [2022-02-20 17:58:58,445 INFO L290 TraceCheckUtils]: 113: Hoare triple {13916#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {13916#true} is VALID [2022-02-20 17:58:58,445 INFO L290 TraceCheckUtils]: 114: Hoare triple {13916#true} assume 1 == ~handle; {13916#true} is VALID [2022-02-20 17:58:58,445 INFO L290 TraceCheckUtils]: 115: Hoare triple {13916#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {13916#true} is VALID [2022-02-20 17:58:58,445 INFO L290 TraceCheckUtils]: 116: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,445 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {13916#true} {13917#false} #1280#return; {13917#false} is VALID [2022-02-20 17:58:58,445 INFO L290 TraceCheckUtils]: 118: Hoare triple {13917#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {13917#false} is VALID [2022-02-20 17:58:58,446 INFO L290 TraceCheckUtils]: 119: Hoare triple {13917#false} assume !(0 != ~pubkey~1#1); {13917#false} is VALID [2022-02-20 17:58:58,446 INFO L290 TraceCheckUtils]: 120: Hoare triple {13917#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {13917#false} is VALID [2022-02-20 17:58:58,446 INFO L290 TraceCheckUtils]: 121: Hoare triple {13917#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {13917#false} is VALID [2022-02-20 17:58:58,446 INFO L290 TraceCheckUtils]: 122: Hoare triple {13917#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {13917#false} is VALID [2022-02-20 17:58:58,446 INFO L272 TraceCheckUtils]: 123: Hoare triple {13917#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {14014#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:58:58,446 INFO L290 TraceCheckUtils]: 124: Hoare triple {14014#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:58,446 INFO L290 TraceCheckUtils]: 125: Hoare triple {13916#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:58,446 INFO L290 TraceCheckUtils]: 126: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,447 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {13916#true} {13917#false} #1286#return; {13917#false} is VALID [2022-02-20 17:58:58,447 INFO L290 TraceCheckUtils]: 128: Hoare triple {13917#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {13917#false} is VALID [2022-02-20 17:58:58,447 INFO L272 TraceCheckUtils]: 129: Hoare triple {13917#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {13916#true} is VALID [2022-02-20 17:58:58,447 INFO L290 TraceCheckUtils]: 130: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~38; {13916#true} is VALID [2022-02-20 17:58:58,447 INFO L290 TraceCheckUtils]: 131: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {13916#true} is VALID [2022-02-20 17:58:58,447 INFO L290 TraceCheckUtils]: 132: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,447 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {13916#true} {13917#false} #1288#return; {13917#false} is VALID [2022-02-20 17:58:58,448 INFO L290 TraceCheckUtils]: 134: Hoare triple {13917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {13917#false} is VALID [2022-02-20 17:58:58,448 INFO L290 TraceCheckUtils]: 135: Hoare triple {13917#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {13917#false} is VALID [2022-02-20 17:58:58,448 INFO L272 TraceCheckUtils]: 136: Hoare triple {13917#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {13916#true} is VALID [2022-02-20 17:58:58,448 INFO L290 TraceCheckUtils]: 137: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,448 INFO L290 TraceCheckUtils]: 138: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13916#true} is VALID [2022-02-20 17:58:58,448 INFO L290 TraceCheckUtils]: 139: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,448 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {13916#true} {13917#false} #1290#return; {13917#false} is VALID [2022-02-20 17:58:58,448 INFO L290 TraceCheckUtils]: 141: Hoare triple {13917#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {13917#false} is VALID [2022-02-20 17:58:58,449 INFO L272 TraceCheckUtils]: 142: Hoare triple {13917#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {13916#true} is VALID [2022-02-20 17:58:58,449 INFO L290 TraceCheckUtils]: 143: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~10; {13916#true} is VALID [2022-02-20 17:58:58,449 INFO L290 TraceCheckUtils]: 144: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {13916#true} is VALID [2022-02-20 17:58:58,449 INFO L290 TraceCheckUtils]: 145: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,449 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {13916#true} {13917#false} #1292#return; {13917#false} is VALID [2022-02-20 17:58:58,449 INFO L290 TraceCheckUtils]: 147: Hoare triple {13917#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {13917#false} is VALID [2022-02-20 17:58:58,449 INFO L290 TraceCheckUtils]: 148: Hoare triple {13917#false} assume !(0 != incoming_~privkey~0#1); {13917#false} is VALID [2022-02-20 17:58:58,450 INFO L290 TraceCheckUtils]: 149: Hoare triple {13917#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {13917#false} is VALID [2022-02-20 17:58:58,450 INFO L290 TraceCheckUtils]: 150: Hoare triple {13917#false} assume 1 == ~sent_signed~0; {13917#false} is VALID [2022-02-20 17:58:58,450 INFO L272 TraceCheckUtils]: 151: Hoare triple {13917#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {13916#true} is VALID [2022-02-20 17:58:58,450 INFO L290 TraceCheckUtils]: 152: Hoare triple {13916#true} ~handle := #in~handle;havoc ~retValue_acc~32; {13916#true} is VALID [2022-02-20 17:58:58,450 INFO L290 TraceCheckUtils]: 153: Hoare triple {13916#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {13916#true} is VALID [2022-02-20 17:58:58,450 INFO L290 TraceCheckUtils]: 154: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,450 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {13916#true} {13917#false} #1304#return; {13917#false} is VALID [2022-02-20 17:58:58,451 INFO L290 TraceCheckUtils]: 156: Hoare triple {13917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {13917#false} is VALID [2022-02-20 17:58:58,451 INFO L272 TraceCheckUtils]: 157: Hoare triple {13917#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {13916#true} is VALID [2022-02-20 17:58:58,451 INFO L290 TraceCheckUtils]: 158: Hoare triple {13916#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {13916#true} is VALID [2022-02-20 17:58:58,451 INFO L290 TraceCheckUtils]: 159: Hoare triple {13916#true} assume 1 == ~handle; {13916#true} is VALID [2022-02-20 17:58:58,451 INFO L290 TraceCheckUtils]: 160: Hoare triple {13916#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {13916#true} is VALID [2022-02-20 17:58:58,451 INFO L290 TraceCheckUtils]: 161: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:58,451 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {13916#true} {13917#false} #1306#return; {13917#false} is VALID [2022-02-20 17:58:58,451 INFO L290 TraceCheckUtils]: 163: Hoare triple {13917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {13917#false} is VALID [2022-02-20 17:58:58,452 INFO L290 TraceCheckUtils]: 164: Hoare triple {13917#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {13917#false} is VALID [2022-02-20 17:58:58,452 INFO L272 TraceCheckUtils]: 165: Hoare triple {13917#false} call __automaton_fail(); {13917#false} is VALID [2022-02-20 17:58:58,452 INFO L290 TraceCheckUtils]: 166: Hoare triple {13917#false} assume !false; {13917#false} is VALID [2022-02-20 17:58:58,452 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 6 proven. 6 refuted. 0 times theorem prover too weak. 43 trivial. 0 not checked. [2022-02-20 17:58:58,453 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:58:58,453 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [379174273] [2022-02-20 17:58:58,453 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [379174273] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 17:58:58,453 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [413910277] [2022-02-20 17:58:58,453 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:58:58,453 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:58:58,453 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 17:58:58,456 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 17:58:58,486 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Waiting until timeout for monitored process [2022-02-20 17:58:58,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,768 INFO L263 TraceCheckSpWp]: Trace formula consists of 1397 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 17:58:58,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:58:58,830 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 17:58:59,232 INFO L290 TraceCheckUtils]: 0: Hoare triple {13916#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {13916#true} is VALID [2022-02-20 17:58:59,232 INFO L290 TraceCheckUtils]: 1: Hoare triple {13916#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {13916#true} is VALID [2022-02-20 17:58:59,232 INFO L290 TraceCheckUtils]: 2: Hoare triple {13916#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {13916#true} is VALID [2022-02-20 17:58:59,232 INFO L290 TraceCheckUtils]: 3: Hoare triple {13916#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {13916#true} is VALID [2022-02-20 17:58:59,232 INFO L290 TraceCheckUtils]: 4: Hoare triple {13916#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L290 TraceCheckUtils]: 5: Hoare triple {13916#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L272 TraceCheckUtils]: 6: Hoare triple {13916#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L290 TraceCheckUtils]: 7: Hoare triple {13916#true} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L290 TraceCheckUtils]: 8: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L290 TraceCheckUtils]: 9: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {13916#true} {13916#true} #1358#return; {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L290 TraceCheckUtils]: 11: Hoare triple {13916#true} assume { :end_inline_setup_bob__wrappee__Base } true; {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L272 TraceCheckUtils]: 12: Hoare triple {13916#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L290 TraceCheckUtils]: 13: Hoare triple {13916#true} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:59,233 INFO L290 TraceCheckUtils]: 14: Hoare triple {13916#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:59,234 INFO L290 TraceCheckUtils]: 15: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:59,234 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {13916#true} {13916#true} #1360#return; {13916#true} is VALID [2022-02-20 17:58:59,234 INFO L290 TraceCheckUtils]: 17: Hoare triple {13916#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {14070#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:59,234 INFO L272 TraceCheckUtils]: 18: Hoare triple {14070#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {13916#true} is VALID [2022-02-20 17:58:59,235 INFO L290 TraceCheckUtils]: 19: Hoare triple {13916#true} ~handle := #in~handle;~value := #in~value; {13916#true} is VALID [2022-02-20 17:58:59,235 INFO L290 TraceCheckUtils]: 20: Hoare triple {13916#true} assume !(1 == ~handle); {13916#true} is VALID [2022-02-20 17:58:59,235 INFO L290 TraceCheckUtils]: 21: Hoare triple {13916#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {13916#true} is VALID [2022-02-20 17:58:59,235 INFO L290 TraceCheckUtils]: 22: Hoare triple {13916#true} assume true; {13916#true} is VALID [2022-02-20 17:58:59,236 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {13916#true} {14070#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1362#return; {14070#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:59,236 INFO L290 TraceCheckUtils]: 24: Hoare triple {14070#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} assume { :end_inline_setup_rjh__wrappee__Base } true; {14070#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} is VALID [2022-02-20 17:58:59,236 INFO L272 TraceCheckUtils]: 25: Hoare triple {14070#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {13916#true} is VALID [2022-02-20 17:58:59,237 INFO L290 TraceCheckUtils]: 26: Hoare triple {13916#true} ~handle := #in~handle;~value := #in~value; {14098#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} is VALID [2022-02-20 17:58:59,237 INFO L290 TraceCheckUtils]: 27: Hoare triple {14098#(<= |setClientPrivateKey_#in~handle| setClientPrivateKey_~handle)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {14102#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:59,237 INFO L290 TraceCheckUtils]: 28: Hoare triple {14102#(<= |setClientPrivateKey_#in~handle| 1)} assume true; {14102#(<= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:58:59,238 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {14102#(<= |setClientPrivateKey_#in~handle| 1)} {14070#(<= 2 |ULTIMATE.start_setup_rjh_~rjh___0#1|)} #1364#return; {13917#false} is VALID [2022-02-20 17:58:59,238 INFO L290 TraceCheckUtils]: 30: Hoare triple {13917#false} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {13917#false} is VALID [2022-02-20 17:58:59,238 INFO L272 TraceCheckUtils]: 31: Hoare triple {13917#false} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {13917#false} is VALID [2022-02-20 17:58:59,239 INFO L290 TraceCheckUtils]: 32: Hoare triple {13917#false} ~handle := #in~handle;~value := #in~value; {13917#false} is VALID [2022-02-20 17:58:59,239 INFO L290 TraceCheckUtils]: 33: Hoare triple {13917#false} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {13917#false} is VALID [2022-02-20 17:58:59,239 INFO L290 TraceCheckUtils]: 34: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,239 INFO L284 TraceCheckUtils]: 35: Hoare quadruple {13917#false} {13917#false} #1366#return; {13917#false} is VALID [2022-02-20 17:58:59,239 INFO L290 TraceCheckUtils]: 36: Hoare triple {13917#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {13917#false} is VALID [2022-02-20 17:58:59,239 INFO L272 TraceCheckUtils]: 37: Hoare triple {13917#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {13917#false} is VALID [2022-02-20 17:58:59,239 INFO L290 TraceCheckUtils]: 38: Hoare triple {13917#false} ~handle := #in~handle;~value := #in~value; {13917#false} is VALID [2022-02-20 17:58:59,239 INFO L290 TraceCheckUtils]: 39: Hoare triple {13917#false} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {13917#false} is VALID [2022-02-20 17:58:59,240 INFO L290 TraceCheckUtils]: 40: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,240 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {13917#false} {13917#false} #1368#return; {13917#false} is VALID [2022-02-20 17:58:59,240 INFO L290 TraceCheckUtils]: 42: Hoare triple {13917#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {13917#false} is VALID [2022-02-20 17:58:59,240 INFO L290 TraceCheckUtils]: 43: Hoare triple {13917#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {13917#false} is VALID [2022-02-20 17:58:59,240 INFO L290 TraceCheckUtils]: 44: Hoare triple {13917#false} assume !false; {13917#false} is VALID [2022-02-20 17:58:59,240 INFO L290 TraceCheckUtils]: 45: Hoare triple {13917#false} assume test_~splverifierCounter~0#1 < 4; {13917#false} is VALID [2022-02-20 17:58:59,240 INFO L290 TraceCheckUtils]: 46: Hoare triple {13917#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {13917#false} is VALID [2022-02-20 17:58:59,241 INFO L290 TraceCheckUtils]: 47: Hoare triple {13917#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {13917#false} is VALID [2022-02-20 17:58:59,241 INFO L290 TraceCheckUtils]: 48: Hoare triple {13917#false} assume !(0 != test_~tmp___9~0#1); {13917#false} is VALID [2022-02-20 17:58:59,241 INFO L290 TraceCheckUtils]: 49: Hoare triple {13917#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {13917#false} is VALID [2022-02-20 17:58:59,241 INFO L290 TraceCheckUtils]: 50: Hoare triple {13917#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {13917#false} is VALID [2022-02-20 17:58:59,241 INFO L290 TraceCheckUtils]: 51: Hoare triple {13917#false} assume !false; {13917#false} is VALID [2022-02-20 17:58:59,241 INFO L290 TraceCheckUtils]: 52: Hoare triple {13917#false} assume !(test_~splverifierCounter~0#1 < 4); {13917#false} is VALID [2022-02-20 17:58:59,241 INFO L290 TraceCheckUtils]: 53: Hoare triple {13917#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {13917#false} is VALID [2022-02-20 17:58:59,242 INFO L272 TraceCheckUtils]: 54: Hoare triple {13917#false} call sendEmail(~bob~0, ~rjh~0); {13917#false} is VALID [2022-02-20 17:58:59,242 INFO L290 TraceCheckUtils]: 55: Hoare triple {13917#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {13917#false} is VALID [2022-02-20 17:58:59,242 INFO L272 TraceCheckUtils]: 56: Hoare triple {13917#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {13917#false} is VALID [2022-02-20 17:58:59,242 INFO L290 TraceCheckUtils]: 57: Hoare triple {13917#false} ~handle := #in~handle;~value := #in~value; {13917#false} is VALID [2022-02-20 17:58:59,242 INFO L290 TraceCheckUtils]: 58: Hoare triple {13917#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13917#false} is VALID [2022-02-20 17:58:59,242 INFO L290 TraceCheckUtils]: 59: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,242 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {13917#false} {13917#false} #1344#return; {13917#false} is VALID [2022-02-20 17:58:59,242 INFO L272 TraceCheckUtils]: 61: Hoare triple {13917#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {13917#false} is VALID [2022-02-20 17:58:59,243 INFO L290 TraceCheckUtils]: 62: Hoare triple {13917#false} ~handle := #in~handle;~value := #in~value; {13917#false} is VALID [2022-02-20 17:58:59,243 INFO L290 TraceCheckUtils]: 63: Hoare triple {13917#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13917#false} is VALID [2022-02-20 17:58:59,243 INFO L290 TraceCheckUtils]: 64: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,243 INFO L284 TraceCheckUtils]: 65: Hoare quadruple {13917#false} {13917#false} #1346#return; {13917#false} is VALID [2022-02-20 17:58:59,243 INFO L290 TraceCheckUtils]: 66: Hoare triple {13917#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {13917#false} is VALID [2022-02-20 17:58:59,243 INFO L290 TraceCheckUtils]: 67: Hoare triple {13917#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {13917#false} is VALID [2022-02-20 17:58:59,243 INFO L272 TraceCheckUtils]: 68: Hoare triple {13917#false} call outgoing(~sender#1, ~email~0#1); {13917#false} is VALID [2022-02-20 17:58:59,244 INFO L290 TraceCheckUtils]: 69: Hoare triple {13917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {13917#false} is VALID [2022-02-20 17:58:59,244 INFO L272 TraceCheckUtils]: 70: Hoare triple {13917#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {13917#false} is VALID [2022-02-20 17:58:59,244 INFO L290 TraceCheckUtils]: 71: Hoare triple {13917#false} ~handle := #in~handle;havoc ~retValue_acc~10; {13917#false} is VALID [2022-02-20 17:58:59,244 INFO L290 TraceCheckUtils]: 72: Hoare triple {13917#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {13917#false} is VALID [2022-02-20 17:58:59,244 INFO L290 TraceCheckUtils]: 73: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,244 INFO L284 TraceCheckUtils]: 74: Hoare quadruple {13917#false} {13917#false} #1258#return; {13917#false} is VALID [2022-02-20 17:58:59,244 INFO L290 TraceCheckUtils]: 75: Hoare triple {13917#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {13917#false} is VALID [2022-02-20 17:58:59,245 INFO L290 TraceCheckUtils]: 76: Hoare triple {13917#false} assume 0 == sign_~privkey~1#1; {13917#false} is VALID [2022-02-20 17:58:59,245 INFO L290 TraceCheckUtils]: 77: Hoare triple {13917#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {13917#false} is VALID [2022-02-20 17:58:59,245 INFO L272 TraceCheckUtils]: 78: Hoare triple {13917#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {13917#false} is VALID [2022-02-20 17:58:59,245 INFO L290 TraceCheckUtils]: 79: Hoare triple {13917#false} ~handle := #in~handle;havoc ~retValue_acc~4; {13917#false} is VALID [2022-02-20 17:58:59,245 INFO L290 TraceCheckUtils]: 80: Hoare triple {13917#false} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {13917#false} is VALID [2022-02-20 17:58:59,245 INFO L290 TraceCheckUtils]: 81: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,245 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {13917#false} {13917#false} #1260#return; {13917#false} is VALID [2022-02-20 17:58:59,245 INFO L290 TraceCheckUtils]: 83: Hoare triple {13917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {13917#false} is VALID [2022-02-20 17:58:59,246 INFO L290 TraceCheckUtils]: 84: Hoare triple {13917#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {13917#false} is VALID [2022-02-20 17:58:59,246 INFO L290 TraceCheckUtils]: 85: Hoare triple {13917#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret41#1 := puts(17, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret41#1 && outgoing__wrappee__AddressBook_#t~ret41#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret41#1; {13917#false} is VALID [2022-02-20 17:58:59,246 INFO L272 TraceCheckUtils]: 86: Hoare triple {13917#false} call outgoing__wrappee__AddressBook_#t~ret42#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {13917#false} is VALID [2022-02-20 17:58:59,246 INFO L290 TraceCheckUtils]: 87: Hoare triple {13917#false} ~handle := #in~handle;havoc ~retValue_acc~33; {13917#false} is VALID [2022-02-20 17:58:59,246 INFO L290 TraceCheckUtils]: 88: Hoare triple {13917#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13917#false} is VALID [2022-02-20 17:58:59,246 INFO L290 TraceCheckUtils]: 89: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,246 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {13917#false} {13917#false} #1262#return; {13917#false} is VALID [2022-02-20 17:58:59,247 INFO L290 TraceCheckUtils]: 91: Hoare triple {13917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret42#1 && outgoing__wrappee__AddressBook_#t~ret42#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~4#1 := outgoing__wrappee__AddressBook_#t~ret42#1;havoc outgoing__wrappee__AddressBook_#t~ret42#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~4#1;call outgoing__wrappee__AddressBook_#t~ret43#1 := puts(18, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret43#1 && outgoing__wrappee__AddressBook_#t~ret43#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret43#1; {13917#false} is VALID [2022-02-20 17:58:59,247 INFO L272 TraceCheckUtils]: 92: Hoare triple {13917#false} call outgoing__wrappee__AddressBook_#t~ret44#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {13917#false} is VALID [2022-02-20 17:58:59,247 INFO L290 TraceCheckUtils]: 93: Hoare triple {13917#false} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~8; {13917#false} is VALID [2022-02-20 17:58:59,247 INFO L290 TraceCheckUtils]: 94: Hoare triple {13917#false} assume 1 == ~handle; {13917#false} is VALID [2022-02-20 17:58:59,247 INFO L290 TraceCheckUtils]: 95: Hoare triple {13917#false} assume 0 == ~index;~retValue_acc~8 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~8; {13917#false} is VALID [2022-02-20 17:58:59,247 INFO L290 TraceCheckUtils]: 96: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,247 INFO L284 TraceCheckUtils]: 97: Hoare quadruple {13917#false} {13917#false} #1264#return; {13917#false} is VALID [2022-02-20 17:58:59,248 INFO L290 TraceCheckUtils]: 98: Hoare triple {13917#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret44#1 && outgoing__wrappee__AddressBook_#t~ret44#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret44#1;havoc outgoing__wrappee__AddressBook_#t~ret44#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {13917#false} is VALID [2022-02-20 17:58:59,248 INFO L272 TraceCheckUtils]: 99: Hoare triple {13917#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {13917#false} is VALID [2022-02-20 17:58:59,248 INFO L290 TraceCheckUtils]: 100: Hoare triple {13917#false} ~handle := #in~handle;~value := #in~value; {13917#false} is VALID [2022-02-20 17:58:59,248 INFO L290 TraceCheckUtils]: 101: Hoare triple {13917#false} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {13917#false} is VALID [2022-02-20 17:58:59,248 INFO L290 TraceCheckUtils]: 102: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,248 INFO L284 TraceCheckUtils]: 103: Hoare quadruple {13917#false} {13917#false} #1266#return; {13917#false} is VALID [2022-02-20 17:58:59,248 INFO L272 TraceCheckUtils]: 104: Hoare triple {13917#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {13917#false} is VALID [2022-02-20 17:58:59,248 INFO L290 TraceCheckUtils]: 105: Hoare triple {13917#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {13917#false} is VALID [2022-02-20 17:58:59,249 INFO L272 TraceCheckUtils]: 106: Hoare triple {13917#false} call #t~ret38#1 := getEmailTo(~msg#1); {13917#false} is VALID [2022-02-20 17:58:59,249 INFO L290 TraceCheckUtils]: 107: Hoare triple {13917#false} ~handle := #in~handle;havoc ~retValue_acc~33; {13917#false} is VALID [2022-02-20 17:58:59,249 INFO L290 TraceCheckUtils]: 108: Hoare triple {13917#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13917#false} is VALID [2022-02-20 17:58:59,249 INFO L290 TraceCheckUtils]: 109: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,249 INFO L284 TraceCheckUtils]: 110: Hoare quadruple {13917#false} {13917#false} #1278#return; {13917#false} is VALID [2022-02-20 17:58:59,249 INFO L290 TraceCheckUtils]: 111: Hoare triple {13917#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {13917#false} is VALID [2022-02-20 17:58:59,249 INFO L272 TraceCheckUtils]: 112: Hoare triple {13917#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {13917#false} is VALID [2022-02-20 17:58:59,250 INFO L290 TraceCheckUtils]: 113: Hoare triple {13917#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {13917#false} is VALID [2022-02-20 17:58:59,250 INFO L290 TraceCheckUtils]: 114: Hoare triple {13917#false} assume 1 == ~handle; {13917#false} is VALID [2022-02-20 17:58:59,250 INFO L290 TraceCheckUtils]: 115: Hoare triple {13917#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {13917#false} is VALID [2022-02-20 17:58:59,250 INFO L290 TraceCheckUtils]: 116: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,250 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {13917#false} {13917#false} #1280#return; {13917#false} is VALID [2022-02-20 17:58:59,250 INFO L290 TraceCheckUtils]: 118: Hoare triple {13917#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {13917#false} is VALID [2022-02-20 17:58:59,250 INFO L290 TraceCheckUtils]: 119: Hoare triple {13917#false} assume !(0 != ~pubkey~1#1); {13917#false} is VALID [2022-02-20 17:58:59,250 INFO L290 TraceCheckUtils]: 120: Hoare triple {13917#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {13917#false} is VALID [2022-02-20 17:58:59,251 INFO L290 TraceCheckUtils]: 121: Hoare triple {13917#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {13917#false} is VALID [2022-02-20 17:58:59,251 INFO L290 TraceCheckUtils]: 122: Hoare triple {13917#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {13917#false} is VALID [2022-02-20 17:58:59,251 INFO L272 TraceCheckUtils]: 123: Hoare triple {13917#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {13917#false} is VALID [2022-02-20 17:58:59,251 INFO L290 TraceCheckUtils]: 124: Hoare triple {13917#false} ~handle := #in~handle;~value := #in~value; {13917#false} is VALID [2022-02-20 17:58:59,251 INFO L290 TraceCheckUtils]: 125: Hoare triple {13917#false} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {13917#false} is VALID [2022-02-20 17:58:59,251 INFO L290 TraceCheckUtils]: 126: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,251 INFO L284 TraceCheckUtils]: 127: Hoare quadruple {13917#false} {13917#false} #1286#return; {13917#false} is VALID [2022-02-20 17:58:59,252 INFO L290 TraceCheckUtils]: 128: Hoare triple {13917#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {13917#false} is VALID [2022-02-20 17:58:59,252 INFO L272 TraceCheckUtils]: 129: Hoare triple {13917#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {13917#false} is VALID [2022-02-20 17:58:59,252 INFO L290 TraceCheckUtils]: 130: Hoare triple {13917#false} ~handle := #in~handle;havoc ~retValue_acc~38; {13917#false} is VALID [2022-02-20 17:58:59,252 INFO L290 TraceCheckUtils]: 131: Hoare triple {13917#false} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {13917#false} is VALID [2022-02-20 17:58:59,252 INFO L290 TraceCheckUtils]: 132: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,252 INFO L284 TraceCheckUtils]: 133: Hoare quadruple {13917#false} {13917#false} #1288#return; {13917#false} is VALID [2022-02-20 17:58:59,252 INFO L290 TraceCheckUtils]: 134: Hoare triple {13917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {13917#false} is VALID [2022-02-20 17:58:59,252 INFO L290 TraceCheckUtils]: 135: Hoare triple {13917#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {13917#false} is VALID [2022-02-20 17:58:59,253 INFO L272 TraceCheckUtils]: 136: Hoare triple {13917#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {13917#false} is VALID [2022-02-20 17:58:59,253 INFO L290 TraceCheckUtils]: 137: Hoare triple {13917#false} ~handle := #in~handle;havoc ~retValue_acc~33; {13917#false} is VALID [2022-02-20 17:58:59,253 INFO L290 TraceCheckUtils]: 138: Hoare triple {13917#false} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {13917#false} is VALID [2022-02-20 17:58:59,253 INFO L290 TraceCheckUtils]: 139: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,253 INFO L284 TraceCheckUtils]: 140: Hoare quadruple {13917#false} {13917#false} #1290#return; {13917#false} is VALID [2022-02-20 17:58:59,253 INFO L290 TraceCheckUtils]: 141: Hoare triple {13917#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {13917#false} is VALID [2022-02-20 17:58:59,253 INFO L272 TraceCheckUtils]: 142: Hoare triple {13917#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {13917#false} is VALID [2022-02-20 17:58:59,254 INFO L290 TraceCheckUtils]: 143: Hoare triple {13917#false} ~handle := #in~handle;havoc ~retValue_acc~10; {13917#false} is VALID [2022-02-20 17:58:59,254 INFO L290 TraceCheckUtils]: 144: Hoare triple {13917#false} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {13917#false} is VALID [2022-02-20 17:58:59,254 INFO L290 TraceCheckUtils]: 145: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,259 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {13917#false} {13917#false} #1292#return; {13917#false} is VALID [2022-02-20 17:58:59,259 INFO L290 TraceCheckUtils]: 147: Hoare triple {13917#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {13917#false} is VALID [2022-02-20 17:58:59,259 INFO L290 TraceCheckUtils]: 148: Hoare triple {13917#false} assume !(0 != incoming_~privkey~0#1); {13917#false} is VALID [2022-02-20 17:58:59,260 INFO L290 TraceCheckUtils]: 149: Hoare triple {13917#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {13917#false} is VALID [2022-02-20 17:58:59,260 INFO L290 TraceCheckUtils]: 150: Hoare triple {13917#false} assume 1 == ~sent_signed~0; {13917#false} is VALID [2022-02-20 17:58:59,260 INFO L272 TraceCheckUtils]: 151: Hoare triple {13917#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {13917#false} is VALID [2022-02-20 17:58:59,260 INFO L290 TraceCheckUtils]: 152: Hoare triple {13917#false} ~handle := #in~handle;havoc ~retValue_acc~32; {13917#false} is VALID [2022-02-20 17:58:59,260 INFO L290 TraceCheckUtils]: 153: Hoare triple {13917#false} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {13917#false} is VALID [2022-02-20 17:58:59,260 INFO L290 TraceCheckUtils]: 154: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,260 INFO L284 TraceCheckUtils]: 155: Hoare quadruple {13917#false} {13917#false} #1304#return; {13917#false} is VALID [2022-02-20 17:58:59,261 INFO L290 TraceCheckUtils]: 156: Hoare triple {13917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {13917#false} is VALID [2022-02-20 17:58:59,261 INFO L272 TraceCheckUtils]: 157: Hoare triple {13917#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {13917#false} is VALID [2022-02-20 17:58:59,261 INFO L290 TraceCheckUtils]: 158: Hoare triple {13917#false} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {13917#false} is VALID [2022-02-20 17:58:59,261 INFO L290 TraceCheckUtils]: 159: Hoare triple {13917#false} assume 1 == ~handle; {13917#false} is VALID [2022-02-20 17:58:59,261 INFO L290 TraceCheckUtils]: 160: Hoare triple {13917#false} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {13917#false} is VALID [2022-02-20 17:58:59,261 INFO L290 TraceCheckUtils]: 161: Hoare triple {13917#false} assume true; {13917#false} is VALID [2022-02-20 17:58:59,261 INFO L284 TraceCheckUtils]: 162: Hoare quadruple {13917#false} {13917#false} #1306#return; {13917#false} is VALID [2022-02-20 17:58:59,262 INFO L290 TraceCheckUtils]: 163: Hoare triple {13917#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {13917#false} is VALID [2022-02-20 17:58:59,262 INFO L290 TraceCheckUtils]: 164: Hoare triple {13917#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {13917#false} is VALID [2022-02-20 17:58:59,262 INFO L272 TraceCheckUtils]: 165: Hoare triple {13917#false} call __automaton_fail(); {13917#false} is VALID [2022-02-20 17:58:59,262 INFO L290 TraceCheckUtils]: 166: Hoare triple {13917#false} assume !false; {13917#false} is VALID [2022-02-20 17:58:59,262 INFO L134 CoverageAnalysis]: Checked inductivity of 55 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 36 trivial. 0 not checked. [2022-02-20 17:58:59,262 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 17:58:59,263 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [413910277] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:58:59,263 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 17:58:59,263 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [12] total 15 [2022-02-20 17:58:59,263 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1966706811] [2022-02-20 17:58:59,263 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:58:59,264 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) Word has length 167 [2022-02-20 17:58:59,265 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:58:59,265 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:58:59,360 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 145 edges. 145 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:58:59,360 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 17:58:59,360 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:58:59,360 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 17:58:59,361 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=180, Unknown=0, NotChecked=0, Total=210 [2022-02-20 17:58:59,361 INFO L87 Difference]: Start difference. First operand 521 states and 798 transitions. Second operand has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:00,736 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:00,736 INFO L93 Difference]: Finished difference Result 1031 states and 1585 transitions. [2022-02-20 17:59:00,736 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 17:59:00,737 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) Word has length 167 [2022-02-20 17:59:00,737 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:00,737 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:00,750 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1341 transitions. [2022-02-20 17:59:00,751 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:00,773 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 1341 transitions. [2022-02-20 17:59:00,773 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 1341 transitions. [2022-02-20 17:59:01,602 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1341 edges. 1341 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:01,639 INFO L225 Difference]: With dead ends: 1031 [2022-02-20 17:59:01,640 INFO L226 Difference]: Without dead ends: 523 [2022-02-20 17:59:01,641 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 215 GetRequests, 201 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=34, Invalid=206, Unknown=0, NotChecked=0, Total=240 [2022-02-20 17:59:01,642 INFO L933 BasicCegarLoop]: 665 mSDtfsCounter, 151 mSDsluCounter, 1818 mSDsCounter, 0 mSdLazyCounter, 45 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 174 SdHoareTripleChecker+Valid, 2483 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 45 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:01,643 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [174 Valid, 2483 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 45 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 17:59:01,644 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 523 states. [2022-02-20 17:59:01,758 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 523 to 523. [2022-02-20 17:59:01,758 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:01,760 INFO L82 GeneralOperation]: Start isEquivalent. First operand 523 states. Second operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (94), 86 states have call predecessors, (94), 87 states have call successors, (94) [2022-02-20 17:59:01,761 INFO L74 IsIncluded]: Start isIncluded. First operand 523 states. Second operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (94), 86 states have call predecessors, (94), 87 states have call successors, (94) [2022-02-20 17:59:01,762 INFO L87 Difference]: Start difference. First operand 523 states. Second operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (94), 86 states have call predecessors, (94), 87 states have call successors, (94) [2022-02-20 17:59:01,781 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:01,781 INFO L93 Difference]: Finished difference Result 523 states and 804 transitions. [2022-02-20 17:59:01,781 INFO L276 IsEmpty]: Start isEmpty. Operand 523 states and 804 transitions. [2022-02-20 17:59:01,783 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:01,784 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:01,785 INFO L74 IsIncluded]: Start isIncluded. First operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (94), 86 states have call predecessors, (94), 87 states have call successors, (94) Second operand 523 states. [2022-02-20 17:59:01,786 INFO L87 Difference]: Start difference. First operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (94), 86 states have call predecessors, (94), 87 states have call successors, (94) Second operand 523 states. [2022-02-20 17:59:01,806 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:01,806 INFO L93 Difference]: Finished difference Result 523 states and 804 transitions. [2022-02-20 17:59:01,806 INFO L276 IsEmpty]: Start isEmpty. Operand 523 states and 804 transitions. [2022-02-20 17:59:01,808 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:01,808 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:01,808 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:01,808 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:01,810 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (94), 86 states have call predecessors, (94), 87 states have call successors, (94) [2022-02-20 17:59:01,833 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 523 states to 523 states and 804 transitions. [2022-02-20 17:59:01,833 INFO L78 Accepts]: Start accepts. Automaton has 523 states and 804 transitions. Word has length 167 [2022-02-20 17:59:01,833 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:01,834 INFO L470 AbstractCegarLoop]: Abstraction has 523 states and 804 transitions. [2022-02-20 17:59:01,834 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 19.8) internal successors, (99), 5 states have internal predecessors, (99), 3 states have call successors, (25), 2 states have call predecessors, (25), 3 states have return successors, (21), 3 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:01,834 INFO L276 IsEmpty]: Start isEmpty. Operand 523 states and 804 transitions. [2022-02-20 17:59:01,836 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 150 [2022-02-20 17:59:01,836 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:01,837 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:01,864 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (6)] Forceful destruction successful, exit code 0 [2022-02-20 17:59:02,052 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4,6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 17:59:02,052 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:02,052 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:02,052 INFO L85 PathProgramCache]: Analyzing trace with hash -342668476, now seen corresponding path program 1 times [2022-02-20 17:59:02,052 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:02,052 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1212846611] [2022-02-20 17:59:02,053 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:02,053 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:02,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,127 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:02,129 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,132 INFO L290 TraceCheckUtils]: 0: Hoare triple {17808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,133 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,133 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,133 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17729#true} #1358#return; {17729#true} is VALID [2022-02-20 17:59:02,139 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:02,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,142 INFO L290 TraceCheckUtils]: 0: Hoare triple {17809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,143 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,143 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,143 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17729#true} #1360#return; {17729#true} is VALID [2022-02-20 17:59:02,143 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:02,144 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {17808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,146 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume !(1 == ~handle); {17729#true} is VALID [2022-02-20 17:59:02,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,147 INFO L290 TraceCheckUtils]: 3: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,147 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17729#true} {17729#true} #1362#return; {17729#true} is VALID [2022-02-20 17:59:02,147 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:02,149 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,151 INFO L290 TraceCheckUtils]: 0: Hoare triple {17809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,151 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume !(1 == ~handle); {17729#true} is VALID [2022-02-20 17:59:02,151 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,151 INFO L290 TraceCheckUtils]: 3: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,151 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17729#true} {17729#true} #1364#return; {17729#true} is VALID [2022-02-20 17:59:02,151 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:02,154 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,166 INFO L290 TraceCheckUtils]: 0: Hoare triple {17808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17810#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:02,166 INFO L290 TraceCheckUtils]: 1: Hoare triple {17810#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17811#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:02,167 INFO L290 TraceCheckUtils]: 2: Hoare triple {17811#(= |setClientId_#in~handle| 1)} assume true; {17811#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:02,167 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17811#(= |setClientId_#in~handle| 1)} {17749#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1366#return; {17730#false} is VALID [2022-02-20 17:59:02,168 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 17:59:02,169 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,171 INFO L290 TraceCheckUtils]: 0: Hoare triple {17809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,172 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,172 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,172 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1368#return; {17730#false} is VALID [2022-02-20 17:59:02,178 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 17:59:02,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,181 INFO L290 TraceCheckUtils]: 0: Hoare triple {17812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,181 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,181 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,182 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1344#return; {17730#false} is VALID [2022-02-20 17:59:02,188 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 62 [2022-02-20 17:59:02,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,192 INFO L290 TraceCheckUtils]: 0: Hoare triple {17813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,192 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,192 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,192 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1346#return; {17730#false} is VALID [2022-02-20 17:59:02,192 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 71 [2022-02-20 17:59:02,193 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,195 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~10; {17729#true} is VALID [2022-02-20 17:59:02,195 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {17729#true} is VALID [2022-02-20 17:59:02,195 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,195 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1258#return; {17730#false} is VALID [2022-02-20 17:59:02,195 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 79 [2022-02-20 17:59:02,196 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~4; {17729#true} is VALID [2022-02-20 17:59:02,198 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {17729#true} is VALID [2022-02-20 17:59:02,198 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,198 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1260#return; {17730#false} is VALID [2022-02-20 17:59:02,198 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:59:02,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,200 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~33; {17729#true} is VALID [2022-02-20 17:59:02,201 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {17729#true} is VALID [2022-02-20 17:59:02,201 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,201 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1278#return; {17730#false} is VALID [2022-02-20 17:59:02,201 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:59:02,202 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,204 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {17729#true} is VALID [2022-02-20 17:59:02,204 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle; {17729#true} is VALID [2022-02-20 17:59:02,204 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {17729#true} is VALID [2022-02-20 17:59:02,204 INFO L290 TraceCheckUtils]: 3: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,204 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17729#true} {17730#false} #1280#return; {17730#false} is VALID [2022-02-20 17:59:02,204 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 105 [2022-02-20 17:59:02,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,208 INFO L290 TraceCheckUtils]: 0: Hoare triple {17812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,208 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,208 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,208 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1286#return; {17730#false} is VALID [2022-02-20 17:59:02,208 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 17:59:02,209 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,211 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~38; {17729#true} is VALID [2022-02-20 17:59:02,211 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {17729#true} is VALID [2022-02-20 17:59:02,211 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,211 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1288#return; {17730#false} is VALID [2022-02-20 17:59:02,211 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 118 [2022-02-20 17:59:02,212 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,213 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~33; {17729#true} is VALID [2022-02-20 17:59:02,214 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {17729#true} is VALID [2022-02-20 17:59:02,214 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,214 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1290#return; {17730#false} is VALID [2022-02-20 17:59:02,214 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 124 [2022-02-20 17:59:02,215 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,221 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~10; {17729#true} is VALID [2022-02-20 17:59:02,221 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {17729#true} is VALID [2022-02-20 17:59:02,221 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,221 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1292#return; {17730#false} is VALID [2022-02-20 17:59:02,221 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 133 [2022-02-20 17:59:02,222 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,225 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~32; {17729#true} is VALID [2022-02-20 17:59:02,225 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {17729#true} is VALID [2022-02-20 17:59:02,225 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,225 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {17729#true} {17730#false} #1304#return; {17730#false} is VALID [2022-02-20 17:59:02,225 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 139 [2022-02-20 17:59:02,226 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:02,228 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {17729#true} is VALID [2022-02-20 17:59:02,228 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume 1 == ~handle; {17729#true} is VALID [2022-02-20 17:59:02,228 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {17729#true} is VALID [2022-02-20 17:59:02,228 INFO L290 TraceCheckUtils]: 3: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,228 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {17729#true} {17730#false} #1306#return; {17730#false} is VALID [2022-02-20 17:59:02,228 INFO L290 TraceCheckUtils]: 0: Hoare triple {17729#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {17729#true} is VALID [2022-02-20 17:59:02,228 INFO L290 TraceCheckUtils]: 1: Hoare triple {17729#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {17729#true} is VALID [2022-02-20 17:59:02,229 INFO L290 TraceCheckUtils]: 2: Hoare triple {17729#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {17729#true} is VALID [2022-02-20 17:59:02,229 INFO L290 TraceCheckUtils]: 3: Hoare triple {17729#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {17729#true} is VALID [2022-02-20 17:59:02,229 INFO L290 TraceCheckUtils]: 4: Hoare triple {17729#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {17729#true} is VALID [2022-02-20 17:59:02,229 INFO L290 TraceCheckUtils]: 5: Hoare triple {17729#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {17729#true} is VALID [2022-02-20 17:59:02,230 INFO L272 TraceCheckUtils]: 6: Hoare triple {17729#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {17808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:02,230 INFO L290 TraceCheckUtils]: 7: Hoare triple {17808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,230 INFO L290 TraceCheckUtils]: 8: Hoare triple {17729#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,230 INFO L290 TraceCheckUtils]: 9: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,230 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {17729#true} {17729#true} #1358#return; {17729#true} is VALID [2022-02-20 17:59:02,230 INFO L290 TraceCheckUtils]: 11: Hoare triple {17729#true} assume { :end_inline_setup_bob__wrappee__Base } true; {17729#true} is VALID [2022-02-20 17:59:02,231 INFO L272 TraceCheckUtils]: 12: Hoare triple {17729#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {17809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:02,231 INFO L290 TraceCheckUtils]: 13: Hoare triple {17809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,231 INFO L290 TraceCheckUtils]: 14: Hoare triple {17729#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,231 INFO L290 TraceCheckUtils]: 15: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,231 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {17729#true} {17729#true} #1360#return; {17729#true} is VALID [2022-02-20 17:59:02,232 INFO L290 TraceCheckUtils]: 17: Hoare triple {17729#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {17729#true} is VALID [2022-02-20 17:59:02,232 INFO L272 TraceCheckUtils]: 18: Hoare triple {17729#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {17808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:02,232 INFO L290 TraceCheckUtils]: 19: Hoare triple {17808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,233 INFO L290 TraceCheckUtils]: 20: Hoare triple {17729#true} assume !(1 == ~handle); {17729#true} is VALID [2022-02-20 17:59:02,233 INFO L290 TraceCheckUtils]: 21: Hoare triple {17729#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,233 INFO L290 TraceCheckUtils]: 22: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,233 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {17729#true} {17729#true} #1362#return; {17729#true} is VALID [2022-02-20 17:59:02,233 INFO L290 TraceCheckUtils]: 24: Hoare triple {17729#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {17729#true} is VALID [2022-02-20 17:59:02,234 INFO L272 TraceCheckUtils]: 25: Hoare triple {17729#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {17809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:02,234 INFO L290 TraceCheckUtils]: 26: Hoare triple {17809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,234 INFO L290 TraceCheckUtils]: 27: Hoare triple {17729#true} assume !(1 == ~handle); {17729#true} is VALID [2022-02-20 17:59:02,234 INFO L290 TraceCheckUtils]: 28: Hoare triple {17729#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,234 INFO L290 TraceCheckUtils]: 29: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,234 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {17729#true} {17729#true} #1364#return; {17729#true} is VALID [2022-02-20 17:59:02,235 INFO L290 TraceCheckUtils]: 31: Hoare triple {17729#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {17749#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:02,236 INFO L272 TraceCheckUtils]: 32: Hoare triple {17749#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {17808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:02,236 INFO L290 TraceCheckUtils]: 33: Hoare triple {17808#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {17810#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:02,236 INFO L290 TraceCheckUtils]: 34: Hoare triple {17810#(= setClientId_~handle |setClientId_#in~handle|)} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {17811#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:02,237 INFO L290 TraceCheckUtils]: 35: Hoare triple {17811#(= |setClientId_#in~handle| 1)} assume true; {17811#(= |setClientId_#in~handle| 1)} is VALID [2022-02-20 17:59:02,237 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {17811#(= |setClientId_#in~handle| 1)} {17749#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1366#return; {17730#false} is VALID [2022-02-20 17:59:02,237 INFO L290 TraceCheckUtils]: 37: Hoare triple {17730#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {17730#false} is VALID [2022-02-20 17:59:02,237 INFO L272 TraceCheckUtils]: 38: Hoare triple {17730#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {17809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:02,238 INFO L290 TraceCheckUtils]: 39: Hoare triple {17809#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,238 INFO L290 TraceCheckUtils]: 40: Hoare triple {17729#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,238 INFO L290 TraceCheckUtils]: 41: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,238 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {17729#true} {17730#false} #1368#return; {17730#false} is VALID [2022-02-20 17:59:02,238 INFO L290 TraceCheckUtils]: 43: Hoare triple {17730#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {17730#false} is VALID [2022-02-20 17:59:02,238 INFO L290 TraceCheckUtils]: 44: Hoare triple {17730#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {17730#false} is VALID [2022-02-20 17:59:02,238 INFO L290 TraceCheckUtils]: 45: Hoare triple {17730#false} assume !false; {17730#false} is VALID [2022-02-20 17:59:02,238 INFO L290 TraceCheckUtils]: 46: Hoare triple {17730#false} assume test_~splverifierCounter~0#1 < 4; {17730#false} is VALID [2022-02-20 17:59:02,239 INFO L290 TraceCheckUtils]: 47: Hoare triple {17730#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {17730#false} is VALID [2022-02-20 17:59:02,239 INFO L290 TraceCheckUtils]: 48: Hoare triple {17730#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {17730#false} is VALID [2022-02-20 17:59:02,239 INFO L290 TraceCheckUtils]: 49: Hoare triple {17730#false} assume !(0 != test_~tmp___9~0#1); {17730#false} is VALID [2022-02-20 17:59:02,239 INFO L290 TraceCheckUtils]: 50: Hoare triple {17730#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {17730#false} is VALID [2022-02-20 17:59:02,239 INFO L290 TraceCheckUtils]: 51: Hoare triple {17730#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {17730#false} is VALID [2022-02-20 17:59:02,239 INFO L290 TraceCheckUtils]: 52: Hoare triple {17730#false} assume !false; {17730#false} is VALID [2022-02-20 17:59:02,239 INFO L290 TraceCheckUtils]: 53: Hoare triple {17730#false} assume !(test_~splverifierCounter~0#1 < 4); {17730#false} is VALID [2022-02-20 17:59:02,240 INFO L290 TraceCheckUtils]: 54: Hoare triple {17730#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {17730#false} is VALID [2022-02-20 17:59:02,240 INFO L272 TraceCheckUtils]: 55: Hoare triple {17730#false} call sendEmail(~bob~0, ~rjh~0); {17730#false} is VALID [2022-02-20 17:59:02,240 INFO L290 TraceCheckUtils]: 56: Hoare triple {17730#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {17730#false} is VALID [2022-02-20 17:59:02,240 INFO L272 TraceCheckUtils]: 57: Hoare triple {17730#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {17812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:02,241 INFO L290 TraceCheckUtils]: 58: Hoare triple {17812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,241 INFO L290 TraceCheckUtils]: 59: Hoare triple {17729#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,241 INFO L290 TraceCheckUtils]: 60: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,241 INFO L284 TraceCheckUtils]: 61: Hoare quadruple {17729#true} {17730#false} #1344#return; {17730#false} is VALID [2022-02-20 17:59:02,242 INFO L272 TraceCheckUtils]: 62: Hoare triple {17730#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {17813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:02,242 INFO L290 TraceCheckUtils]: 63: Hoare triple {17813#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,242 INFO L290 TraceCheckUtils]: 64: Hoare triple {17729#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,242 INFO L290 TraceCheckUtils]: 65: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,242 INFO L284 TraceCheckUtils]: 66: Hoare quadruple {17729#true} {17730#false} #1346#return; {17730#false} is VALID [2022-02-20 17:59:02,242 INFO L290 TraceCheckUtils]: 67: Hoare triple {17730#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {17730#false} is VALID [2022-02-20 17:59:02,242 INFO L290 TraceCheckUtils]: 68: Hoare triple {17730#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {17730#false} is VALID [2022-02-20 17:59:02,242 INFO L272 TraceCheckUtils]: 69: Hoare triple {17730#false} call outgoing(~sender#1, ~email~0#1); {17730#false} is VALID [2022-02-20 17:59:02,243 INFO L290 TraceCheckUtils]: 70: Hoare triple {17730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {17730#false} is VALID [2022-02-20 17:59:02,243 INFO L272 TraceCheckUtils]: 71: Hoare triple {17730#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {17729#true} is VALID [2022-02-20 17:59:02,255 INFO L290 TraceCheckUtils]: 72: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~10; {17729#true} is VALID [2022-02-20 17:59:02,255 INFO L290 TraceCheckUtils]: 73: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {17729#true} is VALID [2022-02-20 17:59:02,255 INFO L290 TraceCheckUtils]: 74: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,255 INFO L284 TraceCheckUtils]: 75: Hoare quadruple {17729#true} {17730#false} #1258#return; {17730#false} is VALID [2022-02-20 17:59:02,255 INFO L290 TraceCheckUtils]: 76: Hoare triple {17730#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {17730#false} is VALID [2022-02-20 17:59:02,256 INFO L290 TraceCheckUtils]: 77: Hoare triple {17730#false} assume 0 == sign_~privkey~1#1; {17730#false} is VALID [2022-02-20 17:59:02,256 INFO L290 TraceCheckUtils]: 78: Hoare triple {17730#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {17730#false} is VALID [2022-02-20 17:59:02,256 INFO L272 TraceCheckUtils]: 79: Hoare triple {17730#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {17729#true} is VALID [2022-02-20 17:59:02,256 INFO L290 TraceCheckUtils]: 80: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~4; {17729#true} is VALID [2022-02-20 17:59:02,256 INFO L290 TraceCheckUtils]: 81: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {17729#true} is VALID [2022-02-20 17:59:02,256 INFO L290 TraceCheckUtils]: 82: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,256 INFO L284 TraceCheckUtils]: 83: Hoare quadruple {17729#true} {17730#false} #1260#return; {17730#false} is VALID [2022-02-20 17:59:02,257 INFO L290 TraceCheckUtils]: 84: Hoare triple {17730#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {17730#false} is VALID [2022-02-20 17:59:02,257 INFO L290 TraceCheckUtils]: 85: Hoare triple {17730#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {17730#false} is VALID [2022-02-20 17:59:02,257 INFO L272 TraceCheckUtils]: 86: Hoare triple {17730#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {17730#false} is VALID [2022-02-20 17:59:02,257 INFO L290 TraceCheckUtils]: 87: Hoare triple {17730#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {17730#false} is VALID [2022-02-20 17:59:02,257 INFO L272 TraceCheckUtils]: 88: Hoare triple {17730#false} call #t~ret38#1 := getEmailTo(~msg#1); {17729#true} is VALID [2022-02-20 17:59:02,257 INFO L290 TraceCheckUtils]: 89: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~33; {17729#true} is VALID [2022-02-20 17:59:02,257 INFO L290 TraceCheckUtils]: 90: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {17729#true} is VALID [2022-02-20 17:59:02,257 INFO L290 TraceCheckUtils]: 91: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,258 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {17729#true} {17730#false} #1278#return; {17730#false} is VALID [2022-02-20 17:59:02,258 INFO L290 TraceCheckUtils]: 93: Hoare triple {17730#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {17730#false} is VALID [2022-02-20 17:59:02,258 INFO L272 TraceCheckUtils]: 94: Hoare triple {17730#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {17729#true} is VALID [2022-02-20 17:59:02,258 INFO L290 TraceCheckUtils]: 95: Hoare triple {17729#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {17729#true} is VALID [2022-02-20 17:59:02,258 INFO L290 TraceCheckUtils]: 96: Hoare triple {17729#true} assume 1 == ~handle; {17729#true} is VALID [2022-02-20 17:59:02,258 INFO L290 TraceCheckUtils]: 97: Hoare triple {17729#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {17729#true} is VALID [2022-02-20 17:59:02,258 INFO L290 TraceCheckUtils]: 98: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,259 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {17729#true} {17730#false} #1280#return; {17730#false} is VALID [2022-02-20 17:59:02,259 INFO L290 TraceCheckUtils]: 100: Hoare triple {17730#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {17730#false} is VALID [2022-02-20 17:59:02,259 INFO L290 TraceCheckUtils]: 101: Hoare triple {17730#false} assume !(0 != ~pubkey~1#1); {17730#false} is VALID [2022-02-20 17:59:02,259 INFO L290 TraceCheckUtils]: 102: Hoare triple {17730#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {17730#false} is VALID [2022-02-20 17:59:02,259 INFO L290 TraceCheckUtils]: 103: Hoare triple {17730#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {17730#false} is VALID [2022-02-20 17:59:02,259 INFO L290 TraceCheckUtils]: 104: Hoare triple {17730#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {17730#false} is VALID [2022-02-20 17:59:02,259 INFO L272 TraceCheckUtils]: 105: Hoare triple {17730#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {17812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:02,260 INFO L290 TraceCheckUtils]: 106: Hoare triple {17812#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {17729#true} is VALID [2022-02-20 17:59:02,260 INFO L290 TraceCheckUtils]: 107: Hoare triple {17729#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {17729#true} is VALID [2022-02-20 17:59:02,260 INFO L290 TraceCheckUtils]: 108: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,260 INFO L284 TraceCheckUtils]: 109: Hoare quadruple {17729#true} {17730#false} #1286#return; {17730#false} is VALID [2022-02-20 17:59:02,260 INFO L290 TraceCheckUtils]: 110: Hoare triple {17730#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {17730#false} is VALID [2022-02-20 17:59:02,260 INFO L272 TraceCheckUtils]: 111: Hoare triple {17730#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {17729#true} is VALID [2022-02-20 17:59:02,260 INFO L290 TraceCheckUtils]: 112: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~38; {17729#true} is VALID [2022-02-20 17:59:02,260 INFO L290 TraceCheckUtils]: 113: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {17729#true} is VALID [2022-02-20 17:59:02,261 INFO L290 TraceCheckUtils]: 114: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,261 INFO L284 TraceCheckUtils]: 115: Hoare quadruple {17729#true} {17730#false} #1288#return; {17730#false} is VALID [2022-02-20 17:59:02,261 INFO L290 TraceCheckUtils]: 116: Hoare triple {17730#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {17730#false} is VALID [2022-02-20 17:59:02,261 INFO L290 TraceCheckUtils]: 117: Hoare triple {17730#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {17730#false} is VALID [2022-02-20 17:59:02,261 INFO L272 TraceCheckUtils]: 118: Hoare triple {17730#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {17729#true} is VALID [2022-02-20 17:59:02,261 INFO L290 TraceCheckUtils]: 119: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~33; {17729#true} is VALID [2022-02-20 17:59:02,261 INFO L290 TraceCheckUtils]: 120: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {17729#true} is VALID [2022-02-20 17:59:02,262 INFO L290 TraceCheckUtils]: 121: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,262 INFO L284 TraceCheckUtils]: 122: Hoare quadruple {17729#true} {17730#false} #1290#return; {17730#false} is VALID [2022-02-20 17:59:02,262 INFO L290 TraceCheckUtils]: 123: Hoare triple {17730#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {17730#false} is VALID [2022-02-20 17:59:02,262 INFO L272 TraceCheckUtils]: 124: Hoare triple {17730#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {17729#true} is VALID [2022-02-20 17:59:02,262 INFO L290 TraceCheckUtils]: 125: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~10; {17729#true} is VALID [2022-02-20 17:59:02,262 INFO L290 TraceCheckUtils]: 126: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {17729#true} is VALID [2022-02-20 17:59:02,262 INFO L290 TraceCheckUtils]: 127: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,262 INFO L284 TraceCheckUtils]: 128: Hoare quadruple {17729#true} {17730#false} #1292#return; {17730#false} is VALID [2022-02-20 17:59:02,263 INFO L290 TraceCheckUtils]: 129: Hoare triple {17730#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {17730#false} is VALID [2022-02-20 17:59:02,263 INFO L290 TraceCheckUtils]: 130: Hoare triple {17730#false} assume !(0 != incoming_~privkey~0#1); {17730#false} is VALID [2022-02-20 17:59:02,263 INFO L290 TraceCheckUtils]: 131: Hoare triple {17730#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {17730#false} is VALID [2022-02-20 17:59:02,263 INFO L290 TraceCheckUtils]: 132: Hoare triple {17730#false} assume 1 == ~sent_signed~0; {17730#false} is VALID [2022-02-20 17:59:02,263 INFO L272 TraceCheckUtils]: 133: Hoare triple {17730#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {17729#true} is VALID [2022-02-20 17:59:02,263 INFO L290 TraceCheckUtils]: 134: Hoare triple {17729#true} ~handle := #in~handle;havoc ~retValue_acc~32; {17729#true} is VALID [2022-02-20 17:59:02,263 INFO L290 TraceCheckUtils]: 135: Hoare triple {17729#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {17729#true} is VALID [2022-02-20 17:59:02,264 INFO L290 TraceCheckUtils]: 136: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,264 INFO L284 TraceCheckUtils]: 137: Hoare quadruple {17729#true} {17730#false} #1304#return; {17730#false} is VALID [2022-02-20 17:59:02,264 INFO L290 TraceCheckUtils]: 138: Hoare triple {17730#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {17730#false} is VALID [2022-02-20 17:59:02,264 INFO L272 TraceCheckUtils]: 139: Hoare triple {17730#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {17729#true} is VALID [2022-02-20 17:59:02,264 INFO L290 TraceCheckUtils]: 140: Hoare triple {17729#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {17729#true} is VALID [2022-02-20 17:59:02,264 INFO L290 TraceCheckUtils]: 141: Hoare triple {17729#true} assume 1 == ~handle; {17729#true} is VALID [2022-02-20 17:59:02,264 INFO L290 TraceCheckUtils]: 142: Hoare triple {17729#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {17729#true} is VALID [2022-02-20 17:59:02,264 INFO L290 TraceCheckUtils]: 143: Hoare triple {17729#true} assume true; {17729#true} is VALID [2022-02-20 17:59:02,265 INFO L284 TraceCheckUtils]: 144: Hoare quadruple {17729#true} {17730#false} #1306#return; {17730#false} is VALID [2022-02-20 17:59:02,265 INFO L290 TraceCheckUtils]: 145: Hoare triple {17730#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {17730#false} is VALID [2022-02-20 17:59:02,265 INFO L290 TraceCheckUtils]: 146: Hoare triple {17730#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {17730#false} is VALID [2022-02-20 17:59:02,265 INFO L272 TraceCheckUtils]: 147: Hoare triple {17730#false} call __automaton_fail(); {17730#false} is VALID [2022-02-20 17:59:02,265 INFO L290 TraceCheckUtils]: 148: Hoare triple {17730#false} assume !false; {17730#false} is VALID [2022-02-20 17:59:02,266 INFO L134 CoverageAnalysis]: Checked inductivity of 43 backedges. 6 proven. 0 refuted. 0 times theorem prover too weak. 37 trivial. 0 not checked. [2022-02-20 17:59:02,266 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:02,266 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1212846611] [2022-02-20 17:59:02,266 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1212846611] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:02,266 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:02,266 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:59:02,266 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [287152683] [2022-02-20 17:59:02,267 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:02,267 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) Word has length 149 [2022-02-20 17:59:02,268 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:02,268 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:59:02,354 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 128 edges. 128 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:02,355 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:59:02,355 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:02,356 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:59:02,356 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:02,356 INFO L87 Difference]: Start difference. First operand 523 states and 804 transitions. Second operand has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:59:12,464 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:12,464 INFO L93 Difference]: Finished difference Result 1235 states and 1916 transitions. [2022-02-20 17:59:12,464 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:59:12,465 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) Word has length 149 [2022-02-20 17:59:12,465 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:12,465 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:59:12,486 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1664 transitions. [2022-02-20 17:59:12,487 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:59:12,507 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1664 transitions. [2022-02-20 17:59:12,508 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1664 transitions. [2022-02-20 17:59:14,099 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1664 edges. 1664 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:14,138 INFO L225 Difference]: With dead ends: 1235 [2022-02-20 17:59:14,138 INFO L226 Difference]: Without dead ends: 735 [2022-02-20 17:59:14,140 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 54 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:59:14,142 INFO L933 BasicCegarLoop]: 822 mSDtfsCounter, 1658 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2944 mSolverCounterSat, 709 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1678 SdHoareTripleChecker+Valid, 1808 SdHoareTripleChecker+Invalid, 3653 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 709 IncrementalHoareTripleChecker+Valid, 2944 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.7s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:14,142 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1678 Valid, 1808 Invalid, 3653 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [709 Valid, 2944 Invalid, 0 Unknown, 0 Unchecked, 4.7s Time] [2022-02-20 17:59:14,144 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 735 states. [2022-02-20 17:59:14,265 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 735 to 523. [2022-02-20 17:59:14,265 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:14,266 INFO L82 GeneralOperation]: Start isEquivalent. First operand 735 states. Second operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (93), 86 states have call predecessors, (93), 87 states have call successors, (93) [2022-02-20 17:59:14,282 INFO L74 IsIncluded]: Start isIncluded. First operand 735 states. Second operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (93), 86 states have call predecessors, (93), 87 states have call successors, (93) [2022-02-20 17:59:14,284 INFO L87 Difference]: Start difference. First operand 735 states. Second operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (93), 86 states have call predecessors, (93), 87 states have call successors, (93) [2022-02-20 17:59:14,321 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:14,321 INFO L93 Difference]: Finished difference Result 735 states and 1143 transitions. [2022-02-20 17:59:14,322 INFO L276 IsEmpty]: Start isEmpty. Operand 735 states and 1143 transitions. [2022-02-20 17:59:14,328 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:14,329 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:14,330 INFO L74 IsIncluded]: Start isIncluded. First operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (93), 86 states have call predecessors, (93), 87 states have call successors, (93) Second operand 735 states. [2022-02-20 17:59:14,332 INFO L87 Difference]: Start difference. First operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (93), 86 states have call predecessors, (93), 87 states have call successors, (93) Second operand 735 states. [2022-02-20 17:59:14,371 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:14,372 INFO L93 Difference]: Finished difference Result 735 states and 1143 transitions. [2022-02-20 17:59:14,372 INFO L276 IsEmpty]: Start isEmpty. Operand 735 states and 1143 transitions. [2022-02-20 17:59:14,377 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:14,377 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:14,378 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:14,378 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:14,379 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 523 states, 402 states have (on average 1.5422885572139304) internal successors, (620), 409 states have internal predecessors, (620), 90 states have call successors, (90), 29 states have call predecessors, (90), 30 states have return successors, (93), 86 states have call predecessors, (93), 87 states have call successors, (93) [2022-02-20 17:59:14,410 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 523 states to 523 states and 803 transitions. [2022-02-20 17:59:14,411 INFO L78 Accepts]: Start accepts. Automaton has 523 states and 803 transitions. Word has length 149 [2022-02-20 17:59:14,411 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:14,411 INFO L470 AbstractCegarLoop]: Abstraction has 523 states and 803 transitions. [2022-02-20 17:59:14,411 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 11.0) internal successors, (88), 5 states have internal predecessors, (88), 3 states have call successors, (22), 6 states have call predecessors, (22), 2 states have return successors, (18), 2 states have call predecessors, (18), 3 states have call successors, (18) [2022-02-20 17:59:14,412 INFO L276 IsEmpty]: Start isEmpty. Operand 523 states and 803 transitions. [2022-02-20 17:59:14,415 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 170 [2022-02-20 17:59:14,416 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:14,416 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:14,416 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 17:59:14,416 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:14,417 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:14,417 INFO L85 PathProgramCache]: Analyzing trace with hash 623054284, now seen corresponding path program 1 times [2022-02-20 17:59:14,417 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:14,417 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1926616111] [2022-02-20 17:59:14,417 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:14,417 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:14,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,501 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:14,503 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,505 INFO L290 TraceCheckUtils]: 0: Hoare triple {21872#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,506 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,506 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,506 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21779#true} #1358#return; {21779#true} is VALID [2022-02-20 17:59:14,511 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:14,513 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,515 INFO L290 TraceCheckUtils]: 0: Hoare triple {21873#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,516 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21779#true} #1360#return; {21779#true} is VALID [2022-02-20 17:59:14,516 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:14,518 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,520 INFO L290 TraceCheckUtils]: 0: Hoare triple {21872#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,520 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume !(1 == ~handle); {21779#true} is VALID [2022-02-20 17:59:14,521 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,521 INFO L290 TraceCheckUtils]: 3: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,521 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21779#true} {21779#true} #1362#return; {21779#true} is VALID [2022-02-20 17:59:14,522 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:14,523 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,526 INFO L290 TraceCheckUtils]: 0: Hoare triple {21873#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume !(1 == ~handle); {21779#true} is VALID [2022-02-20 17:59:14,527 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,527 INFO L290 TraceCheckUtils]: 3: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,527 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21779#true} {21779#true} #1364#return; {21779#true} is VALID [2022-02-20 17:59:14,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:14,529 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,547 INFO L290 TraceCheckUtils]: 0: Hoare triple {21872#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21874#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:14,548 INFO L290 TraceCheckUtils]: 1: Hoare triple {21874#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21874#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:14,548 INFO L290 TraceCheckUtils]: 2: Hoare triple {21874#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21875#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:14,548 INFO L290 TraceCheckUtils]: 3: Hoare triple {21875#(= 2 |setClientId_#in~handle|)} assume true; {21875#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:14,549 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21875#(= 2 |setClientId_#in~handle|)} {21799#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1366#return; {21780#false} is VALID [2022-02-20 17:59:14,549 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 17:59:14,551 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,553 INFO L290 TraceCheckUtils]: 0: Hoare triple {21873#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,553 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,553 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,553 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1368#return; {21780#false} is VALID [2022-02-20 17:59:14,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2022-02-20 17:59:14,561 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,565 INFO L290 TraceCheckUtils]: 0: Hoare triple {21876#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,565 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,565 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,565 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1344#return; {21780#false} is VALID [2022-02-20 17:59:14,573 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 63 [2022-02-20 17:59:14,574 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,576 INFO L290 TraceCheckUtils]: 0: Hoare triple {21877#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,576 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,576 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,576 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1346#return; {21780#false} is VALID [2022-02-20 17:59:14,576 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 72 [2022-02-20 17:59:14,577 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,579 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~10; {21779#true} is VALID [2022-02-20 17:59:14,579 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {21779#true} is VALID [2022-02-20 17:59:14,579 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,579 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1258#return; {21780#false} is VALID [2022-02-20 17:59:14,580 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 80 [2022-02-20 17:59:14,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,582 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~4; {21779#true} is VALID [2022-02-20 17:59:14,582 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {21779#true} is VALID [2022-02-20 17:59:14,582 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,582 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1260#return; {21780#false} is VALID [2022-02-20 17:59:14,583 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 88 [2022-02-20 17:59:14,583 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,585 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,585 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,585 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,585 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1262#return; {21780#false} is VALID [2022-02-20 17:59:14,586 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 94 [2022-02-20 17:59:14,586 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,588 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~8; {21779#true} is VALID [2022-02-20 17:59:14,588 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle; {21779#true} is VALID [2022-02-20 17:59:14,588 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume 0 == ~index;~retValue_acc~8 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~8; {21779#true} is VALID [2022-02-20 17:59:14,588 INFO L290 TraceCheckUtils]: 3: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,588 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21779#true} {21780#false} #1264#return; {21780#false} is VALID [2022-02-20 17:59:14,589 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 101 [2022-02-20 17:59:14,589 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,591 INFO L290 TraceCheckUtils]: 0: Hoare triple {21877#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,591 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,591 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,591 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1266#return; {21780#false} is VALID [2022-02-20 17:59:14,591 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 108 [2022-02-20 17:59:14,593 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,594 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,594 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,595 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,595 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1278#return; {21780#false} is VALID [2022-02-20 17:59:14,595 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 114 [2022-02-20 17:59:14,596 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,597 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {21779#true} is VALID [2022-02-20 17:59:14,597 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle; {21779#true} is VALID [2022-02-20 17:59:14,598 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {21779#true} is VALID [2022-02-20 17:59:14,598 INFO L290 TraceCheckUtils]: 3: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,598 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21779#true} {21780#false} #1280#return; {21780#false} is VALID [2022-02-20 17:59:14,598 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 125 [2022-02-20 17:59:14,599 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,600 INFO L290 TraceCheckUtils]: 0: Hoare triple {21876#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,601 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,601 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,601 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1286#return; {21780#false} is VALID [2022-02-20 17:59:14,601 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 131 [2022-02-20 17:59:14,602 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,604 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~38; {21779#true} is VALID [2022-02-20 17:59:14,604 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {21779#true} is VALID [2022-02-20 17:59:14,604 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,604 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1288#return; {21780#false} is VALID [2022-02-20 17:59:14,604 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 138 [2022-02-20 17:59:14,605 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,607 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,607 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,607 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,607 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1290#return; {21780#false} is VALID [2022-02-20 17:59:14,607 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 144 [2022-02-20 17:59:14,608 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,609 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~10; {21779#true} is VALID [2022-02-20 17:59:14,609 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {21779#true} is VALID [2022-02-20 17:59:14,610 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,610 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1292#return; {21780#false} is VALID [2022-02-20 17:59:14,610 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 153 [2022-02-20 17:59:14,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,612 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~32; {21779#true} is VALID [2022-02-20 17:59:14,612 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {21779#true} is VALID [2022-02-20 17:59:14,612 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,612 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {21779#true} {21780#false} #1304#return; {21780#false} is VALID [2022-02-20 17:59:14,612 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 159 [2022-02-20 17:59:14,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:14,615 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {21779#true} is VALID [2022-02-20 17:59:14,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume 1 == ~handle; {21779#true} is VALID [2022-02-20 17:59:14,615 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {21779#true} is VALID [2022-02-20 17:59:14,615 INFO L290 TraceCheckUtils]: 3: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,615 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {21779#true} {21780#false} #1306#return; {21780#false} is VALID [2022-02-20 17:59:14,615 INFO L290 TraceCheckUtils]: 0: Hoare triple {21779#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {21779#true} is VALID [2022-02-20 17:59:14,615 INFO L290 TraceCheckUtils]: 1: Hoare triple {21779#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {21779#true} is VALID [2022-02-20 17:59:14,616 INFO L290 TraceCheckUtils]: 2: Hoare triple {21779#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21779#true} is VALID [2022-02-20 17:59:14,616 INFO L290 TraceCheckUtils]: 3: Hoare triple {21779#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {21779#true} is VALID [2022-02-20 17:59:14,616 INFO L290 TraceCheckUtils]: 4: Hoare triple {21779#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {21779#true} is VALID [2022-02-20 17:59:14,616 INFO L290 TraceCheckUtils]: 5: Hoare triple {21779#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {21779#true} is VALID [2022-02-20 17:59:14,617 INFO L272 TraceCheckUtils]: 6: Hoare triple {21779#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {21872#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,617 INFO L290 TraceCheckUtils]: 7: Hoare triple {21872#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,617 INFO L290 TraceCheckUtils]: 8: Hoare triple {21779#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,617 INFO L290 TraceCheckUtils]: 9: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,617 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {21779#true} {21779#true} #1358#return; {21779#true} is VALID [2022-02-20 17:59:14,617 INFO L290 TraceCheckUtils]: 11: Hoare triple {21779#true} assume { :end_inline_setup_bob__wrappee__Base } true; {21779#true} is VALID [2022-02-20 17:59:14,618 INFO L272 TraceCheckUtils]: 12: Hoare triple {21779#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {21873#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:14,619 INFO L290 TraceCheckUtils]: 13: Hoare triple {21873#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,619 INFO L290 TraceCheckUtils]: 14: Hoare triple {21779#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,619 INFO L290 TraceCheckUtils]: 15: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,619 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {21779#true} {21779#true} #1360#return; {21779#true} is VALID [2022-02-20 17:59:14,619 INFO L290 TraceCheckUtils]: 17: Hoare triple {21779#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {21779#true} is VALID [2022-02-20 17:59:14,620 INFO L272 TraceCheckUtils]: 18: Hoare triple {21779#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {21872#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,620 INFO L290 TraceCheckUtils]: 19: Hoare triple {21872#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,620 INFO L290 TraceCheckUtils]: 20: Hoare triple {21779#true} assume !(1 == ~handle); {21779#true} is VALID [2022-02-20 17:59:14,620 INFO L290 TraceCheckUtils]: 21: Hoare triple {21779#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,620 INFO L290 TraceCheckUtils]: 22: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,620 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {21779#true} {21779#true} #1362#return; {21779#true} is VALID [2022-02-20 17:59:14,621 INFO L290 TraceCheckUtils]: 24: Hoare triple {21779#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {21779#true} is VALID [2022-02-20 17:59:14,621 INFO L272 TraceCheckUtils]: 25: Hoare triple {21779#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {21873#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:14,621 INFO L290 TraceCheckUtils]: 26: Hoare triple {21873#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,621 INFO L290 TraceCheckUtils]: 27: Hoare triple {21779#true} assume !(1 == ~handle); {21779#true} is VALID [2022-02-20 17:59:14,622 INFO L290 TraceCheckUtils]: 28: Hoare triple {21779#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,622 INFO L290 TraceCheckUtils]: 29: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,622 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {21779#true} {21779#true} #1364#return; {21779#true} is VALID [2022-02-20 17:59:14,622 INFO L290 TraceCheckUtils]: 31: Hoare triple {21779#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {21799#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:14,623 INFO L272 TraceCheckUtils]: 32: Hoare triple {21799#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {21872#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:14,623 INFO L290 TraceCheckUtils]: 33: Hoare triple {21872#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {21874#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:14,624 INFO L290 TraceCheckUtils]: 34: Hoare triple {21874#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {21874#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:14,624 INFO L290 TraceCheckUtils]: 35: Hoare triple {21874#(= setClientId_~handle |setClientId_#in~handle|)} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {21875#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:14,624 INFO L290 TraceCheckUtils]: 36: Hoare triple {21875#(= 2 |setClientId_#in~handle|)} assume true; {21875#(= 2 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:14,625 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {21875#(= 2 |setClientId_#in~handle|)} {21799#(= 3 |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1366#return; {21780#false} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 38: Hoare triple {21780#false} assume { :end_inline_setup_chuck__wrappee__Base } true; {21780#false} is VALID [2022-02-20 17:59:14,625 INFO L272 TraceCheckUtils]: 39: Hoare triple {21780#false} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {21873#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 40: Hoare triple {21873#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 41: Hoare triple {21779#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,625 INFO L290 TraceCheckUtils]: 42: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,626 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {21779#true} {21780#false} #1368#return; {21780#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 44: Hoare triple {21780#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {21780#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 45: Hoare triple {21780#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {21780#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 46: Hoare triple {21780#false} assume !false; {21780#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 47: Hoare triple {21780#false} assume test_~splverifierCounter~0#1 < 4; {21780#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 48: Hoare triple {21780#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {21780#false} is VALID [2022-02-20 17:59:14,626 INFO L290 TraceCheckUtils]: 49: Hoare triple {21780#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {21780#false} is VALID [2022-02-20 17:59:14,627 INFO L290 TraceCheckUtils]: 50: Hoare triple {21780#false} assume !(0 != test_~tmp___9~0#1); {21780#false} is VALID [2022-02-20 17:59:14,627 INFO L290 TraceCheckUtils]: 51: Hoare triple {21780#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {21780#false} is VALID [2022-02-20 17:59:14,627 INFO L290 TraceCheckUtils]: 52: Hoare triple {21780#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {21780#false} is VALID [2022-02-20 17:59:14,627 INFO L290 TraceCheckUtils]: 53: Hoare triple {21780#false} assume !false; {21780#false} is VALID [2022-02-20 17:59:14,627 INFO L290 TraceCheckUtils]: 54: Hoare triple {21780#false} assume !(test_~splverifierCounter~0#1 < 4); {21780#false} is VALID [2022-02-20 17:59:14,627 INFO L290 TraceCheckUtils]: 55: Hoare triple {21780#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {21780#false} is VALID [2022-02-20 17:59:14,627 INFO L272 TraceCheckUtils]: 56: Hoare triple {21780#false} call sendEmail(~bob~0, ~rjh~0); {21780#false} is VALID [2022-02-20 17:59:14,627 INFO L290 TraceCheckUtils]: 57: Hoare triple {21780#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {21780#false} is VALID [2022-02-20 17:59:14,628 INFO L272 TraceCheckUtils]: 58: Hoare triple {21780#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {21876#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 59: Hoare triple {21876#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 60: Hoare triple {21779#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 61: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,628 INFO L284 TraceCheckUtils]: 62: Hoare quadruple {21779#true} {21780#false} #1344#return; {21780#false} is VALID [2022-02-20 17:59:14,628 INFO L272 TraceCheckUtils]: 63: Hoare triple {21780#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {21877#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:14,628 INFO L290 TraceCheckUtils]: 64: Hoare triple {21877#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,629 INFO L290 TraceCheckUtils]: 65: Hoare triple {21779#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,629 INFO L290 TraceCheckUtils]: 66: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,629 INFO L284 TraceCheckUtils]: 67: Hoare quadruple {21779#true} {21780#false} #1346#return; {21780#false} is VALID [2022-02-20 17:59:14,629 INFO L290 TraceCheckUtils]: 68: Hoare triple {21780#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {21780#false} is VALID [2022-02-20 17:59:14,629 INFO L290 TraceCheckUtils]: 69: Hoare triple {21780#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {21780#false} is VALID [2022-02-20 17:59:14,629 INFO L272 TraceCheckUtils]: 70: Hoare triple {21780#false} call outgoing(~sender#1, ~email~0#1); {21780#false} is VALID [2022-02-20 17:59:14,629 INFO L290 TraceCheckUtils]: 71: Hoare triple {21780#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {21780#false} is VALID [2022-02-20 17:59:14,630 INFO L272 TraceCheckUtils]: 72: Hoare triple {21780#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {21779#true} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 73: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~10; {21779#true} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 74: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {21779#true} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 75: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,630 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {21779#true} {21780#false} #1258#return; {21780#false} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 77: Hoare triple {21780#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {21780#false} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 78: Hoare triple {21780#false} assume 0 == sign_~privkey~1#1; {21780#false} is VALID [2022-02-20 17:59:14,630 INFO L290 TraceCheckUtils]: 79: Hoare triple {21780#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {21780#false} is VALID [2022-02-20 17:59:14,631 INFO L272 TraceCheckUtils]: 80: Hoare triple {21780#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {21779#true} is VALID [2022-02-20 17:59:14,631 INFO L290 TraceCheckUtils]: 81: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~4; {21779#true} is VALID [2022-02-20 17:59:14,631 INFO L290 TraceCheckUtils]: 82: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {21779#true} is VALID [2022-02-20 17:59:14,631 INFO L290 TraceCheckUtils]: 83: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,631 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {21779#true} {21780#false} #1260#return; {21780#false} is VALID [2022-02-20 17:59:14,631 INFO L290 TraceCheckUtils]: 85: Hoare triple {21780#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {21780#false} is VALID [2022-02-20 17:59:14,631 INFO L290 TraceCheckUtils]: 86: Hoare triple {21780#false} assume 0 != outgoing__wrappee__AddressBook_~size~2#1;assume { :begin_inline_sendToAddressBook } true;sendToAddressBook_#in~client#1, sendToAddressBook_#in~msg#1 := outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1;havoc sendToAddressBook_~client#1, sendToAddressBook_~msg#1;sendToAddressBook_~client#1 := sendToAddressBook_#in~client#1;sendToAddressBook_~msg#1 := sendToAddressBook_#in~msg#1; {21780#false} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 87: Hoare triple {21780#false} assume { :end_inline_sendToAddressBook } true;call outgoing__wrappee__AddressBook_#t~ret41#1 := puts(17, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret41#1 && outgoing__wrappee__AddressBook_#t~ret41#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret41#1; {21780#false} is VALID [2022-02-20 17:59:14,632 INFO L272 TraceCheckUtils]: 88: Hoare triple {21780#false} call outgoing__wrappee__AddressBook_#t~ret42#1 := getEmailTo(outgoing__wrappee__AddressBook_~msg#1); {21779#true} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 89: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 90: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 91: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,632 INFO L284 TraceCheckUtils]: 92: Hoare quadruple {21779#true} {21780#false} #1262#return; {21780#false} is VALID [2022-02-20 17:59:14,632 INFO L290 TraceCheckUtils]: 93: Hoare triple {21780#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret42#1 && outgoing__wrappee__AddressBook_#t~ret42#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___0~4#1 := outgoing__wrappee__AddressBook_#t~ret42#1;havoc outgoing__wrappee__AddressBook_#t~ret42#1;outgoing__wrappee__AddressBook_~receiver~1#1 := outgoing__wrappee__AddressBook_~tmp___0~4#1;call outgoing__wrappee__AddressBook_#t~ret43#1 := puts(18, 0);assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret43#1 && outgoing__wrappee__AddressBook_#t~ret43#1 <= 2147483647;havoc outgoing__wrappee__AddressBook_#t~ret43#1; {21780#false} is VALID [2022-02-20 17:59:14,633 INFO L272 TraceCheckUtils]: 94: Hoare triple {21780#false} call outgoing__wrappee__AddressBook_#t~ret44#1 := getClientAddressBookAddress(outgoing__wrappee__AddressBook_~client#1, 1); {21779#true} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 95: Hoare triple {21779#true} ~handle := #in~handle;~index := #in~index;havoc ~retValue_acc~8; {21779#true} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 96: Hoare triple {21779#true} assume 1 == ~handle; {21779#true} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 97: Hoare triple {21779#true} assume 0 == ~index;~retValue_acc~8 := ~__ste_Client_AddressBook0_Address0~0;#res := ~retValue_acc~8; {21779#true} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 98: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,633 INFO L284 TraceCheckUtils]: 99: Hoare quadruple {21779#true} {21780#false} #1264#return; {21780#false} is VALID [2022-02-20 17:59:14,633 INFO L290 TraceCheckUtils]: 100: Hoare triple {21780#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret44#1 && outgoing__wrappee__AddressBook_#t~ret44#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp___1~2#1 := outgoing__wrappee__AddressBook_#t~ret44#1;havoc outgoing__wrappee__AddressBook_#t~ret44#1;outgoing__wrappee__AddressBook_~second~0#1 := outgoing__wrappee__AddressBook_~tmp___1~2#1; {21780#false} is VALID [2022-02-20 17:59:14,633 INFO L272 TraceCheckUtils]: 101: Hoare triple {21780#false} call setEmailTo(outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~second~0#1); {21877#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:14,634 INFO L290 TraceCheckUtils]: 102: Hoare triple {21877#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,634 INFO L290 TraceCheckUtils]: 103: Hoare triple {21779#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,634 INFO L290 TraceCheckUtils]: 104: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,634 INFO L284 TraceCheckUtils]: 105: Hoare quadruple {21779#true} {21780#false} #1266#return; {21780#false} is VALID [2022-02-20 17:59:14,634 INFO L272 TraceCheckUtils]: 106: Hoare triple {21780#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {21780#false} is VALID [2022-02-20 17:59:14,634 INFO L290 TraceCheckUtils]: 107: Hoare triple {21780#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {21780#false} is VALID [2022-02-20 17:59:14,634 INFO L272 TraceCheckUtils]: 108: Hoare triple {21780#false} call #t~ret38#1 := getEmailTo(~msg#1); {21779#true} is VALID [2022-02-20 17:59:14,634 INFO L290 TraceCheckUtils]: 109: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 110: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 111: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,635 INFO L284 TraceCheckUtils]: 112: Hoare quadruple {21779#true} {21780#false} #1278#return; {21780#false} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 113: Hoare triple {21780#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {21780#false} is VALID [2022-02-20 17:59:14,635 INFO L272 TraceCheckUtils]: 114: Hoare triple {21780#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {21779#true} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 115: Hoare triple {21779#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {21779#true} is VALID [2022-02-20 17:59:14,635 INFO L290 TraceCheckUtils]: 116: Hoare triple {21779#true} assume 1 == ~handle; {21779#true} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 117: Hoare triple {21779#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {21779#true} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 118: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,636 INFO L284 TraceCheckUtils]: 119: Hoare quadruple {21779#true} {21780#false} #1280#return; {21780#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 120: Hoare triple {21780#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {21780#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 121: Hoare triple {21780#false} assume !(0 != ~pubkey~1#1); {21780#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 122: Hoare triple {21780#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {21780#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 123: Hoare triple {21780#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {21780#false} is VALID [2022-02-20 17:59:14,636 INFO L290 TraceCheckUtils]: 124: Hoare triple {21780#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {21780#false} is VALID [2022-02-20 17:59:14,637 INFO L272 TraceCheckUtils]: 125: Hoare triple {21780#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {21876#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:14,637 INFO L290 TraceCheckUtils]: 126: Hoare triple {21876#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {21779#true} is VALID [2022-02-20 17:59:14,637 INFO L290 TraceCheckUtils]: 127: Hoare triple {21779#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {21779#true} is VALID [2022-02-20 17:59:14,637 INFO L290 TraceCheckUtils]: 128: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,637 INFO L284 TraceCheckUtils]: 129: Hoare quadruple {21779#true} {21780#false} #1286#return; {21780#false} is VALID [2022-02-20 17:59:14,637 INFO L290 TraceCheckUtils]: 130: Hoare triple {21780#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {21780#false} is VALID [2022-02-20 17:59:14,637 INFO L272 TraceCheckUtils]: 131: Hoare triple {21780#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {21779#true} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 132: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~38; {21779#true} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 133: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {21779#true} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 134: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,638 INFO L284 TraceCheckUtils]: 135: Hoare quadruple {21779#true} {21780#false} #1288#return; {21780#false} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 136: Hoare triple {21780#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {21780#false} is VALID [2022-02-20 17:59:14,638 INFO L290 TraceCheckUtils]: 137: Hoare triple {21780#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {21780#false} is VALID [2022-02-20 17:59:14,638 INFO L272 TraceCheckUtils]: 138: Hoare triple {21780#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {21779#true} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 139: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 140: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {21779#true} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 141: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,639 INFO L284 TraceCheckUtils]: 142: Hoare quadruple {21779#true} {21780#false} #1290#return; {21780#false} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 143: Hoare triple {21780#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {21780#false} is VALID [2022-02-20 17:59:14,639 INFO L272 TraceCheckUtils]: 144: Hoare triple {21780#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {21779#true} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 145: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~10; {21779#true} is VALID [2022-02-20 17:59:14,639 INFO L290 TraceCheckUtils]: 146: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {21779#true} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 147: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,640 INFO L284 TraceCheckUtils]: 148: Hoare quadruple {21779#true} {21780#false} #1292#return; {21780#false} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 149: Hoare triple {21780#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {21780#false} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 150: Hoare triple {21780#false} assume !(0 != incoming_~privkey~0#1); {21780#false} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 151: Hoare triple {21780#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {21780#false} is VALID [2022-02-20 17:59:14,640 INFO L290 TraceCheckUtils]: 152: Hoare triple {21780#false} assume 1 == ~sent_signed~0; {21780#false} is VALID [2022-02-20 17:59:14,640 INFO L272 TraceCheckUtils]: 153: Hoare triple {21780#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {21779#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 154: Hoare triple {21779#true} ~handle := #in~handle;havoc ~retValue_acc~32; {21779#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 155: Hoare triple {21779#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {21779#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 156: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,641 INFO L284 TraceCheckUtils]: 157: Hoare quadruple {21779#true} {21780#false} #1304#return; {21780#false} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 158: Hoare triple {21780#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {21780#false} is VALID [2022-02-20 17:59:14,641 INFO L272 TraceCheckUtils]: 159: Hoare triple {21780#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {21779#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 160: Hoare triple {21779#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {21779#true} is VALID [2022-02-20 17:59:14,641 INFO L290 TraceCheckUtils]: 161: Hoare triple {21779#true} assume 1 == ~handle; {21779#true} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 162: Hoare triple {21779#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {21779#true} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 163: Hoare triple {21779#true} assume true; {21779#true} is VALID [2022-02-20 17:59:14,642 INFO L284 TraceCheckUtils]: 164: Hoare quadruple {21779#true} {21780#false} #1306#return; {21780#false} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 165: Hoare triple {21780#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {21780#false} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 166: Hoare triple {21780#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {21780#false} is VALID [2022-02-20 17:59:14,642 INFO L272 TraceCheckUtils]: 167: Hoare triple {21780#false} call __automaton_fail(); {21780#false} is VALID [2022-02-20 17:59:14,642 INFO L290 TraceCheckUtils]: 168: Hoare triple {21780#false} assume !false; {21780#false} is VALID [2022-02-20 17:59:14,643 INFO L134 CoverageAnalysis]: Checked inductivity of 56 backedges. 7 proven. 0 refuted. 0 times theorem prover too weak. 49 trivial. 0 not checked. [2022-02-20 17:59:14,643 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:14,643 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1926616111] [2022-02-20 17:59:14,643 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1926616111] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:14,643 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:14,643 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-20 17:59:14,644 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [373693384] [2022-02-20 17:59:14,644 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:14,645 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) Word has length 169 [2022-02-20 17:59:14,645 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:14,645 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:14,735 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 142 edges. 142 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:14,735 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 17:59:14,735 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:14,735 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 17:59:14,735 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=57, Unknown=0, NotChecked=0, Total=72 [2022-02-20 17:59:14,736 INFO L87 Difference]: Start difference. First operand 523 states and 803 transitions. Second operand has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:23,818 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:23,819 INFO L93 Difference]: Finished difference Result 1237 states and 1919 transitions. [2022-02-20 17:59:23,819 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 17:59:23,819 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) Word has length 169 [2022-02-20 17:59:23,819 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 17:59:23,819 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:23,837 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1665 transitions. [2022-02-20 17:59:23,838 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:23,855 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 1665 transitions. [2022-02-20 17:59:23,855 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 1665 transitions. [2022-02-20 17:59:25,345 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 1665 edges. 1665 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:25,384 INFO L225 Difference]: With dead ends: 1237 [2022-02-20 17:59:25,384 INFO L226 Difference]: Without dead ends: 737 [2022-02-20 17:59:25,386 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 60 GetRequests, 45 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 30 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=73, Invalid=199, Unknown=0, NotChecked=0, Total=272 [2022-02-20 17:59:25,387 INFO L933 BasicCegarLoop]: 822 mSDtfsCounter, 1653 mSDsluCounter, 986 mSDsCounter, 0 mSdLazyCounter, 2946 mSolverCounterSat, 713 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 4.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 1673 SdHoareTripleChecker+Valid, 1808 SdHoareTripleChecker+Invalid, 3659 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 713 IncrementalHoareTripleChecker+Valid, 2946 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 4.2s IncrementalHoareTripleChecker+Time [2022-02-20 17:59:25,387 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [1673 Valid, 1808 Invalid, 3659 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [713 Valid, 2946 Invalid, 0 Unknown, 0 Unchecked, 4.2s Time] [2022-02-20 17:59:25,388 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 737 states. [2022-02-20 17:59:25,491 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 737 to 525. [2022-02-20 17:59:25,491 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 17:59:25,492 INFO L82 GeneralOperation]: Start isEquivalent. First operand 737 states. Second operand has 525 states, 403 states have (on average 1.5409429280397022) internal successors, (621), 411 states have internal predecessors, (621), 90 states have call successors, (90), 29 states have call predecessors, (90), 31 states have return successors, (95), 86 states have call predecessors, (95), 87 states have call successors, (95) [2022-02-20 17:59:25,493 INFO L74 IsIncluded]: Start isIncluded. First operand 737 states. Second operand has 525 states, 403 states have (on average 1.5409429280397022) internal successors, (621), 411 states have internal predecessors, (621), 90 states have call successors, (90), 29 states have call predecessors, (90), 31 states have return successors, (95), 86 states have call predecessors, (95), 87 states have call successors, (95) [2022-02-20 17:59:25,494 INFO L87 Difference]: Start difference. First operand 737 states. Second operand has 525 states, 403 states have (on average 1.5409429280397022) internal successors, (621), 411 states have internal predecessors, (621), 90 states have call successors, (90), 29 states have call predecessors, (90), 31 states have return successors, (95), 86 states have call predecessors, (95), 87 states have call successors, (95) [2022-02-20 17:59:25,526 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:25,527 INFO L93 Difference]: Finished difference Result 737 states and 1146 transitions. [2022-02-20 17:59:25,527 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1146 transitions. [2022-02-20 17:59:25,531 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:25,532 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:25,533 INFO L74 IsIncluded]: Start isIncluded. First operand has 525 states, 403 states have (on average 1.5409429280397022) internal successors, (621), 411 states have internal predecessors, (621), 90 states have call successors, (90), 29 states have call predecessors, (90), 31 states have return successors, (95), 86 states have call predecessors, (95), 87 states have call successors, (95) Second operand 737 states. [2022-02-20 17:59:25,534 INFO L87 Difference]: Start difference. First operand has 525 states, 403 states have (on average 1.5409429280397022) internal successors, (621), 411 states have internal predecessors, (621), 90 states have call successors, (90), 29 states have call predecessors, (90), 31 states have return successors, (95), 86 states have call predecessors, (95), 87 states have call successors, (95) Second operand 737 states. [2022-02-20 17:59:25,569 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 17:59:25,570 INFO L93 Difference]: Finished difference Result 737 states and 1146 transitions. [2022-02-20 17:59:25,570 INFO L276 IsEmpty]: Start isEmpty. Operand 737 states and 1146 transitions. [2022-02-20 17:59:25,574 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 17:59:25,574 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 17:59:25,574 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 17:59:25,575 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 17:59:25,576 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 525 states, 403 states have (on average 1.5409429280397022) internal successors, (621), 411 states have internal predecessors, (621), 90 states have call successors, (90), 29 states have call predecessors, (90), 31 states have return successors, (95), 86 states have call predecessors, (95), 87 states have call successors, (95) [2022-02-20 17:59:25,599 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 525 states to 525 states and 806 transitions. [2022-02-20 17:59:25,599 INFO L78 Accepts]: Start accepts. Automaton has 525 states and 806 transitions. Word has length 169 [2022-02-20 17:59:25,599 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 17:59:25,600 INFO L470 AbstractCegarLoop]: Abstraction has 525 states and 806 transitions. [2022-02-20 17:59:25,600 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 12.0) internal successors, (96), 5 states have internal predecessors, (96), 3 states have call successors, (25), 6 states have call predecessors, (25), 2 states have return successors, (21), 2 states have call predecessors, (21), 3 states have call successors, (21) [2022-02-20 17:59:25,600 INFO L276 IsEmpty]: Start isEmpty. Operand 525 states and 806 transitions. [2022-02-20 17:59:25,602 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 152 [2022-02-20 17:59:25,602 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 17:59:25,603 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 17:59:25,603 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 17:59:25,603 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting __automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION === [__automaton_failErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 17:59:25,603 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 17:59:25,604 INFO L85 PathProgramCache]: Analyzing trace with hash 344168745, now seen corresponding path program 1 times [2022-02-20 17:59:25,604 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 17:59:25,604 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1561393277] [2022-02-20 17:59:25,604 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 17:59:25,604 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 17:59:25,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 6 [2022-02-20 17:59:25,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,670 INFO L290 TraceCheckUtils]: 0: Hoare triple {25933#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,670 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,670 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,670 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25851#true} #1358#return; {25851#true} is VALID [2022-02-20 17:59:25,676 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 17:59:25,678 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,682 INFO L290 TraceCheckUtils]: 0: Hoare triple {25934#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,682 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,682 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,682 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25851#true} #1360#return; {25851#true} is VALID [2022-02-20 17:59:25,682 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 17:59:25,684 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,686 INFO L290 TraceCheckUtils]: 0: Hoare triple {25933#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,686 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume !(1 == ~handle); {25851#true} is VALID [2022-02-20 17:59:25,687 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,687 INFO L290 TraceCheckUtils]: 3: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,687 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25851#true} {25851#true} #1362#return; {25851#true} is VALID [2022-02-20 17:59:25,687 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 17:59:25,688 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,690 INFO L290 TraceCheckUtils]: 0: Hoare triple {25934#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,690 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume !(1 == ~handle); {25851#true} is VALID [2022-02-20 17:59:25,690 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,690 INFO L290 TraceCheckUtils]: 3: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,690 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25851#true} {25851#true} #1364#return; {25851#true} is VALID [2022-02-20 17:59:25,691 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 32 [2022-02-20 17:59:25,692 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {25933#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25935#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,728 INFO L290 TraceCheckUtils]: 1: Hoare triple {25935#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25935#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,728 INFO L290 TraceCheckUtils]: 2: Hoare triple {25935#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25935#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,729 INFO L290 TraceCheckUtils]: 3: Hoare triple {25935#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25936#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,729 INFO L290 TraceCheckUtils]: 4: Hoare triple {25936#(= 3 |setClientId_#in~handle|)} assume true; {25936#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,730 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {25936#(= 3 |setClientId_#in~handle|)} {25871#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1366#return; {25878#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:59:25,730 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 40 [2022-02-20 17:59:25,732 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {25934#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25937#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:25,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {25937#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25938#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:25,749 INFO L290 TraceCheckUtils]: 2: Hoare triple {25938#(= |setClientPrivateKey_#in~handle| 1)} assume true; {25938#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:25,749 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25938#(= |setClientPrivateKey_#in~handle| 1)} {25878#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1368#return; {25852#false} is VALID [2022-02-20 17:59:25,758 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2022-02-20 17:59:25,759 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,761 INFO L290 TraceCheckUtils]: 0: Hoare triple {25939#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,761 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,761 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,761 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1344#return; {25852#false} is VALID [2022-02-20 17:59:25,770 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 64 [2022-02-20 17:59:25,771 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,773 INFO L290 TraceCheckUtils]: 0: Hoare triple {25940#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,773 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,774 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,774 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1346#return; {25852#false} is VALID [2022-02-20 17:59:25,774 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 17:59:25,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,776 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~10; {25851#true} is VALID [2022-02-20 17:59:25,776 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {25851#true} is VALID [2022-02-20 17:59:25,776 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,776 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1258#return; {25852#false} is VALID [2022-02-20 17:59:25,777 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 81 [2022-02-20 17:59:25,777 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,779 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~4; {25851#true} is VALID [2022-02-20 17:59:25,779 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {25851#true} is VALID [2022-02-20 17:59:25,779 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,779 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1260#return; {25852#false} is VALID [2022-02-20 17:59:25,779 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 90 [2022-02-20 17:59:25,780 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,783 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25851#true} is VALID [2022-02-20 17:59:25,783 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25851#true} is VALID [2022-02-20 17:59:25,784 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,784 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1278#return; {25852#false} is VALID [2022-02-20 17:59:25,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 96 [2022-02-20 17:59:25,785 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,786 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {25851#true} is VALID [2022-02-20 17:59:25,786 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle; {25851#true} is VALID [2022-02-20 17:59:25,787 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {25851#true} is VALID [2022-02-20 17:59:25,787 INFO L290 TraceCheckUtils]: 3: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,787 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25851#true} {25852#false} #1280#return; {25852#false} is VALID [2022-02-20 17:59:25,787 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 107 [2022-02-20 17:59:25,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,790 INFO L290 TraceCheckUtils]: 0: Hoare triple {25939#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,790 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,790 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,790 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1286#return; {25852#false} is VALID [2022-02-20 17:59:25,790 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 113 [2022-02-20 17:59:25,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,792 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~38; {25851#true} is VALID [2022-02-20 17:59:25,793 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {25851#true} is VALID [2022-02-20 17:59:25,793 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,793 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1288#return; {25852#false} is VALID [2022-02-20 17:59:25,793 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 120 [2022-02-20 17:59:25,794 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,795 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25851#true} is VALID [2022-02-20 17:59:25,795 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25851#true} is VALID [2022-02-20 17:59:25,795 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,796 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1290#return; {25852#false} is VALID [2022-02-20 17:59:25,796 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 126 [2022-02-20 17:59:25,796 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,798 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~10; {25851#true} is VALID [2022-02-20 17:59:25,798 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {25851#true} is VALID [2022-02-20 17:59:25,798 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,798 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1292#return; {25852#false} is VALID [2022-02-20 17:59:25,798 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 135 [2022-02-20 17:59:25,799 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~32; {25851#true} is VALID [2022-02-20 17:59:25,801 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {25851#true} is VALID [2022-02-20 17:59:25,801 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,801 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {25851#true} {25852#false} #1304#return; {25852#false} is VALID [2022-02-20 17:59:25,801 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 141 [2022-02-20 17:59:25,802 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 17:59:25,803 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {25851#true} is VALID [2022-02-20 17:59:25,804 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume 1 == ~handle; {25851#true} is VALID [2022-02-20 17:59:25,804 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {25851#true} is VALID [2022-02-20 17:59:25,804 INFO L290 TraceCheckUtils]: 3: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,804 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {25851#true} {25852#false} #1306#return; {25852#false} is VALID [2022-02-20 17:59:25,804 INFO L290 TraceCheckUtils]: 0: Hoare triple {25851#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(28, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(16, 5);call #Ultimate.allocInit(15, 6);call #Ultimate.allocInit(16, 7);call #Ultimate.allocInit(44, 8);call #Ultimate.allocInit(44, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(11, 12);call #Ultimate.allocInit(19, 13);call #Ultimate.allocInit(4, 14);call write~init~int(37, 14, 0, 1);call write~init~int(100, 14, 1, 1);call write~init~int(10, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(4, 15);call write~init~int(37, 15, 0, 1);call write~init~int(100, 15, 1, 1);call write~init~int(10, 15, 2, 1);call write~init~int(0, 15, 3, 1);call #Ultimate.allocInit(10, 16);call #Ultimate.allocInit(34, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(16, 19);call #Ultimate.allocInit(20, 20);call #Ultimate.allocInit(21, 21);call #Ultimate.allocInit(10, 22);call #Ultimate.allocInit(12, 23);call #Ultimate.allocInit(10, 24);call #Ultimate.allocInit(18, 25);call #Ultimate.allocInit(16, 26);call #Ultimate.allocInit(21, 27);call #Ultimate.allocInit(13, 28);call #Ultimate.allocInit(16, 29);call #Ultimate.allocInit(25, 30);call #Ultimate.allocInit(4, 31);call write~init~int(37, 31, 0, 1);call write~init~int(115, 31, 1, 1);call write~init~int(10, 31, 2, 1);call write~init~int(0, 31, 3, 1);call #Ultimate.allocInit(30, 32);call #Ultimate.allocInit(9, 33);call #Ultimate.allocInit(21, 34);call #Ultimate.allocInit(30, 35);call #Ultimate.allocInit(9, 36);call #Ultimate.allocInit(21, 37);call #Ultimate.allocInit(30, 38);call #Ultimate.allocInit(9, 39);call #Ultimate.allocInit(25, 40);call #Ultimate.allocInit(30, 41);call #Ultimate.allocInit(9, 42);call #Ultimate.allocInit(25, 43);~__SELECTED_FEATURE_Base~0 := 0;~__SELECTED_FEATURE_Keys~0 := 0;~__SELECTED_FEATURE_Encrypt~0 := 0;~__SELECTED_FEATURE_AutoResponder~0 := 0;~__SELECTED_FEATURE_AddressBook~0 := 0;~__SELECTED_FEATURE_Sign~0 := 0;~__SELECTED_FEATURE_Forward~0 := 0;~__SELECTED_FEATURE_Verify~0 := 0;~__SELECTED_FEATURE_Decrypt~0 := 0;~__GUIDSL_ROOT_PRODUCTION~0 := 0;~__GUIDSL_NON_TERMINAL_main~0 := 0;~sent_signed~0 := -1;~bob~0 := 0;~rjh~0 := 0;~chuck~0 := 0;~__ste_Client_counter~0 := 0;~__ste_client_name0~0.base, ~__ste_client_name0~0.offset := 0, 0;~__ste_client_name1~0.base, ~__ste_client_name1~0.offset := 0, 0;~__ste_client_name2~0.base, ~__ste_client_name2~0.offset := 0, 0;~__ste_client_outbuffer0~0 := 0;~__ste_client_outbuffer1~0 := 0;~__ste_client_outbuffer2~0 := 0;~__ste_client_outbuffer3~0 := 0;~__ste_ClientAddressBook_size0~0 := 0;~__ste_ClientAddressBook_size1~0 := 0;~__ste_ClientAddressBook_size2~0 := 0;~__ste_Client_AddressBook0_Alias0~0 := 0;~__ste_Client_AddressBook0_Alias1~0 := 0;~__ste_Client_AddressBook0_Alias2~0 := 0;~__ste_Client_AddressBook1_Alias0~0 := 0;~__ste_Client_AddressBook1_Alias1~0 := 0;~__ste_Client_AddressBook1_Alias2~0 := 0;~__ste_Client_AddressBook2_Alias0~0 := 0;~__ste_Client_AddressBook2_Alias1~0 := 0;~__ste_Client_AddressBook2_Alias2~0 := 0;~__ste_Client_AddressBook0_Address0~0 := 0;~__ste_Client_AddressBook0_Address1~0 := 0;~__ste_Client_AddressBook0_Address2~0 := 0;~__ste_Client_AddressBook1_Address0~0 := 0;~__ste_Client_AddressBook1_Address1~0 := 0;~__ste_Client_AddressBook1_Address2~0 := 0;~__ste_Client_AddressBook2_Address0~0 := 0;~__ste_Client_AddressBook2_Address1~0 := 0;~__ste_Client_AddressBook2_Address2~0 := 0;~__ste_client_autoResponse0~0 := 0;~__ste_client_autoResponse1~0 := 0;~__ste_client_autoResponse2~0 := 0;~__ste_client_privateKey0~0 := 0;~__ste_client_privateKey1~0 := 0;~__ste_client_privateKey2~0 := 0;~__ste_ClientKeyring_size0~0 := 0;~__ste_ClientKeyring_size1~0 := 0;~__ste_ClientKeyring_size2~0 := 0;~__ste_Client_Keyring0_User0~0 := 0;~__ste_Client_Keyring0_User1~0 := 0;~__ste_Client_Keyring0_User2~0 := 0;~__ste_Client_Keyring1_User0~0 := 0;~__ste_Client_Keyring1_User1~0 := 0;~__ste_Client_Keyring1_User2~0 := 0;~__ste_Client_Keyring2_User0~0 := 0;~__ste_Client_Keyring2_User1~0 := 0;~__ste_Client_Keyring2_User2~0 := 0;~__ste_Client_Keyring0_PublicKey0~0 := 0;~__ste_Client_Keyring0_PublicKey1~0 := 0;~__ste_Client_Keyring0_PublicKey2~0 := 0;~__ste_Client_Keyring1_PublicKey0~0 := 0;~__ste_Client_Keyring1_PublicKey1~0 := 0;~__ste_Client_Keyring1_PublicKey2~0 := 0;~__ste_Client_Keyring2_PublicKey0~0 := 0;~__ste_Client_Keyring2_PublicKey1~0 := 0;~__ste_Client_Keyring2_PublicKey2~0 := 0;~__ste_client_forwardReceiver0~0 := 0;~__ste_client_forwardReceiver1~0 := 0;~__ste_client_forwardReceiver2~0 := 0;~__ste_client_forwardReceiver3~0 := 0;~__ste_client_idCounter0~0 := 0;~__ste_client_idCounter1~0 := 0;~__ste_client_idCounter2~0 := 0;~queue_empty~0 := 1;~queued_message~0 := 0;~queued_client~0 := 0;~__ste_Email_counter~0 := 0;~__ste_email_id0~0 := 0;~__ste_email_id1~0 := 0;~__ste_email_from0~0 := 0;~__ste_email_from1~0 := 0;~__ste_email_to0~0 := 0;~__ste_email_to1~0 := 0;~__ste_email_subject0~0.base, ~__ste_email_subject0~0.offset := 0, 0;~__ste_email_subject1~0.base, ~__ste_email_subject1~0.offset := 0, 0;~__ste_email_body0~0.base, ~__ste_email_body0~0.offset := 0, 0;~__ste_email_body1~0.base, ~__ste_email_body1~0.offset := 0, 0;~__ste_email_isEncrypted0~0 := 0;~__ste_email_isEncrypted1~0 := 0;~__ste_email_encryptionKey0~0 := 0;~__ste_email_encryptionKey1~0 := 0;~__ste_email_isSigned0~0 := 0;~__ste_email_isSigned1~0 := 0;~__ste_email_signKey0~0 := 0;~__ste_email_signKey1~0 := 0;~__ste_email_isSignatureVerified0~0 := 0;~__ste_email_isSignatureVerified1~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {25851#true} is VALID [2022-02-20 17:59:25,804 INFO L290 TraceCheckUtils]: 1: Hoare triple {25851#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~0#1, main_~tmp~2#1;havoc main_~retValue_acc~0#1;havoc main_~tmp~2#1;assume { :begin_inline_select_helpers } true; {25851#true} is VALID [2022-02-20 17:59:25,805 INFO L290 TraceCheckUtils]: 2: Hoare triple {25851#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {25851#true} is VALID [2022-02-20 17:59:25,805 INFO L290 TraceCheckUtils]: 3: Hoare triple {25851#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~24#1;havoc valid_product_~retValue_acc~24#1;valid_product_~retValue_acc~24#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~24#1; {25851#true} is VALID [2022-02-20 17:59:25,805 INFO L290 TraceCheckUtils]: 4: Hoare triple {25851#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~2#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {25851#true} is VALID [2022-02-20 17:59:25,805 INFO L290 TraceCheckUtils]: 5: Hoare triple {25851#true} assume 0 != main_~tmp~2#1;assume { :begin_inline_setup } true;havoc setup_#t~nondet18#1, setup_#t~nondet19#1, setup_#t~nondet20#1, setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset, setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset, setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;havoc setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset;havoc setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset;havoc setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset;~bob~0 := 1;assume { :begin_inline_setup_bob } true;setup_bob_#in~bob___0#1 := ~bob~0;havoc setup_bob_~bob___0#1;setup_bob_~bob___0#1 := setup_bob_#in~bob___0#1;assume { :begin_inline_setup_bob__wrappee__Base } true;setup_bob__wrappee__Base_#in~bob___0#1 := setup_bob_~bob___0#1;havoc setup_bob__wrappee__Base_~bob___0#1;setup_bob__wrappee__Base_~bob___0#1 := setup_bob__wrappee__Base_#in~bob___0#1; {25851#true} is VALID [2022-02-20 17:59:25,806 INFO L272 TraceCheckUtils]: 6: Hoare triple {25851#true} call setClientId(setup_bob__wrappee__Base_~bob___0#1, setup_bob__wrappee__Base_~bob___0#1); {25933#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,806 INFO L290 TraceCheckUtils]: 7: Hoare triple {25933#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,806 INFO L290 TraceCheckUtils]: 8: Hoare triple {25851#true} assume 1 == ~handle;~__ste_client_idCounter0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,806 INFO L290 TraceCheckUtils]: 9: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,806 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {25851#true} {25851#true} #1358#return; {25851#true} is VALID [2022-02-20 17:59:25,806 INFO L290 TraceCheckUtils]: 11: Hoare triple {25851#true} assume { :end_inline_setup_bob__wrappee__Base } true; {25851#true} is VALID [2022-02-20 17:59:25,807 INFO L272 TraceCheckUtils]: 12: Hoare triple {25851#true} call setClientPrivateKey(setup_bob_~bob___0#1, 123); {25934#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:25,807 INFO L290 TraceCheckUtils]: 13: Hoare triple {25934#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,807 INFO L290 TraceCheckUtils]: 14: Hoare triple {25851#true} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,807 INFO L290 TraceCheckUtils]: 15: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,807 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {25851#true} {25851#true} #1360#return; {25851#true} is VALID [2022-02-20 17:59:25,808 INFO L290 TraceCheckUtils]: 17: Hoare triple {25851#true} assume { :end_inline_setup_bob } true;setup_~__cil_tmp1~0#1.base, setup_~__cil_tmp1~0#1.offset := 10, 0;havoc setup_#t~nondet18#1;~rjh~0 := 2;assume { :begin_inline_setup_rjh } true;setup_rjh_#in~rjh___0#1 := ~rjh~0;havoc setup_rjh_~rjh___0#1;setup_rjh_~rjh___0#1 := setup_rjh_#in~rjh___0#1;assume { :begin_inline_setup_rjh__wrappee__Base } true;setup_rjh__wrappee__Base_#in~rjh___0#1 := setup_rjh_~rjh___0#1;havoc setup_rjh__wrappee__Base_~rjh___0#1;setup_rjh__wrappee__Base_~rjh___0#1 := setup_rjh__wrappee__Base_#in~rjh___0#1; {25851#true} is VALID [2022-02-20 17:59:25,808 INFO L272 TraceCheckUtils]: 18: Hoare triple {25851#true} call setClientId(setup_rjh__wrappee__Base_~rjh___0#1, setup_rjh__wrappee__Base_~rjh___0#1); {25933#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,808 INFO L290 TraceCheckUtils]: 19: Hoare triple {25933#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,808 INFO L290 TraceCheckUtils]: 20: Hoare triple {25851#true} assume !(1 == ~handle); {25851#true} is VALID [2022-02-20 17:59:25,809 INFO L290 TraceCheckUtils]: 21: Hoare triple {25851#true} assume 2 == ~handle;~__ste_client_idCounter1~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,809 INFO L290 TraceCheckUtils]: 22: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,809 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {25851#true} {25851#true} #1362#return; {25851#true} is VALID [2022-02-20 17:59:25,809 INFO L290 TraceCheckUtils]: 24: Hoare triple {25851#true} assume { :end_inline_setup_rjh__wrappee__Base } true; {25851#true} is VALID [2022-02-20 17:59:25,810 INFO L272 TraceCheckUtils]: 25: Hoare triple {25851#true} call setClientPrivateKey(setup_rjh_~rjh___0#1, 456); {25934#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:25,810 INFO L290 TraceCheckUtils]: 26: Hoare triple {25934#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,810 INFO L290 TraceCheckUtils]: 27: Hoare triple {25851#true} assume !(1 == ~handle); {25851#true} is VALID [2022-02-20 17:59:25,810 INFO L290 TraceCheckUtils]: 28: Hoare triple {25851#true} assume 2 == ~handle;~__ste_client_privateKey1~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,810 INFO L290 TraceCheckUtils]: 29: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,810 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {25851#true} {25851#true} #1364#return; {25851#true} is VALID [2022-02-20 17:59:25,811 INFO L290 TraceCheckUtils]: 31: Hoare triple {25851#true} assume { :end_inline_setup_rjh } true;setup_~__cil_tmp2~1#1.base, setup_~__cil_tmp2~1#1.offset := 11, 0;havoc setup_#t~nondet19#1;~chuck~0 := 3;assume { :begin_inline_setup_chuck } true;setup_chuck_#in~chuck___0#1 := ~chuck~0;havoc setup_chuck_~chuck___0#1;setup_chuck_~chuck___0#1 := setup_chuck_#in~chuck___0#1;assume { :begin_inline_setup_chuck__wrappee__Base } true;setup_chuck__wrappee__Base_#in~chuck___0#1 := setup_chuck_~chuck___0#1;havoc setup_chuck__wrappee__Base_~chuck___0#1;setup_chuck__wrappee__Base_~chuck___0#1 := setup_chuck__wrappee__Base_#in~chuck___0#1; {25871#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} is VALID [2022-02-20 17:59:25,811 INFO L272 TraceCheckUtils]: 32: Hoare triple {25871#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} call setClientId(setup_chuck__wrappee__Base_~chuck___0#1, setup_chuck__wrappee__Base_~chuck___0#1); {25933#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} is VALID [2022-02-20 17:59:25,812 INFO L290 TraceCheckUtils]: 33: Hoare triple {25933#(and (= |old(~__ste_client_idCounter0~0)| ~__ste_client_idCounter0~0) (= |old(~__ste_client_idCounter1~0)| ~__ste_client_idCounter1~0) (= |old(~__ste_client_idCounter2~0)| ~__ste_client_idCounter2~0))} ~handle := #in~handle;~value := #in~value; {25935#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,812 INFO L290 TraceCheckUtils]: 34: Hoare triple {25935#(= setClientId_~handle |setClientId_#in~handle|)} assume !(1 == ~handle); {25935#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,812 INFO L290 TraceCheckUtils]: 35: Hoare triple {25935#(= setClientId_~handle |setClientId_#in~handle|)} assume !(2 == ~handle); {25935#(= setClientId_~handle |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,813 INFO L290 TraceCheckUtils]: 36: Hoare triple {25935#(= setClientId_~handle |setClientId_#in~handle|)} assume 3 == ~handle;~__ste_client_idCounter2~0 := ~value; {25936#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,813 INFO L290 TraceCheckUtils]: 37: Hoare triple {25936#(= 3 |setClientId_#in~handle|)} assume true; {25936#(= 3 |setClientId_#in~handle|)} is VALID [2022-02-20 17:59:25,814 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {25936#(= 3 |setClientId_#in~handle|)} {25871#(= |ULTIMATE.start_setup_chuck_~chuck___0#1| |ULTIMATE.start_setup_chuck__wrappee__Base_~chuck___0#1|)} #1366#return; {25878#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:59:25,814 INFO L290 TraceCheckUtils]: 39: Hoare triple {25878#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} assume { :end_inline_setup_chuck__wrappee__Base } true; {25878#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} is VALID [2022-02-20 17:59:25,815 INFO L272 TraceCheckUtils]: 40: Hoare triple {25878#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} call setClientPrivateKey(setup_chuck_~chuck___0#1, 789); {25934#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} is VALID [2022-02-20 17:59:25,815 INFO L290 TraceCheckUtils]: 41: Hoare triple {25934#(and (= ~__ste_client_privateKey0~0 |old(~__ste_client_privateKey0~0)|) (= ~__ste_client_privateKey2~0 |old(~__ste_client_privateKey2~0)|) (= ~__ste_client_privateKey1~0 |old(~__ste_client_privateKey1~0)|))} ~handle := #in~handle;~value := #in~value; {25937#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} is VALID [2022-02-20 17:59:25,815 INFO L290 TraceCheckUtils]: 42: Hoare triple {25937#(= setClientPrivateKey_~handle |setClientPrivateKey_#in~handle|)} assume 1 == ~handle;~__ste_client_privateKey0~0 := ~value; {25938#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:25,816 INFO L290 TraceCheckUtils]: 43: Hoare triple {25938#(= |setClientPrivateKey_#in~handle| 1)} assume true; {25938#(= |setClientPrivateKey_#in~handle| 1)} is VALID [2022-02-20 17:59:25,816 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {25938#(= |setClientPrivateKey_#in~handle| 1)} {25878#(not (= |ULTIMATE.start_setup_chuck_~chuck___0#1| 1))} #1368#return; {25852#false} is VALID [2022-02-20 17:59:25,816 INFO L290 TraceCheckUtils]: 45: Hoare triple {25852#false} assume { :end_inline_setup_chuck } true;setup_~__cil_tmp3~0#1.base, setup_~__cil_tmp3~0#1.offset := 12, 0;havoc setup_#t~nondet20#1; {25852#false} is VALID [2022-02-20 17:59:25,816 INFO L290 TraceCheckUtils]: 46: Hoare triple {25852#false} assume { :end_inline_setup } true;assume { :begin_inline_test } true;havoc test_#t~nondet85#1, test_#t~nondet86#1, test_#t~nondet87#1, test_#t~nondet88#1, test_#t~nondet89#1, test_#t~nondet90#1, test_#t~nondet91#1, test_#t~nondet92#1, test_#t~nondet93#1, test_#t~nondet94#1, test_#t~nondet95#1, test_~op1~0#1, test_~op2~0#1, test_~op3~0#1, test_~op4~0#1, test_~op5~0#1, test_~op6~0#1, test_~op7~0#1, test_~op8~0#1, test_~op9~0#1, test_~op10~0#1, test_~op11~0#1, test_~splverifierCounter~0#1, test_~tmp~21#1, test_~tmp___0~10#1, test_~tmp___1~6#1, test_~tmp___2~5#1, test_~tmp___3~1#1, test_~tmp___4~1#1, test_~tmp___5~0#1, test_~tmp___6~0#1, test_~tmp___7~0#1, test_~tmp___8~0#1, test_~tmp___9~0#1;havoc test_~op1~0#1;havoc test_~op2~0#1;havoc test_~op3~0#1;havoc test_~op4~0#1;havoc test_~op5~0#1;havoc test_~op6~0#1;havoc test_~op7~0#1;havoc test_~op8~0#1;havoc test_~op9~0#1;havoc test_~op10~0#1;havoc test_~op11~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~21#1;havoc test_~tmp___0~10#1;havoc test_~tmp___1~6#1;havoc test_~tmp___2~5#1;havoc test_~tmp___3~1#1;havoc test_~tmp___4~1#1;havoc test_~tmp___5~0#1;havoc test_~tmp___6~0#1;havoc test_~tmp___7~0#1;havoc test_~tmp___8~0#1;havoc test_~tmp___9~0#1;test_~op1~0#1 := 0;test_~op2~0#1 := 0;test_~op3~0#1 := 0;test_~op4~0#1 := 0;test_~op5~0#1 := 0;test_~op6~0#1 := 0;test_~op7~0#1 := 0;test_~op8~0#1 := 0;test_~op9~0#1 := 0;test_~op10~0#1 := 0;test_~op11~0#1 := 0;test_~splverifierCounter~0#1 := 0; {25852#false} is VALID [2022-02-20 17:59:25,817 INFO L290 TraceCheckUtils]: 47: Hoare triple {25852#false} assume !false; {25852#false} is VALID [2022-02-20 17:59:25,817 INFO L290 TraceCheckUtils]: 48: Hoare triple {25852#false} assume test_~splverifierCounter~0#1 < 4; {25852#false} is VALID [2022-02-20 17:59:25,817 INFO L290 TraceCheckUtils]: 49: Hoare triple {25852#false} test_~splverifierCounter~0#1 := 1 + test_~splverifierCounter~0#1; {25852#false} is VALID [2022-02-20 17:59:25,817 INFO L290 TraceCheckUtils]: 50: Hoare triple {25852#false} assume 0 == test_~op1~0#1;assume -2147483648 <= test_#t~nondet85#1 && test_#t~nondet85#1 <= 2147483647;test_~tmp___9~0#1 := test_#t~nondet85#1;havoc test_#t~nondet85#1; {25852#false} is VALID [2022-02-20 17:59:25,817 INFO L290 TraceCheckUtils]: 51: Hoare triple {25852#false} assume !(0 != test_~tmp___9~0#1); {25852#false} is VALID [2022-02-20 17:59:25,817 INFO L290 TraceCheckUtils]: 52: Hoare triple {25852#false} assume 0 == test_~op2~0#1;assume -2147483648 <= test_#t~nondet86#1 && test_#t~nondet86#1 <= 2147483647;test_~tmp___8~0#1 := test_#t~nondet86#1;havoc test_#t~nondet86#1; {25852#false} is VALID [2022-02-20 17:59:25,817 INFO L290 TraceCheckUtils]: 53: Hoare triple {25852#false} assume 0 != test_~tmp___8~0#1;test_~op2~0#1 := 1; {25852#false} is VALID [2022-02-20 17:59:25,817 INFO L290 TraceCheckUtils]: 54: Hoare triple {25852#false} assume !false; {25852#false} is VALID [2022-02-20 17:59:25,818 INFO L290 TraceCheckUtils]: 55: Hoare triple {25852#false} assume !(test_~splverifierCounter~0#1 < 4); {25852#false} is VALID [2022-02-20 17:59:25,818 INFO L290 TraceCheckUtils]: 56: Hoare triple {25852#false} assume { :begin_inline_bobToRjh } true;havoc bobToRjh_#t~ret13#1, bobToRjh_#t~ret14#1, bobToRjh_#t~ret15#1, bobToRjh_#t~ret16#1, bobToRjh_~tmp~1#1, bobToRjh_~tmp___0~1#1, bobToRjh_~tmp___1~1#1;havoc bobToRjh_~tmp~1#1;havoc bobToRjh_~tmp___0~1#1;havoc bobToRjh_~tmp___1~1#1;call bobToRjh_#t~ret13#1 := puts(8, 0);assume -2147483648 <= bobToRjh_#t~ret13#1 && bobToRjh_#t~ret13#1 <= 2147483647;havoc bobToRjh_#t~ret13#1; {25852#false} is VALID [2022-02-20 17:59:25,818 INFO L272 TraceCheckUtils]: 57: Hoare triple {25852#false} call sendEmail(~bob~0, ~rjh~0); {25852#false} is VALID [2022-02-20 17:59:25,818 INFO L290 TraceCheckUtils]: 58: Hoare triple {25852#false} ~sender#1 := #in~sender#1;~receiver#1 := #in~receiver#1;havoc ~email~0#1;havoc ~tmp~13#1;assume { :begin_inline_createEmail } true;createEmail_#in~from#1, createEmail_#in~to#1 := 0, ~receiver#1;havoc createEmail_#res#1;havoc createEmail_~from#1, createEmail_~to#1, createEmail_~retValue_acc~28#1, createEmail_~msg~0#1;createEmail_~from#1 := createEmail_#in~from#1;createEmail_~to#1 := createEmail_#in~to#1;havoc createEmail_~retValue_acc~28#1;havoc createEmail_~msg~0#1;createEmail_~msg~0#1 := 1; {25852#false} is VALID [2022-02-20 17:59:25,818 INFO L272 TraceCheckUtils]: 59: Hoare triple {25852#false} call setEmailFrom(createEmail_~msg~0#1, createEmail_~from#1); {25939#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:25,818 INFO L290 TraceCheckUtils]: 60: Hoare triple {25939#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,818 INFO L290 TraceCheckUtils]: 61: Hoare triple {25851#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,818 INFO L290 TraceCheckUtils]: 62: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,819 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {25851#true} {25852#false} #1344#return; {25852#false} is VALID [2022-02-20 17:59:25,819 INFO L272 TraceCheckUtils]: 64: Hoare triple {25852#false} call setEmailTo(createEmail_~msg~0#1, createEmail_~to#1); {25940#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} is VALID [2022-02-20 17:59:25,819 INFO L290 TraceCheckUtils]: 65: Hoare triple {25940#(and (= ~__ste_email_to0~0 |old(~__ste_email_to0~0)|) (= ~__ste_email_to1~0 |old(~__ste_email_to1~0)|))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,819 INFO L290 TraceCheckUtils]: 66: Hoare triple {25851#true} assume 1 == ~handle;~__ste_email_to0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,819 INFO L290 TraceCheckUtils]: 67: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,819 INFO L284 TraceCheckUtils]: 68: Hoare quadruple {25851#true} {25852#false} #1346#return; {25852#false} is VALID [2022-02-20 17:59:25,819 INFO L290 TraceCheckUtils]: 69: Hoare triple {25852#false} createEmail_~retValue_acc~28#1 := createEmail_~msg~0#1;createEmail_#res#1 := createEmail_~retValue_acc~28#1; {25852#false} is VALID [2022-02-20 17:59:25,820 INFO L290 TraceCheckUtils]: 70: Hoare triple {25852#false} #t~ret53#1 := createEmail_#res#1;assume { :end_inline_createEmail } true;assume -2147483648 <= #t~ret53#1 && #t~ret53#1 <= 2147483647;~tmp~13#1 := #t~ret53#1;havoc #t~ret53#1;~email~0#1 := ~tmp~13#1; {25852#false} is VALID [2022-02-20 17:59:25,820 INFO L272 TraceCheckUtils]: 71: Hoare triple {25852#false} call outgoing(~sender#1, ~email~0#1); {25852#false} is VALID [2022-02-20 17:59:25,820 INFO L290 TraceCheckUtils]: 72: Hoare triple {25852#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;assume { :begin_inline_sign } true;sign_#in~client#1, sign_#in~msg#1 := ~client#1, ~msg#1;havoc sign_#t~ret55#1, sign_~client#1, sign_~msg#1, sign_~privkey~1#1, sign_~tmp~14#1;sign_~client#1 := sign_#in~client#1;sign_~msg#1 := sign_#in~msg#1;havoc sign_~privkey~1#1;havoc sign_~tmp~14#1; {25852#false} is VALID [2022-02-20 17:59:25,820 INFO L272 TraceCheckUtils]: 73: Hoare triple {25852#false} call sign_#t~ret55#1 := getClientPrivateKey(sign_~client#1); {25851#true} is VALID [2022-02-20 17:59:25,820 INFO L290 TraceCheckUtils]: 74: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~10; {25851#true} is VALID [2022-02-20 17:59:25,820 INFO L290 TraceCheckUtils]: 75: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {25851#true} is VALID [2022-02-20 17:59:25,820 INFO L290 TraceCheckUtils]: 76: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,820 INFO L284 TraceCheckUtils]: 77: Hoare quadruple {25851#true} {25852#false} #1258#return; {25852#false} is VALID [2022-02-20 17:59:25,821 INFO L290 TraceCheckUtils]: 78: Hoare triple {25852#false} assume -2147483648 <= sign_#t~ret55#1 && sign_#t~ret55#1 <= 2147483647;sign_~tmp~14#1 := sign_#t~ret55#1;havoc sign_#t~ret55#1;sign_~privkey~1#1 := sign_~tmp~14#1; {25852#false} is VALID [2022-02-20 17:59:25,821 INFO L290 TraceCheckUtils]: 79: Hoare triple {25852#false} assume 0 == sign_~privkey~1#1; {25852#false} is VALID [2022-02-20 17:59:25,821 INFO L290 TraceCheckUtils]: 80: Hoare triple {25852#false} assume { :end_inline_sign } true;assume { :begin_inline_outgoing__wrappee__AddressBook } true;outgoing__wrappee__AddressBook_#in~client#1, outgoing__wrappee__AddressBook_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1, outgoing__wrappee__AddressBook_#t~ret41#1, outgoing__wrappee__AddressBook_#t~ret42#1, outgoing__wrappee__AddressBook_#t~ret43#1, outgoing__wrappee__AddressBook_#t~ret44#1, outgoing__wrappee__AddressBook_#t~ret45#1, outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1, outgoing__wrappee__AddressBook_~size~2#1, outgoing__wrappee__AddressBook_~tmp~9#1, outgoing__wrappee__AddressBook_~receiver~1#1, outgoing__wrappee__AddressBook_~tmp___0~4#1, outgoing__wrappee__AddressBook_~second~0#1, outgoing__wrappee__AddressBook_~tmp___1~2#1, outgoing__wrappee__AddressBook_~tmp___2~1#1;outgoing__wrappee__AddressBook_~client#1 := outgoing__wrappee__AddressBook_#in~client#1;outgoing__wrappee__AddressBook_~msg#1 := outgoing__wrappee__AddressBook_#in~msg#1;havoc outgoing__wrappee__AddressBook_~size~2#1;havoc outgoing__wrappee__AddressBook_~tmp~9#1;havoc outgoing__wrappee__AddressBook_~receiver~1#1;havoc outgoing__wrappee__AddressBook_~tmp___0~4#1;havoc outgoing__wrappee__AddressBook_~second~0#1;havoc outgoing__wrappee__AddressBook_~tmp___1~2#1;havoc outgoing__wrappee__AddressBook_~tmp___2~1#1; {25852#false} is VALID [2022-02-20 17:59:25,821 INFO L272 TraceCheckUtils]: 81: Hoare triple {25852#false} call outgoing__wrappee__AddressBook_#t~ret40#1 := getClientAddressBookSize(outgoing__wrappee__AddressBook_~client#1); {25851#true} is VALID [2022-02-20 17:59:25,821 INFO L290 TraceCheckUtils]: 82: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~4; {25851#true} is VALID [2022-02-20 17:59:25,821 INFO L290 TraceCheckUtils]: 83: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~4 := ~__ste_ClientAddressBook_size0~0;#res := ~retValue_acc~4; {25851#true} is VALID [2022-02-20 17:59:25,821 INFO L290 TraceCheckUtils]: 84: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,821 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {25851#true} {25852#false} #1260#return; {25852#false} is VALID [2022-02-20 17:59:25,822 INFO L290 TraceCheckUtils]: 86: Hoare triple {25852#false} assume -2147483648 <= outgoing__wrappee__AddressBook_#t~ret40#1 && outgoing__wrappee__AddressBook_#t~ret40#1 <= 2147483647;outgoing__wrappee__AddressBook_~tmp~9#1 := outgoing__wrappee__AddressBook_#t~ret40#1;havoc outgoing__wrappee__AddressBook_#t~ret40#1;outgoing__wrappee__AddressBook_~size~2#1 := outgoing__wrappee__AddressBook_~tmp~9#1; {25852#false} is VALID [2022-02-20 17:59:25,822 INFO L290 TraceCheckUtils]: 87: Hoare triple {25852#false} assume !(0 != outgoing__wrappee__AddressBook_~size~2#1); {25852#false} is VALID [2022-02-20 17:59:25,822 INFO L272 TraceCheckUtils]: 88: Hoare triple {25852#false} call outgoing__wrappee__Encrypt(outgoing__wrappee__AddressBook_~client#1, outgoing__wrappee__AddressBook_~msg#1); {25852#false} is VALID [2022-02-20 17:59:25,822 INFO L290 TraceCheckUtils]: 89: Hoare triple {25852#false} ~client#1 := #in~client#1;~msg#1 := #in~msg#1;havoc ~receiver~0#1;havoc ~tmp~8#1;havoc ~pubkey~1#1;havoc ~tmp___0~3#1; {25852#false} is VALID [2022-02-20 17:59:25,822 INFO L272 TraceCheckUtils]: 90: Hoare triple {25852#false} call #t~ret38#1 := getEmailTo(~msg#1); {25851#true} is VALID [2022-02-20 17:59:25,822 INFO L290 TraceCheckUtils]: 91: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25851#true} is VALID [2022-02-20 17:59:25,822 INFO L290 TraceCheckUtils]: 92: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25851#true} is VALID [2022-02-20 17:59:25,823 INFO L290 TraceCheckUtils]: 93: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,823 INFO L284 TraceCheckUtils]: 94: Hoare quadruple {25851#true} {25852#false} #1278#return; {25852#false} is VALID [2022-02-20 17:59:25,823 INFO L290 TraceCheckUtils]: 95: Hoare triple {25852#false} assume -2147483648 <= #t~ret38#1 && #t~ret38#1 <= 2147483647;~tmp~8#1 := #t~ret38#1;havoc #t~ret38#1;~receiver~0#1 := ~tmp~8#1; {25852#false} is VALID [2022-02-20 17:59:25,823 INFO L272 TraceCheckUtils]: 96: Hoare triple {25852#false} call #t~ret39#1 := findPublicKey(~client#1, ~receiver~0#1); {25851#true} is VALID [2022-02-20 17:59:25,823 INFO L290 TraceCheckUtils]: 97: Hoare triple {25851#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {25851#true} is VALID [2022-02-20 17:59:25,823 INFO L290 TraceCheckUtils]: 98: Hoare triple {25851#true} assume 1 == ~handle; {25851#true} is VALID [2022-02-20 17:59:25,823 INFO L290 TraceCheckUtils]: 99: Hoare triple {25851#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {25851#true} is VALID [2022-02-20 17:59:25,824 INFO L290 TraceCheckUtils]: 100: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,824 INFO L284 TraceCheckUtils]: 101: Hoare quadruple {25851#true} {25852#false} #1280#return; {25852#false} is VALID [2022-02-20 17:59:25,824 INFO L290 TraceCheckUtils]: 102: Hoare triple {25852#false} assume -2147483648 <= #t~ret39#1 && #t~ret39#1 <= 2147483647;~tmp___0~3#1 := #t~ret39#1;havoc #t~ret39#1;~pubkey~1#1 := ~tmp___0~3#1; {25852#false} is VALID [2022-02-20 17:59:25,824 INFO L290 TraceCheckUtils]: 103: Hoare triple {25852#false} assume !(0 != ~pubkey~1#1); {25852#false} is VALID [2022-02-20 17:59:25,824 INFO L290 TraceCheckUtils]: 104: Hoare triple {25852#false} assume { :begin_inline_outgoing__wrappee__Keys } true;outgoing__wrappee__Keys_#in~client#1, outgoing__wrappee__Keys_#in~msg#1 := ~client#1, ~msg#1;havoc outgoing__wrappee__Keys_#t~ret37#1, outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1;outgoing__wrappee__Keys_~client#1 := outgoing__wrappee__Keys_#in~client#1;outgoing__wrappee__Keys_~msg#1 := outgoing__wrappee__Keys_#in~msg#1;havoc outgoing__wrappee__Keys_~tmp~7#1;assume { :begin_inline_getClientId } true;getClientId_#in~handle#1 := outgoing__wrappee__Keys_~client#1;havoc getClientId_#res#1;havoc getClientId_~handle#1, getClientId_~retValue_acc~17#1;getClientId_~handle#1 := getClientId_#in~handle#1;havoc getClientId_~retValue_acc~17#1; {25852#false} is VALID [2022-02-20 17:59:25,824 INFO L290 TraceCheckUtils]: 105: Hoare triple {25852#false} assume 1 == getClientId_~handle#1;getClientId_~retValue_acc~17#1 := ~__ste_client_idCounter0~0;getClientId_#res#1 := getClientId_~retValue_acc~17#1; {25852#false} is VALID [2022-02-20 17:59:25,824 INFO L290 TraceCheckUtils]: 106: Hoare triple {25852#false} outgoing__wrappee__Keys_#t~ret37#1 := getClientId_#res#1;assume { :end_inline_getClientId } true;assume -2147483648 <= outgoing__wrappee__Keys_#t~ret37#1 && outgoing__wrappee__Keys_#t~ret37#1 <= 2147483647;outgoing__wrappee__Keys_~tmp~7#1 := outgoing__wrappee__Keys_#t~ret37#1;havoc outgoing__wrappee__Keys_#t~ret37#1; {25852#false} is VALID [2022-02-20 17:59:25,824 INFO L272 TraceCheckUtils]: 107: Hoare triple {25852#false} call setEmailFrom(outgoing__wrappee__Keys_~msg#1, outgoing__wrappee__Keys_~tmp~7#1); {25939#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} is VALID [2022-02-20 17:59:25,825 INFO L290 TraceCheckUtils]: 108: Hoare triple {25939#(and (= |old(~__ste_email_from0~0)| ~__ste_email_from0~0) (= |old(~__ste_email_from1~0)| ~__ste_email_from1~0))} ~handle := #in~handle;~value := #in~value; {25851#true} is VALID [2022-02-20 17:59:25,825 INFO L290 TraceCheckUtils]: 109: Hoare triple {25851#true} assume 1 == ~handle;~__ste_email_from0~0 := ~value; {25851#true} is VALID [2022-02-20 17:59:25,825 INFO L290 TraceCheckUtils]: 110: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,825 INFO L284 TraceCheckUtils]: 111: Hoare quadruple {25851#true} {25852#false} #1286#return; {25852#false} is VALID [2022-02-20 17:59:25,825 INFO L290 TraceCheckUtils]: 112: Hoare triple {25852#false} assume { :begin_inline_mail } true;mail_#in~client#1, mail_#in~msg#1 := outgoing__wrappee__Keys_~client#1, outgoing__wrappee__Keys_~msg#1;havoc mail_#t~ret35#1, mail_#t~ret36#1, mail_~client#1, mail_~msg#1, mail_~__utac__ad__arg1~0#1, mail_~tmp~6#1;mail_~client#1 := mail_#in~client#1;mail_~msg#1 := mail_#in~msg#1;havoc mail_~__utac__ad__arg1~0#1;havoc mail_~tmp~6#1;mail_~__utac__ad__arg1~0#1 := mail_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__1 } true;__utac_acc__SignVerify_spec__1_#in~msg#1 := mail_~__utac__ad__arg1~0#1;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1, __utac_acc__SignVerify_spec__1_#t~ret5#1, __utac_acc__SignVerify_spec__1_#t~nondet6#1, __utac_acc__SignVerify_spec__1_~msg#1, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;__utac_acc__SignVerify_spec__1_~msg#1 := __utac_acc__SignVerify_spec__1_#in~msg#1;havoc __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset;call __utac_acc__SignVerify_spec__1_#t~ret4#1 := puts(4, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret4#1 && __utac_acc__SignVerify_spec__1_#t~ret4#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__1_#t~ret4#1; {25852#false} is VALID [2022-02-20 17:59:25,825 INFO L272 TraceCheckUtils]: 113: Hoare triple {25852#false} call __utac_acc__SignVerify_spec__1_#t~ret5#1 := isSigned(__utac_acc__SignVerify_spec__1_~msg#1); {25851#true} is VALID [2022-02-20 17:59:25,825 INFO L290 TraceCheckUtils]: 114: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~38; {25851#true} is VALID [2022-02-20 17:59:25,826 INFO L290 TraceCheckUtils]: 115: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~38 := ~__ste_email_isSigned0~0;#res := ~retValue_acc~38; {25851#true} is VALID [2022-02-20 17:59:25,826 INFO L290 TraceCheckUtils]: 116: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,826 INFO L284 TraceCheckUtils]: 117: Hoare quadruple {25851#true} {25852#false} #1288#return; {25852#false} is VALID [2022-02-20 17:59:25,826 INFO L290 TraceCheckUtils]: 118: Hoare triple {25852#false} assume -2147483648 <= __utac_acc__SignVerify_spec__1_#t~ret5#1 && __utac_acc__SignVerify_spec__1_#t~ret5#1 <= 2147483647;~sent_signed~0 := __utac_acc__SignVerify_spec__1_#t~ret5#1;havoc __utac_acc__SignVerify_spec__1_#t~ret5#1;__utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.base, __utac_acc__SignVerify_spec__1_~__cil_tmp2~0#1.offset := 5, 0;havoc __utac_acc__SignVerify_spec__1_#t~nondet6#1; {25852#false} is VALID [2022-02-20 17:59:25,826 INFO L290 TraceCheckUtils]: 119: Hoare triple {25852#false} assume { :end_inline___utac_acc__SignVerify_spec__1 } true;call mail_#t~ret35#1 := puts(16, 0);assume -2147483648 <= mail_#t~ret35#1 && mail_#t~ret35#1 <= 2147483647;havoc mail_#t~ret35#1; {25852#false} is VALID [2022-02-20 17:59:25,826 INFO L272 TraceCheckUtils]: 120: Hoare triple {25852#false} call mail_#t~ret36#1 := getEmailTo(mail_~msg#1); {25851#true} is VALID [2022-02-20 17:59:25,826 INFO L290 TraceCheckUtils]: 121: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~33; {25851#true} is VALID [2022-02-20 17:59:25,826 INFO L290 TraceCheckUtils]: 122: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~33 := ~__ste_email_to0~0;#res := ~retValue_acc~33; {25851#true} is VALID [2022-02-20 17:59:25,827 INFO L290 TraceCheckUtils]: 123: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,827 INFO L284 TraceCheckUtils]: 124: Hoare quadruple {25851#true} {25852#false} #1290#return; {25852#false} is VALID [2022-02-20 17:59:25,827 INFO L290 TraceCheckUtils]: 125: Hoare triple {25852#false} assume -2147483648 <= mail_#t~ret36#1 && mail_#t~ret36#1 <= 2147483647;mail_~tmp~6#1 := mail_#t~ret36#1;havoc mail_#t~ret36#1;assume { :begin_inline_incoming } true;incoming_#in~client#1, incoming_#in~msg#1 := mail_~tmp~6#1, mail_~msg#1;havoc incoming_#t~ret48#1, incoming_#t~ret49#1, incoming_#t~ret50#1, incoming_#t~ret51#1, incoming_~client#1, incoming_~msg#1, incoming_~privkey~0#1, incoming_~tmp~11#1, incoming_~tmp___0~5#1, incoming_~tmp___1~3#1, incoming_~tmp___2~2#1;incoming_~client#1 := incoming_#in~client#1;incoming_~msg#1 := incoming_#in~msg#1;havoc incoming_~privkey~0#1;havoc incoming_~tmp~11#1;havoc incoming_~tmp___0~5#1;havoc incoming_~tmp___1~3#1;havoc incoming_~tmp___2~2#1; {25852#false} is VALID [2022-02-20 17:59:25,827 INFO L272 TraceCheckUtils]: 126: Hoare triple {25852#false} call incoming_#t~ret48#1 := getClientPrivateKey(incoming_~client#1); {25851#true} is VALID [2022-02-20 17:59:25,827 INFO L290 TraceCheckUtils]: 127: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~10; {25851#true} is VALID [2022-02-20 17:59:25,827 INFO L290 TraceCheckUtils]: 128: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~10 := ~__ste_client_privateKey0~0;#res := ~retValue_acc~10; {25851#true} is VALID [2022-02-20 17:59:25,827 INFO L290 TraceCheckUtils]: 129: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,827 INFO L284 TraceCheckUtils]: 130: Hoare quadruple {25851#true} {25852#false} #1292#return; {25852#false} is VALID [2022-02-20 17:59:25,828 INFO L290 TraceCheckUtils]: 131: Hoare triple {25852#false} assume -2147483648 <= incoming_#t~ret48#1 && incoming_#t~ret48#1 <= 2147483647;incoming_~tmp~11#1 := incoming_#t~ret48#1;havoc incoming_#t~ret48#1;incoming_~privkey~0#1 := incoming_~tmp~11#1; {25852#false} is VALID [2022-02-20 17:59:25,828 INFO L290 TraceCheckUtils]: 132: Hoare triple {25852#false} assume !(0 != incoming_~privkey~0#1); {25852#false} is VALID [2022-02-20 17:59:25,828 INFO L290 TraceCheckUtils]: 133: Hoare triple {25852#false} assume { :begin_inline_incoming__wrappee__Verify } true;incoming__wrappee__Verify_#in~client#1, incoming__wrappee__Verify_#in~msg#1 := incoming_~client#1, incoming_~msg#1;havoc incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;incoming__wrappee__Verify_~client#1 := incoming__wrappee__Verify_#in~client#1;incoming__wrappee__Verify_~msg#1 := incoming__wrappee__Verify_#in~msg#1;assume { :begin_inline_verify } true;verify_#in~client#1, verify_#in~msg#1 := incoming__wrappee__Verify_~client#1, incoming__wrappee__Verify_~msg#1;havoc verify_#t~ret57#1, verify_#t~ret58#1, verify_#t~ret59#1, verify_#t~ret60#1, verify_#t~ret61#1, verify_#t~ret62#1, verify_~client#1, verify_~msg#1, verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1, verify_~tmp~15#1, verify_~tmp___0~6#1, verify_~pubkey~2#1, verify_~tmp___1~4#1, verify_~tmp___2~3#1, verify_~tmp___3~0#1, verify_~tmp___4~0#1;verify_~client#1 := verify_#in~client#1;verify_~msg#1 := verify_#in~msg#1;havoc verify_~__utac__ad__arg1~1#1;havoc verify_~__utac__ad__arg2~0#1;havoc verify_~tmp~15#1;havoc verify_~tmp___0~6#1;havoc verify_~pubkey~2#1;havoc verify_~tmp___1~4#1;havoc verify_~tmp___2~3#1;havoc verify_~tmp___3~0#1;havoc verify_~tmp___4~0#1;verify_~__utac__ad__arg1~1#1 := verify_~client#1;verify_~__utac__ad__arg2~0#1 := verify_~msg#1;assume { :begin_inline___utac_acc__SignVerify_spec__2 } true;__utac_acc__SignVerify_spec__2_#in~client#1, __utac_acc__SignVerify_spec__2_#in~msg#1 := verify_~__utac__ad__arg1~1#1, verify_~__utac__ad__arg2~0#1;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1, __utac_acc__SignVerify_spec__2_#t~nondet8#1, __utac_acc__SignVerify_spec__2_#t~ret9#1, __utac_acc__SignVerify_spec__2_#t~ret10#1, __utac_acc__SignVerify_spec__2_#t~ret11#1, __utac_acc__SignVerify_spec__2_#t~ret12#1, __utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~msg#1, __utac_acc__SignVerify_spec__2_~pubkey~0#1, __utac_acc__SignVerify_spec__2_~tmp~0#1, __utac_acc__SignVerify_spec__2_~tmp___0~0#1, __utac_acc__SignVerify_spec__2_~tmp___1~0#1, __utac_acc__SignVerify_spec__2_~tmp___2~0#1, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;__utac_acc__SignVerify_spec__2_~client#1 := __utac_acc__SignVerify_spec__2_#in~client#1;__utac_acc__SignVerify_spec__2_~msg#1 := __utac_acc__SignVerify_spec__2_#in~msg#1;havoc __utac_acc__SignVerify_spec__2_~pubkey~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___0~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___1~0#1;havoc __utac_acc__SignVerify_spec__2_~tmp___2~0#1;havoc __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset;call __utac_acc__SignVerify_spec__2_#t~ret7#1 := puts(6, 0);assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret7#1 && __utac_acc__SignVerify_spec__2_#t~ret7#1 <= 2147483647;havoc __utac_acc__SignVerify_spec__2_#t~ret7#1;__utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.base, __utac_acc__SignVerify_spec__2_~__cil_tmp8~0#1.offset := 7, 0;havoc __utac_acc__SignVerify_spec__2_#t~nondet8#1; {25852#false} is VALID [2022-02-20 17:59:25,828 INFO L290 TraceCheckUtils]: 134: Hoare triple {25852#false} assume 1 == ~sent_signed~0; {25852#false} is VALID [2022-02-20 17:59:25,828 INFO L272 TraceCheckUtils]: 135: Hoare triple {25852#false} call __utac_acc__SignVerify_spec__2_#t~ret9#1 := getEmailFrom(__utac_acc__SignVerify_spec__2_~msg#1); {25851#true} is VALID [2022-02-20 17:59:25,828 INFO L290 TraceCheckUtils]: 136: Hoare triple {25851#true} ~handle := #in~handle;havoc ~retValue_acc~32; {25851#true} is VALID [2022-02-20 17:59:25,828 INFO L290 TraceCheckUtils]: 137: Hoare triple {25851#true} assume 1 == ~handle;~retValue_acc~32 := ~__ste_email_from0~0;#res := ~retValue_acc~32; {25851#true} is VALID [2022-02-20 17:59:25,829 INFO L290 TraceCheckUtils]: 138: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,829 INFO L284 TraceCheckUtils]: 139: Hoare quadruple {25851#true} {25852#false} #1304#return; {25852#false} is VALID [2022-02-20 17:59:25,829 INFO L290 TraceCheckUtils]: 140: Hoare triple {25852#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret9#1 && __utac_acc__SignVerify_spec__2_#t~ret9#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp~0#1 := __utac_acc__SignVerify_spec__2_#t~ret9#1;havoc __utac_acc__SignVerify_spec__2_#t~ret9#1; {25852#false} is VALID [2022-02-20 17:59:25,829 INFO L272 TraceCheckUtils]: 141: Hoare triple {25852#false} call __utac_acc__SignVerify_spec__2_#t~ret10#1 := findPublicKey(__utac_acc__SignVerify_spec__2_~client#1, __utac_acc__SignVerify_spec__2_~tmp~0#1); {25851#true} is VALID [2022-02-20 17:59:25,829 INFO L290 TraceCheckUtils]: 142: Hoare triple {25851#true} ~handle := #in~handle;~userid := #in~userid;havoc ~retValue_acc~15; {25851#true} is VALID [2022-02-20 17:59:25,829 INFO L290 TraceCheckUtils]: 143: Hoare triple {25851#true} assume 1 == ~handle; {25851#true} is VALID [2022-02-20 17:59:25,829 INFO L290 TraceCheckUtils]: 144: Hoare triple {25851#true} assume ~userid == ~__ste_Client_Keyring0_User0~0;~retValue_acc~15 := ~__ste_Client_Keyring0_PublicKey0~0;#res := ~retValue_acc~15; {25851#true} is VALID [2022-02-20 17:59:25,829 INFO L290 TraceCheckUtils]: 145: Hoare triple {25851#true} assume true; {25851#true} is VALID [2022-02-20 17:59:25,830 INFO L284 TraceCheckUtils]: 146: Hoare quadruple {25851#true} {25852#false} #1306#return; {25852#false} is VALID [2022-02-20 17:59:25,830 INFO L290 TraceCheckUtils]: 147: Hoare triple {25852#false} assume -2147483648 <= __utac_acc__SignVerify_spec__2_#t~ret10#1 && __utac_acc__SignVerify_spec__2_#t~ret10#1 <= 2147483647;__utac_acc__SignVerify_spec__2_~tmp___0~0#1 := __utac_acc__SignVerify_spec__2_#t~ret10#1;havoc __utac_acc__SignVerify_spec__2_#t~ret10#1;__utac_acc__SignVerify_spec__2_~pubkey~0#1 := __utac_acc__SignVerify_spec__2_~tmp___0~0#1; {25852#false} is VALID [2022-02-20 17:59:25,830 INFO L290 TraceCheckUtils]: 148: Hoare triple {25852#false} assume 0 == __utac_acc__SignVerify_spec__2_~pubkey~0#1; {25852#false} is VALID [2022-02-20 17:59:25,830 INFO L272 TraceCheckUtils]: 149: Hoare triple {25852#false} call __automaton_fail(); {25852#false} is VALID [2022-02-20 17:59:25,830 INFO L290 TraceCheckUtils]: 150: Hoare triple {25852#false} assume !false; {25852#false} is VALID [2022-02-20 17:59:25,831 INFO L134 CoverageAnalysis]: Checked inductivity of 44 backedges. 13 proven. 0 refuted. 0 times theorem prover too weak. 31 trivial. 0 not checked. [2022-02-20 17:59:25,831 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 17:59:25,831 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1561393277] [2022-02-20 17:59:25,831 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1561393277] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 17:59:25,831 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 17:59:25,831 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [12] imperfect sequences [] total 12 [2022-02-20 17:59:25,831 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [947482617] [2022-02-20 17:59:25,832 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 17:59:25,832 INFO L78 Accepts]: Start accepts. Automaton has has 12 states, 11 states have (on average 8.454545454545455) internal successors, (93), 8 states have internal predecessors, (93), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18) Word has length 151 [2022-02-20 17:59:25,833 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 17:59:25,833 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 12 states, 11 states have (on average 8.454545454545455) internal successors, (93), 8 states have internal predecessors, (93), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18) [2022-02-20 17:59:25,932 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 133 edges. 133 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 17:59:25,932 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 12 states [2022-02-20 17:59:25,933 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 17:59:25,933 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 12 interpolants. [2022-02-20 17:59:25,933 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=21, Invalid=111, Unknown=0, NotChecked=0, Total=132 [2022-02-20 17:59:25,933 INFO L87 Difference]: Start difference. First operand 525 states and 806 transitions. Second operand has 12 states, 11 states have (on average 8.454545454545455) internal successors, (93), 8 states have internal predecessors, (93), 4 states have call successors, (22), 6 states have call predecessors, (22), 3 states have return successors, (18), 3 states have call predecessors, (18), 4 states have call successors, (18)